Story Behind The Controversial Cryptopia Exchange Hack

If you’re holding few coins, then the most convenient thing to do is to leave them on the exchanges. No doubt the exchanges allow you to transact and react to market conditions quite effectively. But are they safe?

What if I say you your coins aren’t safe? Or they might be stolen? Or the cryptocurrency exchanges might be hacked?

Isn’t it shocking?

Indeed it is!!!

You might now be thinking how can someone hack a cryptocurrency exchange? But, the reality is, exchanges can be hacked and are under constant attack. I hope you might have heard about the Cryptopia Exchange Hack. But do you know how was it hacked and its current situation?

Let me ride you through the whole visualisation of Cryptopia Hack.

Cryptopia Exchange Hack

On Jan 14, 2019 Cryptopia announced through a tweet stating that,

Meanwhile, tweets from Whale Alert on Jan 13 indicated that 19,391 ether (ETH) tokens worth nearly $2.44 million and around 48 million centralities (CENNZ) tokens worth about $1.18 million were transferred from Cryptopia to unknown wallets.

Later, the exchange tweeted that Cryptopia suffered a security breach resulting in significant losses. Also, the exchange announced that the exchange will be in maintenance mode while the trading is suspended.

The New Zealand police underwent a proper investigation on this matter. Also, the required regulatory authorities have been informed about the incident.

Timeframe of Heist

Furthermore, a next-generation blockchain analysis company, Elementus, outlined the timeframe of the theft and the number of tokens missing. As per the reports,

• The funds were moved from the platform’s two hot wallets, one had Ethereum [ETH] and the other had ERC20 tokens, on January 13, 2019, 1:28 PM GMT.
• When the core wallets got empty, the residual quantities of funds began leaving Cryptopia’s 76k+ secondary wallets on January 13, 2019, 11:58 PM GMT.
• Further Cryptopia suspends trading, announcing the unscheduled maintenance on January 14, 6:00 AM GMT.
• Moving further, the exchange disclosed the security breach and New Zealand law enforcement steps on January 15, 3:00 AM GMT.
• The last of the exchange’s funds are drained on January 17, 5:58 AM GMT.

Disclosure Of The Cryptocurrencies Stolen

As per the reports, Ethereum and ERC20 tokens were worth$16 million. The thieves not only gained access to one private key, but also to thousands of them . Along with losing their funds, the Cryptopia exchange also lost access to all of them. Ethereum, Dentacoin, Oyster Pearl, Lisk ML, Centrality, Mothership, Ormeus, DAPS, Zap, and Pillar were the largest number of cryptocurrencies stolen.

The stolen cryptocurrencies were spread across fourteen exchange platforms. Out of which the largest number of cryptocurrencies were sent to Bibox, the second largest were held by Binance, while the third in line was Huobi. According to the reports, the hackers transferred over $882,632 out of the $16 million, and the majority of the tokens were still in two different wallets.

The two wallets holding the stolen funds were : 0x9007A0421145B06a0345d55a8C0f0327f62A2224 and 0xaA923Cd02364Bb8A4c3d6F894178d2e12231655C. These wallets were said to have nearly $13 million of cryptocurrencies.

Second Attack on Cryptopia

The exchange was not yet completely out of the first attack, while it had to again face another attack on January 28, 2019. This hack began at 6:58 AM and continued the whole-day. During this hack, the exchange lost $1,675 ETH which is equivalent to 180k worth of ETH. Also, the reports depict that 5,240 wallets that were affected  during the previous security breach, were hit by the hackers again. This time, the Ethereum address to which the stolen tokens were sent to is 0x3b46c790ff408e987928169bd1904b6d71c00305.

On January 29, 2019, at 9:00 PM, the exchange platform got a confirmation that the same thief had again hacked their platform. During this time, the incoming transfers were stopped and the combined funds moved into the same wallet address that currently stores the other stolen Cryptopia funds.

A Month Later..

After a month of the hack on February 14, 2019, the exchange platform resumed its operations after receiving a green signal from local police. While the police were continuing their investigation, the staff was given access to the building.  

Later in a tweet, the company tweets an update stating:

Update: We are continuing to work on assessing the impact incurred as a result of the hack in January. Currently, we have calculated that worst case 9.4% of our total holdings was stolen. Please keep an eye on our page for further updates today.

Many more updates come along way saying,

Update: We are securing each wallet individually to ensure the exchange is fully secure when we resume trading. We have more updates to come today, please keep an eye on our page.

Another update stating,

Update: As a result of the new wallets please immediately refrain from depositing funds into old Cryptopia addresses. We have more updates to come tomorrow, keep an eye on our page.

Read-Only Mode of Website

Although the exchange suffered such a huge loss, they were regularly updating about the status of their company. On March 4, 2019 the company re-opened the site and updated that the users will now be able to check their balances. The site urged users to reset their password. Also, they requested to bolster their accounts by enabling the Two-Factor Authentication.

Full Re-Launch Of Site

On March 11, 2019, Cryptopia provided an option for the users to cancel their standing orders. This cancel order option enabled the users to remove and buy or sell orders that were still open on the system since January 14.

As the site is getting ready for its full re-launch, the exchange informed on Twitter that it secured custody of 35% of coins on new wallets. In order to maintain transparency, the exchange created a CoinInfo page which allowed users to check the status of the coins.

The exchange provided the link of the page to users and explained the terms in the chart.

“We are making progress on securing our wallets, you can check the status here: https://cryptopia.co.nz/CoinInfo/?coin=BIS …

Offline means the coins have not been checked yet.

In Maintenance means coin has been secured.

The maintenance message will detail the impact the event had on that coin.”

Website To Re-Open By March-End

To ensure proper functionality, the exchange carried out a system update. The team emails to all users affected by the hack. The exchange tweeted about this update saying,

We will be emailing you again shortly with more details around the rebates and the projected dates for trading to be active again. Please be aware, we are hoping to achieve this by the end of the month.

On March 19, 2019, the exchange announced that it will resume trading on 40 pairs that they assessed to be secure. The exchange provided its users with a list tradable pairs. They also informed about adding more pairs as soon as they are cleared and deemed secure.

Details Of The Email

The exchange mailed all its users detailing the current situation.

Later, the exchange advised its customers not to deposit funds to the old Cryptopia address as the exchange has new wallets. Moving further, the mail also stated that they would refund all the customers who lost their funds during the security breach.

Deposits After 24 hours Not Recovered

On March 25, 2019, the exchange made a statement that deposits that took place more than 24 hours after the announcement would not be recovered. This meant that if the user sent funds after 16/01/2019 12:00AM NZT, the funds will not be recovered.

$4 million Stolen ETH Transferred To Unknown Wallet

On March 30, 2019, WhaleAlert posted an alert stating that over $4 million worth of Ethereum tokens were transferred to a different address. The hacker transfered a total of 30,789 ETH to an unknown wallet. Later, the exchange started generating private keys for the 457 coin listed on the exchange.

Website Down For 8 Hours

A redditor stated on May 14, 2019 that the exchange website was again down for 8 hours. While the user opened the website to check he found a message saying,

Don’t Panic! We are currently in maintenance. Thank you for your patience and we apologise for the inconvenience.

This message again scared its users, as it might be hacked again or the team is bailing-out on its customers due to its previous hack. The maintenance continued for a longer period of 48 hours.

Cryptopia Enters Liquidation

After the customers of Cryptopia raised concerns for a long unscheduled maintenance, the exchange announced the appointment of Grant Thornton as its liquidators. The firm decided to take this step due to the hack caused earlier this year.

David Ruscoe and Russell Moore, were the two officials from Grant Thornton who carried the liquidation process. On May 16, 2019, the exchange asked its users to stop depositing to Cryptopia.

According to the public notice by Grant Thornton, the investigation of the case may take months together for its completion. The exchange also announced that they will not allow its customers to withdraw any currencies until the investigation process is complete.   

Just after a week when the exchange went into liquidation, over 30,000 ETH stolen from Cryptopia in January was transferred to an unknown wallet. According to Coinfirm, most of the stolen coins landed on top exchanges. But, Ethereum is still on Hackers address.

The hacker is continuously transferring the stolen ETH to various wallets since the beginning. Just two days ago, a total of four different transactions were completed. This time around 29770.7290449 ETH [over $7 million] were transferred in 15 minutes.

According to a recent report a  portion of the stolen funds were transferred to and received by a Huobi deposit address. It also states that hackers might pull the cash out through the Huobi hot wallet.