Following the first reported hack in 2019, on New Zealand cryptocurrency exchange Cryptopia, there is a significant lack of information publicly available about the aftermath. Currently, around 2,000 wallets remain on the exchange with a total of around 380 ETH, which is around USD 46,000, and they still might be at risk, according to Max Galka, co-founder and CEO of Elementus, a blockchain analysis protocol and platform. (A new section (Inadequate security) has been added to the article.)
Most of the funds that potentially remain at risk have been deposited after the security breach occurred, presumably by users who had not heard about the hack, Galka explained in a blog post. If the thieves have access to these wallets, they may very well be lost – but if Cryptopia still has access to them, they have hopefully already contacted the owners, or people will lose that money as well, he wrote, adding that it’s likely that the exchange has additional funds safely stashed away somewhere.
Refer to the picture below for a breakdown of the losses:
For the last few days, the hackers have been shuffling the funds around in small pieces and gradually moving them into exchanges in order to cash out, according to Galka.
Binance also took notable action to freeze funds that are related to the hack.
According to Elementus, Cryptopia has not been very quick on the uptake even when the initial breach happened. Not only did the hackers take their time siphoning out the funds – over a course of almost five days – but Cryptopia seemed powerless to stop them, even though they should not have had these issues. A plausible explanation is that the exchange simply lost access to the wallets – a total of 76,000.
According to Galka, around USD 15m are in two wallets controlled by the thieves.
The breach was initially announced at 8 am UTC on January 15th. The exchange added that they would “remain in maintenance mode, with trading suspended” until the matter is investigated. The irregularities had first been brought to light when the exchange experienced an “unscheduled maintenance” just thirteen hours earlier, likely a preemptive hint that it had fallen victim to a hack. The exact specifics of the cryptocurrencies lost weren’t plainly stated. Prior the hack announcement, the 24-hour trading volume on the exchange was almost USD 1 million, according to coinmarketcap.com data.