Is the Cryptopia hack still ongoing?

Getting your Trinity Audio player ready...

On January 15, New Zealand-based cryptocurrency exchange Cryptopia realized that it was under attack by hackers. It moved to thwart the theft of assets, but not until after approximately $3.65 million in Ether (ETH) and Centrality had been lifted off the platform. There has been mounting concern over a lack of follow up information related to the hack and it has now surfaced that the hackers may still be actively withdrawing funds from the exchange. 

A blog post from Elementus, a blockchain infrastructure company, from yesterday indicates that the exchange is still comprised. The company asserts, “In our investigation of the Cryptopia hack, posted last week, we highlighted that thousands of Cryptopia wallets may still be at risk. We were right.”

Elementus goes on to say that another 17,000 wallets on the exchange have lost around 1,675 ETH, currently worth approximately $180,000. It adds that these wallets include 1,948 “at-risk wallets” the company had previously identified, as well as 5,000 wallets that were targeted in the first wave of attacks. Elementus posits that these wallets had been topped off again by Cryptopia users who weren’t aware of the attacks. 

The latest hacks reportedly began at 6:59 AM local time and continued throughout the day, with the funds being moved to a particular ETH address. While there was an initial belief that the activity could have been led by Cryptopia in order to secure funds, Elementus adds that by evening, “it became obvious this was the same hacker. At that time, the incoming transfers stopped and the funds were moved into [another address], one of the wallets used in the prior series of breaches.”

It would appear that Cryptopia is no longer in control of the exchange. Elementus adds that it seems the hacker, or hackers, has access to a large number of private keys and is able to transfer funds out of the wallets at any time. 

While it seems odd that money would still be deposited to the wallets despite extensive media coverage of the hacks, Elementus offers an explanation. It states, “Most of the funds are coming from mining pools. Presumably, these payments are being sent on behalf of miners who opted to receive their rewards automatically via ‘direct deposit,’ and have since forgotten about it.”

Now would be a good time to remember.