“The thing with Bitcoin is that the users behind the transactions are anonymous until and unless they voluntarily reveal their identity,” Makrand said in an interview with the news publication FactorDaily.
However, the hack was not easy. To gain access to Makrand’s bitcoin wallet, the criminal or criminals needed to get inside the victim’s Gmail account to obtain the password reset link, and needed access to Makrand’s phone number, on which he receives the OTP (one-time password) for transaction authentication.
“The hack seems to have happened on the Unocoin server where both the password reset link and OTP are generated,” Makrand said.
After Makrand researched the hack, he discovered that the breach was done from an IP address based in Chicago, US from a service called QuadraNet. However, this information is not sure, since there are numerous different proxies and VPN services, which could be used to mask someone’s IP address.
Soon after the breach, Makrand tried to move his balance out of his account, however, Unocoin stopped him from doing so, and fortunately, the third transaction of the hackers too.
After that, Makrand visit to Unocoin’s office to seek solution for the problem. He was asked by an executive to file a complaint about the two transactions, and promised Makrand that they will cooperate with the cybercrime division of the police. Unocoin also said that they have three or four of these hacks per month, totalling the number to nine cases.
Unocoin showed full cooperation with Makrand, saying that they will share logs for logins and transactions with the affected user or authorities for further investigation.