Just two weeks into 2019, the crypto market underwent its first exchange hack, with New Zealand-based Cryptopia biting the proverbial dust. And while a week has passed since the “security breach,” the dust hasn’t settled. Questions still remain about the exact details of the unfortunate occurrence, namely, how much Ethereum (ETH) & other cryptocurrencies were swiped.
Cryptopia Hack: A Brief (Not So) History Lesson
If you missed the Cryptopia memo, let me catch you up. Early-morning January 14th, Cryptopia, a former major crypto exchange that is focused on facilitating altcoin trades, suddenly shut down its platform, suspending trading, while citing “unscheduled maintenance.” At midnight (PST) on January 15th, about ~20 hours later, the upstart took to its Twitter page to release a harrowing piece of news.
Through a company letter released in tandem with the tweet, it was revealed that Cryptopia suffered a “security breach,” claiming that the company incurred “significant losses.”
Explaining this sudden shutdown of trading, it was divulged that when Cryptopia’s C-suite and top brass were notified, an immediate shift to maintenance was deemed necessary to “assess damages.” Cryptopia also revealed that it had contacted local police, along with the Commonwealth nation’s “high tech crimes unit.”
Save for a message from a local police unit, who claimed that they were working hand-in-hand with the exchange, Cryptopia has yet to release a follow-up message.
As New Zealand’s authorities have likely pushed Cryptopia to shut its yapper on the matter, speculation has raged about the details of the breach. However, for the most part, this hearsay has been unbacked. But this changed on Monday when a detailed report was divulged outlining the jaw-dropping imbroglio.
Ethereum & What Was Hacked?
Elementus, a New York-headquartered blockchain research unit, took to its company blog on Monday to provide some “overdue transparency” into the debacle. The blockchain researchers claimed that the $3 million to $13 million estimated to have been stolen by hackers is a false claim. Elementus even quipped that the true numbers have been hiding in plain sight, “encoded in a public database called the Ethereum blockchain, which is unfortunately not well designed for human consumption.”
Citing data and information compiled by its proprietary software and researchers, Elementus claimed that over the course of four days, Cryptopia’s core hot wallets, coupled with likely user-assigned secondary wallets, were drained.
Eventually, over $16 million U.S. dollars worth of Ether and ERC20 tokens were revealed to have been stolen by the attackers. $3.57 million of the sum was in ETH, $2.446 million in Dentacoin, $1.948 million in Oyster Pearl, and the list goes on. Other prominent tokens, including TrueUSD, OmiseGO, Sirin Labs, ZRX, and Augur’s REP, were also stolen from Cryptopia’s not so impenetrable system.
Interestingly, the company divulged that the hackers have attempted to siphon stolen funds into other notable exchanges, including Bibox, Huobi, and Binance, the latter of which froze funds upon requests from social media. No reports have been divulged on whether the other exchanges name-dropped have taken action.
Elementus closed off its deep-dive into the Cryptopia case by explaining that oddities of this hack, including the duration and eerie timing of the hack and the numbers of wallets involved.
Anyhow, this case is far from over, but Live Coin Watch will do its best to keep you all in the loop. Stay safe out there.