New Zealand exchange Cryptopia might have been hacked almost 5 months ago, but new information continues to unfold. Cryptopia’s hack is particularly interesting, thanks in no small part to the numerous details and developments that have come out since the event itself.
Now, there’s a new twist to the seemingly never-ending tale. The funds have been transferred again.
Tokens on the move
Following the liquidation order and the halt that was put on all trading activities on the platform, it was recently reported that the hackers who stole funds from the New Zealand-based crypto exchange had begun moving funds into separate wallets.
The discovery was made by CoinFirm, a cryptocurrency tracking, and analysis firm. It started with a tweet from AMLT Token & Network, in which it was revealed that some of the ETH tokens stolen from Cryptopia still remains on the attacker’s address.
— AMLT Token Network (@AMLT_Token) May 17, 2019
Following that tweet, CoinFirm added that 10 ETH tokens (worth about $2,510 as at press time) had already been moved from the address and into addresses housed on some major exchanges- including two which were found to have been linked with Huobi.
Grant Blaisdell, an official at CoinFirm, said, “The Cryptopia hacker moved 30,790 ETH (~$7.67M) from the last red address to the yellow one which is a new address of the hacker as of May 20, 2019, at 01:43:57 AM +UTC. The yellow address still has got 29,770 ETH.”
In addition to those addresses, two other addresses were reported to have received a total of 1010 ETH (worth $253,510 as at press time), while 10 ETH was sent to what seems like an address on Japanese exchange Huobi, before making their way to a Huobi hot wallet.
Millions moved in January
For a quick recap, Cryptopia was hit with two separate hacks back in January 2019. In a tweet on January 15, the exchange revealed that it had been the victim of a “security breach” the day before, and that “significant losses” had already been incurred as a result of the breach.
A separate tweet by the firm also revealed that 48 million Centrality (CENNZ) tokens (worth $1 million at the time) were transferred without authorization as well.
The hackers came back for more
However, despite multiple investigations and efforts to retrieve users’ funds, little progress was made
Then, on January 20, a report by blockchain data analysis firm Elementus revealed that a second raid on Cryptopia had resulted in the theft of ETH and ERC 20 tokens worth about $16 million.
The report, which was titled “Some overdue transparency on the Cryptopia attack,” revealed that the hackers’ second raid affected a total of 17,000 wallets on the exchange.
It also claimed that the unsanctioned token transfers were effected from two separate hot wallets; one held ETH, while the other supposedly held other tokens listed on the exchange.
However, the firm also noted that the report only considered transfers effected on the Ethereum blockchain. When the number of tokens taken from other blockchains is considered, there’s a high probability that the funds stolen would have been much higher.
Concluding, Elementus noted that while the hackers had been working double-time to move their loot to various exchanges- such as Binance, Bitbox, and Huobi– and cash them out, a large percentage of the funds- about $15million- had not been withdrawn at that time.