The Cryptopia Hack Is Not Over, Another 17K Wallets Drained - Report
Only a week ago, it surfaced that an additional 2,000 wallets were at risk following the infamous Cryptopia hack earlier this month. Now, another 17,000 Cryptopia wallets were drained of 1,675 ETH (around USD 180,000 as of the time of writing), according to blockchain analysis protocol and platform Elementus.
Max Galka, co-founder and CEO of Elementus, claims that the funds began moving yesterday, January 28th, and when the draining stopped, the accumulated funds were moved into the wallet that currently stores the rest of the stolen funds. Among the affected wallets are those that Elementus previously identified as still vulnerable, as well as more than 5,000 wallets that had already been drained in the original hack, but have since been topped up, apparently by Cryptopia users unaware of the breach.
"Initially it wasn't clear whether this might be Cryptopia securing their remaining funds. But by 9:50pm this evening, we got our confirmation that this was indeed the same thief. At that time, the incoming transfers stopped and the combined funds were moved into [this] address, the same wallet that currently stores the other stolen Cryptopia funds," Galka said.
Although the hack was followed by plenty of media coverage, it would seem that a good number of users are still unaware that it had happened at all, as evidenced by their willingness to send funds into those wallets. Elementus concludes, “Consistent with our earlier hypothesis, Cryptopia no longer has the private keys to their Ethereum wallets and the hacker does.” This means that there is a clear and present danger to any who still have some funds on Cryptopia.
We'll update the article should Cryptopia replies to our request for comment.
Meanwhile, the latest public update by Cryptopia can be found on Twitter. On January 27, the exchange shared a statement from local police, dated January 22.
Previously, it was believed that if the thieves had access to these wallets, they may very well be lost - but if Cryptopia still had access to them, they had hopefully already contacted the owners, or people would lose that money as well.
According to Elementus, Cryptopia has not been very quick on the uptake even when the initial breach happened. Not only did the hackers take their time siphoning out the funds, but Cryptopia seemed powerless to stop them, even though they should not have had these issues.
The breach was initially announced at 8 am UTC on January 15th. The exchange added that they would “remain in maintenance mode, with trading suspended” until the matter is investigated by police. The irregularities had first been brought to light when the exchange experienced an “unscheduled maintenance” just thirteen hours earlier, likely a preemptive hint that it had fallen victim to a hack. The exact specifics of the cryptocurrencies lost weren’t plainly stated. Prior the hack announcement, the 24-hour trading volume on the exchange was almost USD 1 million, according to coinmarketcap.com data.
Meanwhile, the hacking of exchanges is far and away the most costly type of crypto crime, generating around USD 1 billion in hacking revenues in 2018 alone, according to Chainalysis, a blockchain analysis firm.
"We track the two prominent hacking groups responsible for a majority of these stolen funds. Hackers move fast, cashing out the majority of funds within three months of an attack, and create complex patterns of transactions to hide their activity. As other exchanges tend to be the main cash-out point, the industry can chip away at the success of these sophisticated hackers through greater coordination," they said in the Crypto Crime Report.
The hacks they traced from the two prominent hacking groups stole an average of USD 90 million per hack. The hackers typically move stolen funds through a complex array of wallets and exchanges in an attempt to disguise the funds’ criminal origins. On average, the hackers move funds at least 5,000 times, according to the report.