Clients of the New Zealand-based cryptocurrency exchange has lost more than $16 million worth of cryptocurrencies in the recent theft from the exchange, according to an estimation by the blockchain analysis platform Elementus.
Though Cryptopia officially did not disclose any figure, multiple analysis firms are now trying to come up with an estimate. Though a previous estimation put the loss between $2.5 million to $3.5 million, Elementus’ numbers project an eye dropping negligence in the part of the exchange.
The blockchain analysis firm has only analyzed and other ERC-20 tokens’ blockchain and is claiming that the hackers had stolen more than $3.5 million in ETH, around $2.5 million in Dentacoin along with many other coins taking the total figure to $16,002,108.
Moreover, these hackers slowly transferred a huge chunk of the stolen funds in several exchanges in small deposits hoping to cash out fiats. Elementus found that a total of $882,632 worth of ETH and ERC-20 tokens were transferred to many exchanges including Bibox, , and Huobi.
A Unique Attack
The report by Elementus also explained the techniques used by the hackers which raised many concerns for the security of stored funds on the exchange-controlled wallets.
Till now, most of the major thefts on the exchanges were attempted though vulnerabilities on the smart contracts. However, in the case of Cryptopia, hackers directly targeted the wallets of the clients of the exchange. This shows that they gained access to the private keys of the wallets stored by the exchange.
Moreover, unlike other thefts, the attackers did not try to pull all the funds at once. Instead, the activity spanned for around five days. Elementus is also claiming that Cryptopia was aware of the attacking but did nothing to stop it.
“After Cryptopia discovered the hack, they watched the funds continue to flow out of their wallets for four more days, seemingly powerless to stop it. As these wallets were not smart contracts, there should have been no technical complications preventing Cryptopia from securing the funds,” Elementus stated. “The only plausible explanation for Cryptopia’s inaction is that they no longer had access to their own wallets,”
Cryptopia’s Response to the Attack
On 15th January, Cryptopia publically announced about the attack on the exchange and said it has suffered “significant loss” without disclosing any figures.
The local police are now investigating the case and are considering even the exchange’s role on the attack as rumors are floating that this might be an internal hack or an “exit scam”.
I’m not liking how silent Cryptopia has been.
Imagine if this behavior came from a larger exchange like Binance. It’d be unacceptable.
I didn’t have much on Topia but I feel bad for those who kept a large portion of their portfolio there and arent getting any updates..
— Vashilly Lomacrypto (@Lomacrypto)
“The assistance of the cryptocurrency community is being sought as the investigation progresses. This is a very complex investigation, involving expert digital forensic investigators from within New Zealand and in various overseas jurisdictions, as well as overseas authorities. Members of the investigation team met with Cryptopia management and staff yesterday and today and outlined progress in the investigation,” an official statement from the New Zealand police noted.
Be First to Comment