Two weeks after it first reported a hack, New Zealand-based cryptocurrency exchange Cryptopia is still compromised by cyber criminals, according to a blog post from blockchain infrastructure firm Elementus on Jan. 29.
The exchange suspended services after detecting a major hack that reportedly “resulted in significant losses” on Jan. 15. Cryptopia stated that the hack occurred the previous day on Jan. 14. The platform initially stated that it was undergoing unscheduled maintenance, issuing several brief updates before disclosing the breach.
On Jan. 20, Elementus reported that as much as $16 million worth of Ethereum (ETH) and ERC20 tokens were stolen. Per the blog, data on the Ethereum public blockchain indicates that funds began to be siphoned from Cryptopia’s two core wallets — one holding ETH, the other tokens — on the morning of Jan. 13.
In today’s post, Elementus says that the attack is continuing and that hackers have stolen 1,675 ETH ($175,875) from 17,000 Cryptopia wallets, accumulating at this address. It further states that among the 17,000 affected wallets are 5,000 which were emptied when the platform was first breached, but have since been refilled.
Elementus says that it was apparent that the same hacker or hackers are responsible for the continued security breach, as the funds have been transferred to the address used in the initial hack. Both aforementioned addresses on Etherscan have been flagged for their involvement in the hack and the site has warned that the public should proceed with caution when interacting with the addresses.
The blog concludes that Cryptopia does not have control over its Ethereum wallets, while the hacker still does. Some in the crypto community have noted that this is not a second attack on Cybertopia’s wallets, but a continuation of the hack. One individual on Twitter said:
“The nature of the compromise is, the attacker stole their ETH privkey and deleted [Cryptopia’s] copy. Same hack, just new histrionic-newsable point to steal your attention if you never learned the basics of how private keys work.”
Yesterday, a report from blockchain analytics firm Chainalysis stated that two hacker groups have reportedly stolen $1 billion in cryptocurrency. According to a report shared with the Wall Street Journal, two entities have received the majority of money lost in cryptocurrency scams.