North Korean hackers suspected in Bengaluru’s biggest crypto heist | Bengaluru News

Bengaluru: Can the money that was stolen be recovered or has it gone forever? This is the question cyber sleuths are being bombarded with after Bengaluru-based Neblio Technologies Private Limited, which runs CoinDCX, reported that $44 million theft – the biggest crypto heist the city has seen so far.While CoinDCX maintained that all customer funds were 100% secure in cold wallets and announced a recovery bounty programme, cyber police sources point to the involvement of hackers associated with North Korean cartels. “The crypto asset recovery process is going to be a challenge,” a police officer said while explaining that the hacker had moved cryptocurrency out of the company to six different wallets. Subsequently, the stolen cryptocurrencies were moved to a single wallet, apparently controlled by a North Korean ring.” The officer added that North Korean hackers were behind most of the attacks on crypto exchanges in recent times.The investigators are also trying to ascertain if Rahul Agarwal, the techie through whose login credentials the hackers reportedly breached the company’s security protocols, had colluded with the hackers or if he became the bait. Cyber sleuths said hacking operations also involved infiltrating employee hardware.CoinDCX told TOI that it is cooperating with authorities and has reinforced its security framework. “Security has always been a top priority at CoinDCX. We benchmark ourselves against global best practices and have invested significantly in strengthening our infrastructure,” a spokesperson said, adding that the company has partnered with global cybersecurity firms such as Sygnia and Seal911 to bolster asset tracing and rapid freezing protocols.Cyber security expert Rahul Sasi, founder of startup CloudSEK, told TOI: “There is still a lot left to be investigated. This person (Rahul Agarwal) got Rs 15 lakh in his account, whereas the fraudsters funnelled around Rs 380 crore. Compromised laptop credentials can be purchased for $10-15 on the dark web. There is no way to be sure of the intent of such computer users in such cases”.Avinash Shekhar, founder of crypto exchange Pi42 and former CEO of ZebPay, said the recovery prospects depend largely on the nature of the stolen assets and whether state-backed actors are involved. “If the stolen funds are in USDT, there is at least a theoretical chance of freezing them because it’s issued by a centralized entity. But if they are in Ethereum or other decentralised tokens, recovery is significantly harder,” he said. Shekhar added that if North Korean hackers are to be involved, as has been speculated in similar cases globally, “the odds of retrieval become near impossible given the lack of jurisdiction.”He noted that tracing the stolen funds could still be an ongoing process for years. “Because blockchain records are permanent, there are cases where stolen funds have been identified and frozen even after five or 10 years,” Shekhar said.