New Zealand's top cryptocurrency trading exchange saw a splendid climb to the top over the course of several years. Unfortunately, the latest hack on the exchange has left many questions unanswered and many more users confused. The recent hack saw roughly $16 million worth of crypto stolen from the exchange from under their noses. We document the timeline of activities below.
14 Jan - Cryptopia enters maintenance mode
Monday January 14, Cryptopia appears to go offline with an announcement citing: "We are currently experiencing an unscheduled maintenance, we are working to resume services as soon as possible. We will keep you updated."
We are currently experiencing an unscheduled maintenance, we are working to resume services as soon as possible. We will keep you updated.— Cryptopia Exchange (@Cryptopia_NZ) January 14, 2019
15 Jan - Maintenance downtime reaches 18 hours
The unusual downtime has many users concerned, the maintenance downtime has had no updates.
15 Jan - Cryptopia releases notice of hack citing “significant losses”
Later that day, Cryptopia announced that a hack on the exchange had taken place, leading to "significant losses" and that the exchange would remain in maintenance mode to "assess damages" A police investigation into the hack is opened and employees are questioned at the Cryptopia headquarters.
We are unable to update anyone at the moment as it's now a police matter. Please keep an eye on our social channels for updates on this.— Cryptopia Exchange (@Cryptopia_NZ) January 15, 2019
15 Jan - Crypto exchange CEO's comment on hack
Binance CEO CZ commented on the Cryptopia hack, stating users should rather store their tokens on trustworthy exchanges. The ill-timed tweet did not sit well with the community. Kraken CEO Jesse Powell commented on CZ's tweet, telling users to remove their tokens from exchanges, including Kraken. In the meantime, the crypto community expressed their concerns about the lack of information coming from Cryptopia. The first accusations of an 'exit scam' pop up on Twitter and Reddit.
Read more: CZ responds to Cryptopia hack with suggestions for keeping your coins safe
Store coins yourself. You fight hackers yourself, and guard from losing wallet yourself. Computer breaks, USBs gets lost.— CZ Binance (@cz_binance) January 15, 2019
Store on an exchange. Only use the most reputable, proven secure, exchanges.
Or move to DEX, disrupt ourselves. https://t.co/Ci4ux9I3VD
PLEASE do not store more coins on an exchange (including @krakenfx) than you need to actively trade. Use @LedgerHQ or @Trezor. DEXes are not a panacea -- look at The DAO. Open source just means exploits will be discovered sooner (probably not by good guys). 🙏 https://t.co/LmzhtCjpM0— Jesse Powell (@jespow) January 16, 2019
16 Jan - Binance begin freezing stolen funds sent to their exchange
Following a tweet from a sleuthing Twitter user regarding the movement of funds to Binance, CZ announced that Binance will be doing what they can to block all stolen funds being sent to Binance.
Read more: Binance freezes stolen Cryptopia funds after Twitter warning
Just checked, we were able to freeze some of the funds. I don't understand why the hackers keep sending to Binance. Social media will be pretty fast to report it, and we will freeze it. It's a high risk maneuver for them. https://t.co/i0PeahLzic— CZ Binance (@cz_binance) January 16, 2019
17 Jan - KuCoin announces it will freeze hacked funds
KuCoin CEO Michael Gan also tweets that "KuCoin will freeze any funds from Cryptopia"
For anyone who cares about the Cryptopia hack, KuCoin will freeze any funds from Cryptopia. Please rest assured.— Michael Gan (@gan_chun) January 17, 2019
21 Jan - Elementus announce summary of the hack, citing Cryptopia lost access to their wallets, potential for more funds to be stolen
Elementus releases its report on the state of the Cryptopia hack, stating that the hack totalled $16m with $800k already sold. Elementus also conclude that "One possible explanation is that Cryptopia had their private keys stored in a single server with no redundancy. If the thieves managed to gain access to this server, they could have downloaded the private keys before wiping them from the server, leaving Cryptopia unable to access their own wallets."
Read more: New analysis on Cryptopia hack reveals dire facts, not only the total amount
Cryptopia Hack:— Elementus (@elementus_io) January 21, 2019
- How did it happen?
- How much was stolen?
- Where are the funds now?
Our investigation offers definitive answers to all of the above:https://t.co/A85Hr6nKsZ#CryptopiaHack #cryptopia #blockchainrevolution
22 Jan - NZ police announce “Good progress is being made”
The police investigation is now over one week old, and a new update from the New Zealand Police announces "Good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer."
Read more: New Zealand police making progress in Cryptopia hack investigation
25 Jan - NZ police announce that Cryptopia may resume business in February 2019
In a letter sent to users, NZ Police state that the case is, and will remain a protracted and complex investigation. The announcement also states that Cryptopia may resume business in February 2019.
Read more: New Zealand police state Cryptopia may reopen in early February
28 Jan - Hack continues with $180,000 in crypto stolen
The hackers continue to drain Cryptopia wallets, with a further $180,000 drained from users wallets, adding more credibility that Cryptopia may have lost access to their private keys for all their wallets.
Read more: Cryptopia compromised by another attack, $180,000 worth of ETH stolen
5 Feb - "NZ Police has no clue what's going one"
On February 5, security expert Alex Sims stated that the New Zealand police is struggling to deal with the Cryptopia hack. According to Sims, the local police may not be well equipped to handle such a hack. "No one seems to have a clue what's going on. But this hasn't come out of the blue. There has been a lot of dialogue in recent years about the security of cryptocurrency and where to store the digital wallets."
7 Feb - Investigation "is progressing well"
A recent statement released by the New Zealand police has confirmed that the investigation "is progressing well and advancing on several fronts". While it's not yet clear if or when Cryptopia will be able to reopen, the police have stated that they expect their investigation to conclude at the Cryptopia headquarters on February 15. Additionally, police are "actively tracking" the stolen funds on the blockchain, so with a bit of luck the identity of the thief may soon be known.
13 Feb - New Zealand police announce Cryptopia can "open again whenever they like."
The NZ Police begin to conclude their investigation with detective inspector Greg Murton stating "We have finished the main part of the work required by the High Tech Crime Group at Cryptopia's business premises, although HTCG staff remain there finishing up aspects of their work". However no news or signs of Cryptopia opening up for business appear to be in the pipelines. The exchange still remains silent regarding communication.
This timeline will be updated when new events occur.