Welcome to week 24 of the Crypto Alert of the Week series, dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network along with the Coinfirm AML Platform can help fight and prevent it in the future.
Last time, we have covered a security breach on the Cryptopia exchange, which resulted in nearly $17.44M lost (calculated with the prices on the day of the hack). Now, nearly 15 days after the hack, the attacker has resurfaced, stealing even more funds and showing everyone, that the wallets are not in control of the exchange.
A quick recap (a more extensive analysis of the initial breach can be found here)
On January 14th, the New Zealand-based exchange suffered a security breach after their unscheduled maintenance, which was supposed to fix a problem with clients being unable to deposit and withdraw their funds. After the withdrawal of tens of thousands of Ethereum tokens and coins, the service has gone dormant in order to assess the damage.
On January 22nd, the New Zealand Police has made an update, saying that good progress is being made in the investigation and that the Exchange is working closely with the authorities in order to solve this investigation. Since then no more news was shared.
It’s clear now, that the exchange does not have full control over their wallets, as the hacker has re-entered the wallets and started draining more funds. What looked like Cryptopia securing the remainder of their funds, turned out to be another wave of withdrawals that resulted in an additional 1,675 ETH worth of losses from nearly 17 thousand wallets.
What’s unusual here is that some users have still been depositing funds to the hacked addresses, even after the news was widely spread. It looks like most of these transactions were made directly from mining pools, which had likely automated the process in order to liquidate the mined coins immediately.
Since some of Cryptopia’s hot wallets seem to be in control of the hacker, it might be reasonable to claim, that all funds stored in them are in a way already stolen, they just haven’t all been moved to one place.
Below you can see an updated AMLT Risk Report for the main address containing stolen crypto from Cryptopia, the risk rating has increased following the further investigation and newly made transactions:
The AMLT Network allows entities to report such incidences and related addresses and once the data is analyzed and confirmed to be correct, the data is implemented to the Coinfirm AML Platform and the Network Member who provided the data receives AMLT tokens as their reward. This system could allow in certain cases like this for entities to know where the stolen coins are coming from and potentially freeze them or prevent further proliferation of risk. Providing a new layer of transparency and security that the entire economy can participate in and benefit from.
If you’re interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!
The Coinfirm Team