Coinfirm documents interesting or high profile frauds and hacks that have recently happened and been reported into our networks to show how the AMLT Network can help track and prevent it in the future. Today we conduct an investigation into the Cryptopia hacker who has seemingly struck again.
Last time, we have covered a security breach on the Cryptopia exchange, which resulted in nearly $17.44M lost (calculated with the prices on the day of the hack). Now, nearly 15 days after the hack, the attacker has resurfaced, stealing even more funds and showing everyone, that the wallets are not in control of the exchange.
A quick recap on the investigation so far (a more extensive analysis of the initial breach can be found here).
On January 14th, the New Zealand-based exchange Cryptopia suffered a security breach after their unscheduled maintenance, which was supposed to fix a problem with clients being unable to deposit and withdraw their funds. After the withdrawal of tens of thousands of Ethereum tokens and coins, the service has gone dormant in order to assess the damage.
On January 22nd, the New Zealand Police has made an update, saying that good progress is being made in the investigation and that the cryptocurrency exchange Cryptopia is working closely with the authorities in order to solve this hacking investigation. Since then no more news was shared.
It’s clear now, that the exchange does not have full control over their wallets, as the hacker has re-entered the wallets and started draining more funds. What looked like Cryptopia securing the remainder of their funds, turned out to be another wave of withdrawals that resulted in an additional 1,675 ETH worth of losses from nearly 17 thousand wallets. The hacker(s) have struck again.
What’s unusual here is that some users have still been depositing funds to the hacked addresses, even after the news was widely spread. It looks like most of these transactions were made directly from mining pools, which had likely automated the process in order to liquidate the mined coins immediately.
Since some of Cryptopia’s hot wallets seem to be in control of the hacker, it might be reasonable to claim, that all funds stored in them are in a way already stolen, they just haven’t all been moved to one place.
Below you can see an updated AMLT Risk Report for the main address containing stolen crypto from Cryptopia, the risk rating has increased following further investigation and newly made transactions:
The AMLT Network allows entities to report such incidences as the Cryptopia hacking attack and related addresses and once the data is analyzed and confirmed to be correct, the data is implemented to the Coinfirm AML Platform and the Network Member who provided the data receives AMLT tokens as their reward. This system could allow in certain cases like this for entities to know where the stolen coins are coming from and potentially freeze them or prevent further proliferation of risk after a thorough investigation. Providing a new layer of transparency and security that the entire economy can participate in and benefit from.
If you’re interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!
The Coinfirm Team