Cyber Incident Victim: Cashaa

On July 10, 2020, U.K.-based cryptocurrency exchange Cashaa suffered a security breach resulting in the theft of over 336 Bitcoin (BTC) from its systems. The attack occurred when hackers deployed malware designed to monitor employee login activity on Cashaa’s transaction processing infrastructure. This malware alerted the attackers when an authorized employee accessed the exchange’s Blockchain.com-hosted wallet that day, enabling them to execute two unauthorized transfers of BTC from the wallet. Cashaa’s investigation indicated the attackers operated from east Delhi, India, prompting the company to file a formal cybercrime report (acknowledgment number 20807200031555) with the Delhi crime bureau under cryptocurrency crime protocols. The exchange immediately suspended all customer withdrawals for 24 hours following the incident while assessing the full scope of damages. CEO Kumar Gaurav confirmed the company’s board would determine whether Cashaa would absorb all financial losses from the theft.

Cashaa publicly disclosed the hackers’ Bitcoin address to hinder their ability to liquidate the stolen funds through exchanges. Multiple Indian cryptocurrency platforms, including WazirX, pledged operational support to trace and block transactions linked to the compromised wallet. WazirX CEO Nischal Shetty confirmed his exchange would freeze any funds originating from the attacker’s address and had alerted Binance to coordinate monitoring efforts. The incident disrupted Cashaa’s withdrawal services and triggered internal reviews of transfer authorization processes, though the company did not publicly confirm whether user funds beyond the 336 BTC were affected. No additional technical specifics regarding the malware’s installation vector or persistence mechanisms were disclosed in initial reports.