New research by blockchain analysis startup Elements has revealed that in the immediate aftermath of the Cryptopia exchange hack, the cybercriminals involved in the theft continued transferring funds from the compromised wallets for days, even after police in New Zealand publicly launched an investigation.
According to its analysis, the total amount of cryptocurrency stolen in the hack was also more likely to be in the region of $23 million, which is significantly higher than the $16 million previously mooted by Elementus and the $5 million initially reported when the story broke.
Unprecedented Security Breach
As reported in a statement released earlier by the police, investigations into the hack began on January 15, one day after the security breach was detected. What the new data compiled by Elementus shows is that the funds were still being moved out of the over 70,000 compromised wallets up until January 17, which means that the theft and its investigation took place concurrently for three days.
Speaking to Radio New Zealand about the issue, cryptocurrency consultant Josiah Spackman said:
“It’s entirely possible that the New Zealand police were investigating things at the time that the attacker moved in and basically continued taking additional funds. To be honest if they’re in there and there’s nobody stopping them extracting further funds then it’s entirely possible that there could be further crypto currency losses if they haven’t identified the source of the vulnerability.”
What makes the Cryptopia hack unique among the several similar hacks that have ever been recorded is that unlike other breaches that typically devolve into a race between hackers who manage to compromise the exchange’s smart contract and exchange security personnel, these hackers did not appear in the slightest bit hurried.
Significantly, instead of a platform smart contract hack as a means of compromising funds, the hackers apparently targeted more than 70,000 user wallets on the platform, managing to gain private keys to these addresses, which were then used to transfer money out seemingly at the attackers’ leisure.
The scenario this paints is that the exchange either suffered such a catastrophic security breach that it was not able to do anything about tens of thousands of suspicious user wallet transactions or the hack was carried out with help from an insider. Needless to say, neither of these scenarios is great news for Cryptopia, which was already facing questions from disgruntled users alleging that they could not withdraw funds or use their platform wallets.