Unocoin, India’s best-funded bitcoin exchange, has stopped withdrawals and blocked access to customer accounts as a precautionary measure after discovering a security flaw on its server on Friday.
In an email sent out to users on Monday evening, Unocoin CEO and co-founder Sathvik Vishwanath said the exchange spotted ‘a security vulnerability’ on its server, quickly adding that ‘ALL customer funds are safe and secure.’
‘We regret to inform you that a security vulnerability was discovered on our server on June 23rd at 12:07 PM and it was the result of a server migration that took place on June 14, 2017 during mid-night,” the chief executive wrote. “As soon as we identified the threat, we stopped customer withdrawals, blocked access to customer accounts and moved our database to read-only mode.”
A login attempt through Unocoin’s homepage throws up a peculiar error:
In a phone call with CCN.com. Vishwanath confirmed the exchange had restricted its operations upon discovering the flaw. While coy on details about the security vulnerability, he added that the downtime should not concern users.
He told CCN.com:
We discovered a flaw and took the necessary precautions to fix it. The website never went offline, we’ve only disabled logins temporarily.
“I don’t see why this is making news,” he added, somewhat bemused. When suggested that Unocoin’s users are likely to see the current market downturn as a buy opportunity for bitcoin and are frustrated with the halting of operations temporarily at such a time, the bitcoin executive added:
Users will be able to login in a few hours [Tuesday afternoon local time] and the exchange will be fully operational again.
Unocoin is, along with Zebpay and Coinsecure, among India’s largest bitcoin exchanges with some 270,000 registered users. Earlier this month, a Unocoin user saw his bitcoin stolen by a hacker who found a way to reset the user’s password to gain access to his Unocoin account. After learning of the compromise, which saw two transactions where bitcoin balances were moved out of the victim’s account, Unocoin froze the account and put the brakes on a third transaction. The exchange sees about three or four cases of similar hacks through one-time password (OTP) compromises, Unocoin confirmed at the time.
Featured image from Shutterstock.
Last modified: March 4, 2021 4:57 PM