Hyderabad: A technology company based in the British Virgin Islands has approached Cyberabad police after hackers allegedly breached its cryptocurrency wallet, siphoning off digital assets worth Rs 9 lakh and placing a further Rs 29 lakh at risk.Police said the complaint was filed by the company’s representative, a Gachibowli resident who had access to the firm’s wallet and private keys. The company had issued utility tokens—digital assets with monetary value traded on cryptocurrency platforms.The breach came to light when the representative, while in Hyderabad, noticed unauthorised transfers from the company’s wallet, which reportedly held 4.48 lakh tokens valued at approximately Rs 38 lakh.Preliminary investigations discovered that the attacker transferred the tokens to another wallet and subsequently listed the entire 4.48 lakh tokens for sale on a cryptocurrency trading platform. A portion of the tokens was sold, resulting in a loss of Rs 9 lakh. The remaining 3.37 lakh tokens, valued at nearly Rs 29 lakh, were still listed for sale.With assistance from the trading platform, the complainant was able to temporarily freeze the unsold tokens before approaching Cyberabad police for intervention and recovery.Police stated that the cyber fraudster further dispersed the 3.37 lakh tokens across multiple wallets, a tactic commonly used to obscure the transaction trail and complicate investigation.Cybersecurity experts note that such incidents often undermine confidence in digital financial systems and are typically linked to weaknesses in access control rather than flaws in blockchain technology itself.Nikhil Teja Gurram, a US-based blockchain researcher and author specialising in AI-driven infrastructure security, told TOI that breaches of this nature are frequently caused by compromised private keys, phishing attacks, or malicious smart contract approvals. He emphasised that preventing the initial point of compromise remains the most effective defence. Once access is gained, attackers can execute rapid, automated transfers, making recovery extremely difficult.He further stressed the need for stronger safeguards, recommending the use of hardware-based key storage, multi-signature authorisation, and continuous transaction monitoring to detect suspicious activity at an early stage.Additionally, Nikhil advised that users and organisations should regularly review and revoke unnecessary smart contract permissions and avoid interacting with unverified platforms. The incident, he noted, highlights that while blockchain systems are inherently secure by design, the surrounding access mechanisms must be equally robust to prevent misuse.
