Cryptopia exchange hacked

[MinermanNC]

Like the rest of us, i keep waiting to hear something new  yawn

[1714635237]

1714635237

[1714635237]

1714635237

[1714635237]

1714635237

[ulhaq]

Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN. 

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack!
I think Cryptopia might pass from all those 3 types eventually!

I was a locksmith for many years before i got into infosec:

The average thief will spend 5 minutes trying to break into a home.   If they fail, they move to the next house.

HOWEVER.

If they want to get in - they are going to get in.


The same holds true with crypto.

That's exactly the point. There is a difference between a company using hot wallets and cold storage, just like there is a difference between someone using a regular vs. a high-security lock/door. You're acting as if they are the same.

[RivAngE]

Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN.  

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack!
I think Cryptopia might pass from all those 3 types eventually!

I was a locksmith for many years before i got into infosec:

The average thief will spend 5 minutes trying to break into a home.   If they fail, they move to the next house.

HOWEVER.

If they want to get in - they are going to get in.


The same holds true with crypto.

That's exactly the point. There is a difference between a company using hot wallets and cold storage, just like there is a difference between someone using a regular vs. a high-security lock/door. You're acting as if they are the same.

Actually in essence they're pretty much the same thing, both a cold storage and a hot storage are a pair of public and private key. What we "usually think" of cold storages is that the company using them won't have the private key saved in a place that's accessible from the internet.

However what we think as common sense is not necessarily what Cryptopia or any other company might be doing, they might just have the private keys of the cold storage in the CEO's personal PC while he's downloading pirated software or clicks on any ads that pops in his screen for all we know.

[mr.relax]

Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked

You know what they wrote:

For the loss caused to our users, DragonEx will take the responsibility no matter what.

[pinoycash]

Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked
You know what they wrote:

For the loss caused to our users, DragonEx will take the responsibility no matter what.

This should be the role model of any exchange that been hack They announce being hack after a couple of days and providing the details of the after 1 week , While in our beloved cryptopia they hide behind the police for almost 2 months and up to know they didn't bother to issue a statement on what had been loss.

And guess what? no tweet today no changes in the number of secure coins in coininfo page after 1 week,

[RivAngE]

Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked
You know what they wrote:

For the loss caused to our users, DragonEx will take the responsibility no matter what.

This should be the role model of any exchange that been hack They announce being hack after a couple of days and providing the details of the after 1 week , While in our beloved cryptopia they hide behind the police for almost 2 months and up to know they didn't bother to issue a statement on what had been loss.

And guess what? no tweet today no changes in the number of secure coins in coininfo page after 1 week,

You better keep smashing that F5 in their page! They might suddenly open depositing and trading with withdrawing disabled... or something stupid like that.
Cryptopia keeps amazing me day after day, decision after decision!

[onecall123]

Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

[mr.relax]

If they carry on renewing their wallets with this speed,
we might wait until december.
Also they did haircut the btc but i dont believe BTC were stolen.
Why dont they open tell what was stolen?
Why dont they open tell who will do the losses or will they repay them?
Do they even know what was stolen?
Every single day we have to check if anything happened...and it did not...

[RivAngE]

If they carry on renewing their wallets with this speed,
we might wait until december.
Also they did haircut the btc but i dont believe BTC were stolen.
Why dont they open tell what was stolen?
Why dont they open tell who will do the losses or will they repay them?
Do they even know what was stolen?
Every single day we have to check if anything happened...and it did not...

From my own personal research back when the hack was first announced I had noticed movement in their BTC wallets that seemed to be the result of the hacker.
Initially I though that maybe the movement was the result of Cryptopia moving their BTC to new wallets just to be safe, but if what they said about shutting everything down (no that this would help with anything other than stopping tradings if their private keys were compromised) and leaving the office access to police, then the BTC movement was done by the hacker.

My research could have mistakes though, so double check yourself if you want. That's my initial post,

Okay I think I found the Cryptopia's BTC wallet. My deposit there is kinda old and I can't recall 100% if it's the address I deposited was Cryptopia's or another exchange's, but I traced the movement and since the wallet's movements stopped on 14th January I'm 99% sure it's Cryptopia's.

This is their wallet: 3ALZ4ALw2T4jebXXUy8GMv2rLB7JpFL1JD

After many hops between 1-use addresses, I find a big amount of funds consecrated here: 12YBZCaPe45LFbvgYWP5AVm3pvZTtHTiNY
This was a new address created on 13th January.
It seems that after gathering BTC from different Cryptopia's wallets, summing 392.31 BTC, they sent a "test" transaction of 3 BTC on 14th January and 10 minutes later they sent all the amount to the same address.

From that point on, it seems like the funds were split to multiple addresses, probably many of which are exchanges.

Your thoughts? Anything I missed maybe?

[pinoycash]

Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

This process is painstaking process and really slow. Judging from their previous performance before they even hack they usually have a wallet under a maintenance for 2weeks to 4 weeks for a mere wallet update.

[Netnox]

Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

If that is the case, then they should have disabled the trading as well, right? I had around 0.1 BTC at the time of hack, and it looks like I may lose around 15% of that amount. Anyway... some lessons are learnt the hard way. We are not supposed to store our coins in exchanges...

[RivAngE]

Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

This process is painstaking process and really slow. Judging from their previous performance before they even hack they usually have a wallet under a maintenance for 2weeks to 4 weeks for a mere wallet update.

I'm not sure if you mean that this process is "generally" slow or if it's slow in Cryptopia's case.
Unless they use a couple home PCs and a DSL internet connection, they shouldn't be taking so much time to create and sync new wallets.

If they're following a special procedure which takes a long time to complete, then they should let their customers know about it... after all they just robbed them from a respectable amount of their funds.

[xtraelv]

Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

This process is painstaking process and really slow. Judging from their previous performance before they even hack they usually have a wallet under a maintenance for 2weeks to 4 weeks for a mere wallet update.

I'm not sure if you mean that this process is "generally" slow or if it's slow in Cryptopia's case.
Unless they use a couple home PCs and a DSL internet connection, they shouldn't be taking so much time to create and sync new wallets.

If they're following a special procedure which takes a long time to complete, then they should let their customers know about it... after all they just robbed them from a respectable amount of their funds.

I can only speak in general terms because I do not work there and don't know their exact process.

An exchange wallet comprises of thousands of addresses. All those addresses have to be loaded and interfaced with the exchange software (deposit engine and withdrawal engine).

Every user has a individual deposit address (unless a reference is used like with ETN). So if a coin has 20 000 users on the exchange then 20 000 deposit addresses have to be generated for that coin and interfaced with the software API.

All the old addresses have to be checked for balances and transferred to the exchange hot wallet. That process is normally done automatically but since it is unknown what the cause of the breach is - it is possible that they are checking and transferring it manually.

Cryptopia has over 2 million registered users and around 400 ? coin listings. It gives an indication of the scale of the work involved. It will involve a small number of staff because it provides access to private keys and therefore is sensitive information and security is at stake.

[bL4nkcode]

Earlier today

30,789 #ETH (4,288,847 USD) transferred from Cryptopia Hack to Unknown wallet

Tx: https://whale-alert.io/transaction/ethereum/480ba3b8ec861b1adb78fe7cd7e4c2b543503cfd635ade023255511372d5d3e5

https://twitter.com/whale_alert/status/1111450832426491906

[Naida_BR]

Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked

You know what they wrote:

For the loss caused to our users, DragonEx will take the responsibility no matter what.

It sounds very unclear of what is this responsibility that will be taken from the exchange.
The fact is if they will compensate their clients with their own money or not. If they do so, then I would agree that they taken the fully responsibility of this breach otherwise they are just talking nonsense.

[Netnox]

Earlier today

30,789 #ETH (4,288,847 USD) transferred from Cryptopia Hack to Unknown wallet

Tx: https://whale-alert.io/transaction/ethereum/480ba3b8ec861b1adb78fe7cd7e4c2b543503cfd635ade023255511372d5d3e5

https://twitter.com/whale_alert/status/1111450832426491906

By now it looks like it was the work of professional hackers. Earlier, I was thinking that it could be an insider job, but evidence points against any such conclusion. Anyway... it seems to be that the hackers are in a rush to cashout.

[pinoycash]

Earlier today

30,789 #ETH (4,288,847 USD) transferred from Cryptopia Hack to Unknown wallet

Tx: https://whale-alert.io/transaction/ethereum/480ba3b8ec861b1adb78fe7cd7e4c2b543503cfd635ade023255511372d5d3e5

https://twitter.com/whale_alert/status/1111450832426491906

As of now there's still no clear official news from cryptopia on what coins has been hack and how much. We don't know if this really the work of the hacker or cryptopia themselves. Until they issue such statement we really have to rely in this 3rd party blockchain analyst to track stolen coins.

[carlfebz2]

Earlier today

30,789 #ETH (4,288,847 USD) transferred from Cryptopia Hack to Unknown wallet

Tx: https://whale-alert.io/transaction/ethereum/480ba3b8ec861b1adb78fe7cd7e4c2b543503cfd635ade023255511372d5d3e5

https://twitter.com/whale_alert/status/1111450832426491906

As of now there's still no clear official news from cryptopia on what coins has been hack and how much. We don't know if this really the work of the hacker or cryptopia themselves. Until they issue such statement we really have to rely in this 3rd party blockchain analyst to track stolen coins.

We cant really make any conclusions yet since there are no official updates came from Cryptopia team themselves.We can presume that these funds is being moved out once again or this was their doing same as you said.
For now we should wait for sometime.

[||bit]

%15 of their btc seems gone (it says on my btc balance) but because i don't have eth before, i can't see the lost about eth and we all know the biggest hit were there. So anyone who holds any ether on cryptopia can say the % of loss?

Oh, now i saw it:

"
BTC = 14%
LTC = 43%
ETH = 100% "


It was expected, unfortunately.

[Netnox]

%15 of their btc seems gone (it says on my btc balance) but because i don't have eth before, i can't see the lost about eth and we all know the biggest hit were there. So anyone who holds any ether on cryptopia can say the % of loss?

Oh, now i saw it:

"
BTC = 14%
LTC = 43%
ETH = 100% "


It was expected, unfortunately.

Hopefully, we don't need to bear those losses. You might have noticed "cryptopia loss marker" in the balances tab. It is denominated in NZD and represents all the coins that you had lost. Cryptopia will refund either the entire amount, or a part of it.