Main Page > Blog >


Cryptopia Hacker Strikes Again - AMLT Crypto Alert of the Week

Feb 01, 2019

About Us

Recognized as a global leader in RegTech for blockchain, Coinfirm serves as a foundation for the safe adoption and use of blockchain. The Coinfirm AML/CTF Platform uses proprietary algorithms and big data analysis to provide structured, actionable data that solves compliance and transaction risk issues in blockchain and cryptocurrencies. The blockchain agnostic platform is currently used by anyone ranging from major financial institutions to exchanges. In addition, Coinfirm develops dedicated blockchain solutions such as the data provenance platform Trudatum that was recently integrated by the largest bank in CE.

Follow Us


Welcome to week 24 of the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network along with the Coinfirm AML Platform can help fight and prevent it in the future.

Last time, we have covered a security breach on the Cryptopia exchange, which resulted in nearly $17.44M lost (calculated with the prices on the day of the hack). Now, nearly 15 days after the hack, the attacker has resurfaced, stealing even more funds and showing everyone, that the wallets are not in control of the exchange.

A quick recap (a more extensive analysis of the initial breach can be found here)
On January 14th, the New Zealand-based exchange suffered a security breach after their unscheduled maintenance, that was supposed to fix a problem with clients being unable to deposit and withdraw their funds. After the withdrawal of tens of thousands Ethereum tokens and coins, the service has gone dormant in order to assess the damage.

On January 22nd, the New Zealand Police has made an update, saying that good progress is being made in the investigation and that the Exchange is working closely with the authorities in order to solve this investigation. Since then no more news was shared.

It’s clear now, that the exchange does not have full control over their wallets, as the hacker has re-entered the wallets and started draining more funds. What looked like Cryptopia securing the remainder of their funds, turned out to be another wave of withdrawals that resulted in additional 1,675 ETH worth of losses from nearly 17 thousand wallets.

What’s unusual here is that some users have still been depositing funds to the hacked addresses, even after the news were widely spread. It looks like most of these transactions were made directly from mining pools, which had likely automated the process in order to liquidate the mined coins immediately.

Since some of Cryptopia’s hot wallets seem to be in control of the hacker, it might be reasonable to claim, that all funds stored in them are in a way already stolen, they just haven’t all been moved to one place.

Below you can see an updated AMLT Risk Report for the main address containing stolen crypto from Cryptopia, the risk rating has increased following the further investigation and newly made transactions:

The AMLT Network allows entities to report such incidences and related addresses and once the data is analyzed and confirmed to be correct, the data is implemented to the Coinfirm AML Platform and the Network Member who provided the data receives AMLT tokens as their reward. This system could allow in certain cases like this for entities to know where the stolen coins are coming from and potentially freeze them or prevent further proliferation of risk. Providing a new layer of transparency and security that the entire economy can participate in and benefit from.

If you're interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!

Thank you for your continued support and make sure to follow all of our latest updates on Twitter, Facebook, LinkedIn and Telegram Community.

The AMLT Team