A user of Indian Bitcoin exchange Unocoin allegedly saw hackers steal 120,000 rupees ($1,860) from their account last week.
As local news resource FactorDaily reports, a Bangalore computer scientist, who asked not to be named, purchased BTC through Unocoin’s app, only to watch hackers steal the subsequently credited funds.
“I have been using Google Authenticator for two-factor authentication in my Gmail account for years and my mobile number has not been compromised,” the user told the publication.
“The hack seems to have happened on the Unocoin server where both the password reset link and OTP are generated.”
Upon purchasing the Bitcoins, a password reset link appeared in the user’s email address, followed by two transactions leaving their Unocoin account, while a third was “unsuccessful.”
The story comes amid a surge in the number of Indians getting into Bitcoin, often without any prior knowledge of how the cryptocurrency works.
On occasion, hacks and security breaches are not a result of user error. Cointelegraph reported yesterday of how clipboard manipulation malware was allegedly used to change another user’s destination wallet address mid-transaction, resulting in the loss of $13,000.
Unocoin, however, received a personal visit from the distraught investor, a representative telling him that while the exchange had blocked the third transaction, the initial two had been successful.
“I spoke to [the representative] and explained what had happened,” the hacking victim recounted.
“He went inside the office and came back after about 10-15 minutes later and said that my account was blocked and the two later transactions (one from the hacker and one from Makrand) were also blocked, but the first two transactions had gone through.”
Cointelegraph strongly recommends that readers adopt adequate security measures on their exchange accounts prior to performing any financial transactions. Never leave your funds on an exchange.