Cryptopia Lost $16 Million In Recent Hack According To Elementus
Last week, Cryptopia announced that it had a security breach that caused it an undisclosed amount in tokens. Even if the exchange didn’t disclose the amount it lost, it said it was significant. This was shortly after the cryptocurrency exchange announced that it was undergoing maintenance.
Elementus revealed that the funds from Cryptopia were initially siphoned from two core wallets of the platform. One was holding ETH while the other was holding other tokens. This is according to the data on the Ethereum public blockchain. After the two main wallets were emptied that afternoon, the funds were transferred out of the platform’s 76,000 plus secondary wallets. This continued for days from the until the 17th of January. The exchange said that it alerted the law enforcement agencies of the 15th as soon as it noticed the discrepancies.
About $3.6 million Ether was stolen along with $2.4 million in Dentacoin, $2 million in Oyster Pearl and $3 million in other unspecified tokens. Further investigations by Elementus showed that hackers have already converted about ~$880,000 of the stolen funds through other cryptocurrency exchanges. They allegedly used major platforms like HitBTC, Huobi, and Binance. The hackers still have control of wallets containing $15 million out of the funds.
According to the report from Elementus, the hack was unusual as hackers used a different method to steal funds. Typically, hackers either take advantage of vulnerabilities in smart contract codes or use private keys of users without authorization. The second method only involves the breach of a single wallet and not multiple wallets.
The hackers were able to gain access to more than 76,000 wallets under Cryptopia’s control. They also siphoned the assets without any sense of urgency. The exchange’s inaction during the period indicates that they may have lost full control of the wallets during the incident.
Since the incident, about 40 Cryptopia users claimed they had taken legal action. Hopefully, they will be able to recover their funds. Cryptopia should have insurance or cold storage reserves kept specifically for these sort of events. If no emergency funds are available, the exchange is going to have many angry customers to deal with.
Do you think the attack on Cryptopia was an inside job? Also, what can be done to prevent such a breach in the future? Feel free to share your thoughts in the comment session.