After Cryptopia Hack, 2,000 Wallets Still Might be at Risk – Research
Following the first reported hack in 2019, on New Zealand cryptocurrency exchange Cryptopia, there is a significant lack of information publicly available about the aftermath. Currently, around 2,000 wallets remain on the exchange with a total of around 380 ETH, which is around USD 46,000, and they still might be at risk, according to Max Galka, co-founder and CEO of Elementus, a blockchain analysis protocol and platform.
Most of the funds that potentially remain at risk have been deposited after the security breach occurred, presumably by users who had not heard about the hack, Galka explained in a blog post. If the thieves have access to these wallets, they may very well be lost – but if Cryptopia still has access to them, they have hopefully already contacted the owners, or people will lose that money as well, he wrote, adding that it’s likely that the exchange has additional funds safely stashed away somewhere.
Cryptopia did not respond to our request for comment.
"By our calculations, the total value of the stolen crypto (ether and various tokens), at current market prices, comes out to about USD 16 million. This number includes only what’s on the Ethereum blockchain (ether and ERC20 tokens). We have not examined the Bitcoin blockchain or other blockchains to see if funds were stolen there as well," according to Galka.
The breakdown of potential losses:
Meanwhile, other researchers claim that BTC 606 might have been stolen from Cryptopia:
Looks like the Cryptopia hackers took off with the bitcoin too.
Followed the trail and it's been getting broken down into smaller amounts over the past week.
— Anon⚡️ (@rossobianchi_) January 21, 2019
For the last few days, the hackers have been shuffling the funds around in small pieces and gradually moving them into exchanges in order to cash out, according to Galka.
As previously reported, Binance has frozen some of the funds that have been stolen from Cryptopia.
Just checked, we were able to freeze some of the funds. I don't understand why the hackers keep sending to Binance. Social media will be pretty fast to report it, and we will freeze it. It's a high risk maneuver for them. https://t.co/i0PeahLzic
— CZ Binance (@cz_binance) January 16, 2019
According to Elementus, Cryptopia has not been very quick on the uptake even when the initial breach happened. Not only did the hackers take their time siphoning out the funds – over a course of almost five days – but Cryptopia seemed powerless to stop them, even though they should not have had these issues. A plausible explanation is that the exchange simply lost access to the wallets – a total of 76,000.
According to Galka, around USD 15m are in two wallets controlled by the thieves:
The breach was initially announced at 8 am UTC on January 15th. The exchange added that they would “remain in maintenance mode, with trading suspended” until the matter is investigated. The irregularities had first been brought to light when the exchange experienced an “unscheduled maintenance” just thirteen hours earlier, likely a preemptive hint that it had fallen victim to a hack. The exact specifics of the cryptocurrencies lost weren’t plainly stated. Prior the hack announcement, the 24-hour trading volume on the exchange was almost USD 1 million, according to coinmarketcap.com data.