Costly and Careful: Details of $16M Attack On Cryptopia Revealed

Last week, the New Zealand-based exchange Cryptopia was targeted by attackers who succeeded in stealing an unspecified amount of cryptocurrency. Not only was the total value of the attack unknown at the time, the nature of the attack was also a mystery.

Needless to say, the unanswered questions led to much speculation within the crypto world. Now, there are answers: the blockchain analysis firm Elementus has revealed its findings about one of the first major attacks of the year. So, what happened to Cryptopia?

$16 Million Of Crypto Stolen

After analyzing the Ethereum blockchain, Elementus discovered that $16 million worth of cryptocurrency was stolen from the exchange. This makes the Cryptopia attack quite small relative to other exchange attacks, but substantially larger than conservative estimates, which ballparked the theft at about $3 million.

Of the $16 million worth of stolen coins, the majority were Ethereum-based altcoins. Only $3.5 million were actual ETH tokens, while the remainder were minor ERC-20 tokens, such as Oyster Pearl and Dentacoin. It is still unclear whether other cryptocurrency was stolen: Elementus says that it has “not examined the Bitcoin blockchain.”

Attackers Were Unusually Careful

According to Elementus, the attackers took an unusually careful approach to the theft. In order to avoid attracting attention, the perpetrators drained more than 76,000 different wallets and circulated the stolen crypto over a period of several days. At the time of Elementus’ report, $15 million had been moved to just two different addresses; however, those addresses remain active.

The attackers were also careful enough to use multiple exchanges to cash out their money. The perpetrators converted the stolen money by performing 192 transactions involving several different exchanges―primarily Bibox, Binance, Huobi, and HitBTC―in order to prevent a single exchange from freezing their funds. So far, the attackers have attempted to cash out $882,632 at exchanges.

Suggested Reading : Learn how Binance compares to Bitfinex.

Elementus Calls For Action

Elementus is also concerned by the fact that Cryptopia did not merely lose its funds. Instead, the exchange knowingly watched those funds bleed out for four days, “seemingly powerless to stop it.”

Elementus suggests that Cryptopia’s private keys may have been deleted by the hacker―otherwise, the exchange would have been able to move its funds to a safe address:

“Cryptopia [possibly] had their private keys stored in a single server with no redundancy. If the thieves managed to gain access to this server, they could have downloaded the private keys before wiping them from the server, leaving Cryptopia unable to access their own wallets.”

An alternative explanation is that the attack was coordinated by actors within Cryptopia. Elementus seems to believe that this was not the case, but rumors are circulating that the attack was actually an exit scam. However, both explanations are speculative, and efforts to identify the attackers are still underway.

In the meantime, Elementus is urging other exchanges to freeze and block certain transactions, and it is offering its assistance “free of charge.” This means that Elementus can be added to the list of firms that are actively working to resolve public blockchain conflicts, along with SlowMist, which played a major part in resolving the recent Ethereum Classic attacks.