Contrary to prior reports putting the value of cryptocurrency stolen in the Cryptopia exchange hack at around $2.5 million, it has emerged that the true value of assets stolen sums up to about $16 million. According to blockchain analysis platform Elementus, this was ascertained by analysing the Ethereum blockchain using the Elementus query engine.
The $16 million figure only covers ether and ERC-20 tokens, which means that may be a possibility that more funds were compromised in the attack. Elementus also says that the hack makes for uncomfortable analysis from a security point of view because an examination of the way it took place raises several questions.
STARTLING NEW DETAILS ABOUT CRYPTOPIA HACK
According to Elementus, the attackers moved $16,002,108 worth of Ethereum tokens over the course of five days including $3,570,124 worth of ether, $2,446,212 worth of Dentacoin and $1,148,144 worth of Centrality. The full breakdown can be seen below:
After moving these funds out of Cryptopia, the attackers then set about transferring them to exchanges in small pieces, hoping to cash out a total of $882,632. The breakdown of these exchange attempts can be seen below:
What makes this hack especially concerning is that unlike other high profile exchange thefts which typically arise from a vulnerability in the platform’s smart contract code which grants hackers back door access into the exchange, this hack directly attacked more than 76,000 user wallets. In other words, this means that the attackers did not find a single point of weakness in the platform’s smart contract, but rather found a way to obtain thousands of private user keys from Cryptopia.
Even more shocking, according to Elementus, is the fact that unlike typical hacks which usually come down to a race against time even for the most successful hackers, these attackers appeared calm and leisurely to methodically extract cryptocurrency funds over the course of five days while Cryptopia basically did nothing even though it became aware of the breach the day after it happened.
This pointed lack of action is very bad news fro Cryptopia and for the cryptocurrency world in general because it paints a couple of possible scenarios that do nothing to help the industry’s credibility. It can only mean one of two things – either Cryoptopia had lost access to all 76,000+ user wallets in what would be a catastrophic and unprecedented security breach leaving it unable to intervene, or the attack was carried out with inside knowledge.
Elementus says that more than $46,000 worth of Ethereum tokens held across nearly 2,000 Ethereum wallets remains at risk after being deposited on the exchange after the hack by apparently unaware users.
The New Zealand police meanwhile, has stated that investigations into the hack are “progressing well” as they seek to unravel the identity of the thieves and retrieve the stolen funds.
A statement released by the police on Tuesday reads in part:
The assistance of the crypto currency community is being sought as the investigation progresses. This is a very complex investigation, involving expert digital forensic investigators from within New Zealand and in various overseas jurisdictions, as well as overseas authorities. Members of the investigation team met with Cryptopia management and staff yesterday and today and outlined progress in the investigation.