A report on the recent Cryptopia hack shows the attack might be worse than we thought. Per a tweet published by blockchain analytics firm Elementus confirmed that tokens stolen from Cryptopia last month are being liquidated on various cryptocurrency exchanges.

On January 13, New Zealand-based Cryptopia had announced “unscheduled maintenance,” leading many to believe something was amiss. However, in what was the first recorded crypto hack of 2019, the attack was confirmed in a separate tweet by the exchange on January 15, where it admitted to a “security breach” that resulted in “a significant amount of losses.”

Cryptopia Hack

Cryptopia’s tweet didn’t state how much the “significant losses” amounted to, but a tweet by cybersecurity firm Hacken claimed it discovered an unauthorized transfer of 19,390 ETH tokens from the exchange’s core account to an unknown address.

A Second Wave

Despite multiple investigations and failure to regain control of its wallet, the hackers kept coming for more, stealing an additional 1,675 ETH ($175,875) from 17,000 Cryptopia wallets. In total, blockchain firm Elementus, believes crypto tokens worth as much as $16 million had been previously siphoned by the hackers from Cryptopia wallets.

It also clarified that the unauthorized transfers were made from two hot wallets on the Cryptopia network; one holding Ether, while the other held ERC-20 tokens.

Out of the 17,000 wallets that were breached, includes 5,000 wallets that were emptied of their tokens when the exchange was first breached. The blockchain firm argues that the same criminals were behind the continued attack on the exchange as the funds were all transferred to the same address.

Both wallet addresses used by the hackers have been flagged by Etherscan and labeled ‘Cryptopia_Hack’ for their criminal involvement in the hack and the public have been warned to proceed with caution when interacting with the addresses.

The Hackers’ Withdrawal Route

The report also revealed what the hackers had been doing with their loot—sending them to popular crypto exchanges in a bid to cash them out. A total of 13 exchanges were used by the hackers to funnel the funds, with Bitbox, Binance, and Huobi seeing the most substantial withdrawal volumes, according to the research.

Per the report, out of a total $16 million held in wallets controlled by the criminals, only $882,632 has been withdrawn so far.

$1 Billion Lost to Cryptocurrency Attacks

Hacking of crypto exchanges is becoming a norm. In 2018, hardly a month went by without an exchange being hacked. We started the year with a hack (CoinCheck), and the trend has followed us into the new year, but it’s now reaching alarming levels.

Cybersecurity firm Ciphertrace released its Cryptocurrency Anti-Money Laundering Report, confirming that hackers stole about $927 million in digital assets from crypto exchanges in the first nine months in 2018 alone.

“These cyber attacks bring the total amount of cryptocurrencies reported as stolen in 2018 through the end of Q3 to $927 million. CipherTrace estimates this trend will bring the total stolen and reported in 2018 to well over $1 billion by the end of the year,” the report notes.

Crypto thieves have also become more sophisticated in their means (with tools such as social engineering, SIM swapping and much more at their disposal), while crypto exchanges are still grappling with the continually changing security measures they have to observe to keep their funds safe.


Buy Crypto    Trade Crypto
eToro Risk Warning: 66% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you can afford to take the high risk of losing your money.

Avatar

Posted by Jimmy Aki

Based in the UK, Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system. Follow him on Twitter: @adejimi


All content on Blockonomi.com is provided solely for informational purposes, and is not an offer to buy or sell or a solicitation of an offer to buy or sell any security, product, service or investment. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate.

Leave a reply

Your email address will not be published. Required fields are marked *