Altcoin News: Cryptopia Hack, Damage Significantly Larger Than Expected
January 24th, 2019 by Marko Vidrih on ALTCOIN MAGAZINE
Apparently, the hackers were able to capture a multiple of the originally assumed amount of damage in their attack on Cryptopia. An analysis by Elementus concludes that ETH, DCN and other ERC20 tokens worth around $16 million have been stolen.
A new analysis by Elementus sheds light on the hack of the New Zealand crypto exchange Cryptopia. Elementus tracked the stolen funds on the Ethereum Blockchain using in-house software (Elementus query engine). Among other things, it came out that the amount of damage in the Causa Cryptopia at least about 16 million US dollars. Previous estimates amounted to between three and 13 million US dollars.
Apparently, the suspicious wallet movements began on Sunday, January 13, one day earlier than Cryptopia had originally indicated. The affected wallets are central wallets of the crypto exchange. One of the wallets contained ethers, the other ERC20 tokens.
Only a short time later, funds from more than 76,000 customer wallets began to disappear. The following day, January 14, Cryptopia closed the operation and went into “maintenance mode”. On January 15, Cryptopia finally informed the public about the vulnerability.
The thieves have stashed a portion of the loot on various crypto exchanges. Thus, ETH and ERC20 tokens amount to the equivalent of around one million US dollars on a total of 13 different exchanges. The lion’s share is attributable to Bibox ($326,581), Binance ($279,525) and Huobi ($147,715).
However, part of the remaining loot is stored on three wallets, which are apparently in the possession of hackers.
The raw data was posted by Elementus on Github. Here is an excerpt from the list of stolen coins:
The slightly different hack
The Cryptopia hack differs according to estimates in two main points of “conventional” attacks on crypto exchanges. According to this, the number of affected wallets is unusually high at more than 76,000:
The funds were drawn from more than 76,000 different wallets, none of which were smart contracts. The thieves must have received access not just to one but to thousands of private keys.
Second, the fact that the attack continued even after its discovery made the analysts startling:
After discovering the hack, Cryptopia watched the money flow out of their wallets for another four days, seemingly powerless to stop it. Since these wallets were not smart contracts, there should have been no technical complications preventing Cryptopia from securing the funds.
This, in turn, indicates that Cryptopia kept all private keys on a single central server — a deadly sin in terms of exchange security.
One possible explanation is that Cryptopia has stored its private keys on a single server without redundancy. If the thieves managed to gain access to this server, they could have downloaded the private keys and deleted them from the server so that Cryptopia could not access their own wallets.
In addition, around 2,000 wallets are currently in danger of being cleared out. These host ETH equivalent to a total of around 46,000 US dollars.
The report concludes with an appeal to all affected crypto exchanges to freeze funds originating from the Cryptopia hack.
Author: Marko Vidrih
The latest Tweets from @cryptomarks (@VidrihMarko). Freelance Journalists/Writer and Crypto enthusiast. Republic of…twitter.com
Image via Shutterstock
Before moving on, make sure to press follow, leave a clap or 46, share today’s highlight and if you missed the last article, click here.
Read about the Altcoin Magazine Mastermind Event here.
The purpose of ALTCOIN MAGAZINE is to educate the world on crypto and to bring it to the hands and the minds of the masses.