New analysis on the recent hack that befell Cryptopia reveals several dire facts, not only the total stolen funds amount that's higher than what initially predicted.
Just a little over a week after the hack to the New Zealand-based exchange, Cryptopia was made public, a blockchain infrastructure company, Elementus released their analysis on the incident on their blog.
Entitled “Some overdue transparency into the Cryptopia exchange hack”, the company is making use of their query engine to source the all the data.
The chronology of the incident is claimed to be as follow (all times are in GMT-5):
- Sunday 13-Jan, 8:28am: Funds begin moving out of Cryptopia's two core hot wallets, one holding ether and the other holding tokens.
- Sunday 13-Jan, 11:58pm: With the core wallets empty, residual quantities of funds begin leaving Cryptopia's 76k+ secondary wallets, a process that would continue for several days.
- Monday 14-Jan, 6:00am: Cryptopia suspends trading, announcing they are undergoing unscheduled maintenance.
- Tuesday 15-Jan, 3:00am: Cryptopia discloses the security breach and New Zealand law enforcement steps in.
- Thursday 17-Jan, 5:58am: The last of Cryptopia's funds are drained.
With current market prices, the total amount of funds stolen is about $16 million, only from Ether and other ERC20 tokens.
It can possibly be higher than the aforementioned amount as the team hasn’t examined the Bitcoin blockchain as well as other blockchains yet by the time they published the blog post.
Moreover, out of the $16 million stolen, Elementus said $3,570,124 are in Ethereum, followed by $2,446,212 in Dentacoin and $1,948,223 in Oyster Pearl.
As for the current location of the stolen funds, the hackers are said to have been “shuffling the funds around in small pieces” and moving them into exchanges gradually to cash them out.
As of reporting time, the total amount that has successfully cashed out is $882,632, as shown by the below table in more details.
In addition, around $15 million of the stolen funds are stored in these two wallets controlled by the hackers:
Aside from the huge numbers, there are other facts that make the incident more painful, as follow:
The thieves are said to have gained access to thousands of private keys as the hack involved more than 76 thousand of different wallets, none of which were smart contracts.
Elementus also said that the hack continued for days, even after Cryptopia discovered the breach, which they think it was due to Cryptopia no longer had access to their own wallets that enabled the thieves to extract the assets “slowly” over the course of nearly 5 days.
The only explanation made sense for Cryptopia’s loss of access to all the wallets is that they had the private keys stored in a single server with no redundancy, which made anyone who gained access to the server capable of deleting them all and leaving Cryptopia clueless and access-less.
Lastly, the Elementus team warned that there are 1,948 other Ethereum wallets holding about $46,000 that are at risk as they were deposited after the initial hack occurred.
Stay with Chepicap for more updates on the Cryptopia hack.