Details have so far been murky regarding millions of dollars worth of tokens stolen from New Zealand-based cryptocurrency exchange Cryptopia on Jan. 14. But data company Elementus has been investigating and now says the hack was different from previous attacks of this nature – and the amount stolen is much higher than originally thought.
Details Becoming Clearer in ‘Weird’ Hack
Last week Cryptopia became the latest exchange to be hit by an attack. The Christchurch-based platform had initially announced that it had taken down its services for “unscheduled maintenance” before revealing it had “suffered a security breach which resulted in significant losses.” Since then, details have been unclear and the amount lost has not been made public. Police in New Zealand announced that they were working with the exchange to figure out precisely what happened.
But data firm Elementus has since started to provide information, including figures revealing how much was taken, which it claims to be around $16 million in ethereum (ETH) an ERC20 tokens. The company told news.Bitcoin.com that this hack was particularly unusual as the theft was conducted in a number of small operations using a number of wallets.
“Many different wallets were involved, which is weird. With other hacks we have seen in the past, they just took the money and tried to launder it in one shot. But this guy has been very careful and has done many transfers in small amounts,” Nuria Gutierrez, the co-founder of Elementus said. “I guess it’s smart – and cheap.” Gutierrez added that stealing tokens in small amounts and with many wallets it a better way to avoid detection and being traced.
Elementus revealed data showing that of the $16m that was stolen, the vast majority remains in two wallets controlled by the thieves. The hackers have been shuffling the funds around in small pieces and gradually moving them into exchanges to cash out. Over 76,000 different wallets, none of which were smart contract-based, were used, meaning the thieves must have gained access to not one private key, but thousands of them, according to Elementus. And instead of withdrawing the funds as fast as possible, they took their time extracting the assets over the course of nearly five days after Cryptopia realized they were being stolen from.
A Slower Than Usual Hack
“The lack of urgency on the part of the thieves is striking,” Elementus said. Normally hacks are done fairly quickly, with hackers discovering a vulnerability in a wallet’s smart contract code, which allows them to empty its funds, or when someone is able to get a hold of a wallet’s private key and simply withdraws the funds into their own blockchain wallet.
It is possible that future hackers may try and copy the Cryptopia technique in order to avoid detection. Elementus said that the exchanges should be freezing these funds as soon as they arrive, adding that there are “no excuses. On the blockchain there is nowhere to hide, and no reason 100 percent of these transfers should not have been frozen immediately.”
Police in New Zealand have since said the investigation into the Cryptopia hack is “very complex” and that “positive lines of inquiry are being developed to identify the source of the transfer,” but it will take some time to complete, according to local media.
What do you think about the revelations regarding the Cryptopia hack? Share your thoughts in the comments section below.
Images courtesy of Shutterstock and Elementus.
Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi’s Pulse, another original and free service from Bitcoin.com.