A report on the recent Cryptopia hack shows the attack might be worse than we thought. Per a tweet published by blockchain analytics firm Elementus confirmed that tokens stolen from Cryptopia last month are being liquidated on various cryptocurrency exchanges.
On January 13, New Zealand-based Cryptopia had announced “unscheduled maintenance,” leading many to believe something was amiss. However, in what was the first recorded crypto hack of 2019, the attack was confirmed in a separate tweet by the exchange on January 15, where it admitted to a “security breach” that resulted in “a significant amount of losses.”
Cryptopia’s tweet didn’t state how much the “significant losses” amounted to, but a tweet by cybersecurity firm Hacken claimed it discovered an unauthorized transfer of 19,390 ETH tokens from the exchange’s core account to an unknown address.
A Second Wave
Despite multiple investigations and failure to regain control of its wallet, the hackers kept coming for more, stealing an additional 1,675 ETH ($175,875) from 17,000 Cryptopia wallets. In total, blockchain firm Elementus, believes crypto tokens worth as much as $16 million had been previously siphoned by the hackers from Cryptopia wallets.
It also clarified that the unauthorized transfers were made from two hot wallets on the Cryptopia network; one holding Ether, while the other held ERC-20 tokens.
Out of the 17,000 wallets that were breached, includes 5,000 wallets that were emptied of their tokens when the exchange was first breached. The blockchain firm argues that the same criminals were behind the continued attack on the exchange as the funds were all transferred to the same address.
Both wallet addresses used by the hackers have been flagged by Etherscan and labeled ‘Cryptopia_Hack’ for their criminal involvement in the hack and the public have been warned to proceed with caution when interacting with the addresses.
The Hackers’ Withdrawal Route
The report also revealed what the hackers had been doing with their loot—sending them to popular crypto exchanges in a bid to cash them out. A total of 13 exchanges were used by the hackers to funnel the funds, with Bitbox, Binance, and Huobi seeing the most substantial withdrawal volumes, according to the research.
Per the report, out of a total $16 million held in wallets controlled by the criminals, only $882,632 has been withdrawn so far.
$1 Billion Lost to Cryptocurrency Attacks
Hacking of crypto exchanges is becoming a norm. In 2018, hardly a month went by without an exchange being hacked. We started the year with a hack (CoinCheck), and the trend has followed us into the new year, but it’s now reaching alarming levels.
Cybersecurity firm Ciphertrace released its Cryptocurrency Anti-Money Laundering Report, confirming that hackers stole about $927 million in digital assets from crypto exchanges in the first nine months in 2018 alone.
“These cyber attacks bring the total amount of cryptocurrencies reported as stolen in 2018 through the end of Q3 to $927 million. CipherTrace estimates this trend will bring the total stolen and reported in 2018 to well over $1 billion by the end of the year,” the report notes.
Crypto thieves have also become more sophisticated in their means (with tools such as social engineering, SIM swapping and much more at their disposal), while crypto exchanges are still grappling with the continually changing security measures they have to observe to keep their funds safe.