Cryptopia hack leads to ‘significant losses’

[Unblock_news]

Who invested in Cryptopia? Read this news.
https://www.unblock.news/news/cryptopia-hack-leads-to-significant-losses-1

[kakonhat]

Who invested in Cryptopia? Read this news.
https://www.unblock.news/news/cryptopia-hack-leads-to-significant-losses-1

I have a little investment in cryptopia and this is really bad news for all user who has an account in cryptopia with a big investment. We don't know what will happen after reopening the market.

[VINSIN]

Binance blocked last night funds coming from cryptopia hack.

check @cz_binance twitter

[XmasJohn08]

LoL I lose all my DCN and LYNX -2180$

[elda34b]

Who invested in Cryptopia?

What does "invested in cryptopia" means actually? I don't recall they do any ICO or something similar.

Anyway, this hack has been investigated by police and it seems still ongoing.[1] The amount of losses is claimed to be around $3.6, compared to previous hack, it is way smaller (but of course it's still money). Hopefully it can be resolved quickly though I doubt the hacker (whoever it is) will get caught.

[1] https://blockonomi.com/police-investigation-cryptopia-hack/

[elda34b]

Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/

[xenomorphe1]

Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/

Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...

[milewilda]

Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/

Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...

Not really be necessary to be written up on paper but rather having the database which contains all the confidential informations specially talking about wallets.
Im not saying that im not believing on them because once you do have an exchange business as an owner you wont really skip out this very critical thing.
If theres a hack then expect theres a loss as simple as that.

[joniboini]

And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...

I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.

[1Referee]

I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.

It may sound like exchanges won't be doing it, because it doesn't look professional at all, but I'm pretty certain that most competent exchanges engrave the private keys of their main cold wallets, the ones people usually assume have been lost because there hasn't been any activity for years, but are still controlled by an exchange.

Coinbase is a perfect and recent example. Out of nothing coins that haven't moved for like 3 or so years have started moving, and everyone assumed it was a whale, but were simply the deep cold wallets of Coinbase.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.

Obviously, hacks always concern hot wallets. Cold wallets can't be gained access to through the internet, and if it is possible anway, then it simply isn't a cold wallet, but a hot wallet.

[bL4nkcode]

Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.

They have backup or not it's useless if the funds are directly stolen which was actually happened on cryptopia.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.

Well, if cryptopia only has hot wallets or their funds stored in hot wallets are much higher than in their cold wallet then it's the same synopsis.

The most stupid scenario if cryptopia or any exchange only store their funds to a hot wallet coz when there's a breach of security it's obvious that most of their funds will be lost.

[einax]

I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.

It may sound like exchanges won't be doing it, because it doesn't look professional at all, but I'm pretty certain that most competent exchanges engrave the private keys of their main cold wallets, the ones people usually assume have been lost because there hasn't been any activity for years, but are still controlled by an exchange.

Coinbase is a perfect and recent example. Out of nothing coins that haven't moved for like 3 or so years have started moving, and everyone assumed it was a whale, but were simply the deep cold wallets of Coinbase.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.

Obviously, hacks always concern hot wallets. Cold wallets can't be gained access to through the internet, and if it is possible anyway, then it simply isn't a cold wallet, but a hot wallet.

The architecture of the hot wallet plays an important role in the security of an exchange. Basically, hot wallet should only speak to the backend that serves users and does security checks and vetting on all requests and actions. For us, it is unthinkable for hot wallets to be connected to the internet. The connected machine only propagates raw transactions and knows nothing about how they are being signed.

[einax]

Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.

They have backup or not it's useless if the funds are directly stolen which was actually happened on cryptopia.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.

Well, if cryptopia only has hot wallets or their funds stored in hot wallets are much higher than in their cold wallet then it's the same synopsis.

The most stupid scenario if cryptopia or any exchange only store their funds to a hot wallet coz when there's a breach of security it's obvious that most of their funds will be lost.

Cryptopia is an altcoin exchange. And storing/consolidating funds is a major problem for exchange that works with many different tokens. Consider this:
You have thousands and thousands of deposit addresses with tiny token deposits made to each. Among all of them there is a significant sum, but it's prohibitively expensive to consolidate those in cold wallet (for ETH tokens you need to first fund deposit address with your own ETH, paying fee and then pay another fee to move tokens to cold store and then pay again to get it back to hot wallet and again to perform withdrawal. Also, you have to account all transaction fees, nonces and track and confirm every transaction). Judging by how long it took for us to design a system to perform cost-effective funds consolidation to keep enough funds to cover the immediate withdrawal and yet store most value offline, I'd say most of the smaller exchanges that were built on the budget won't go nearly as far to protect their hot wallet and simply keep everything except most valuable online to avoid complications. Cryptopia was not small by any means, but I assume they have not upgraded what they had for years, and rushed their ETH token integration without thinking it through and iterating it to perfection. Otherwise, it was probably an insight job - an exchange's worst nightmare.

[adzino]

Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...

That would be quite irresponsible of them if they do not have backup of those wallets. A pen and paper wouldn't be the best option to safe your sensitive data. You might lose them in accidents too. Forget about the accidents, the amount of work would actually be tedious. There are better ways to store them digitally.
Sad to hear exchanges getting hacked and they have nothing to do since they didn't take any precautionary measures.

[XmasJohn08]

There is a telegram grup were they say they will open Monday (Tomorrow) 

[icalical]

Who invested in Cryptopia? Read this news.
https://www.unblock.news/news/cryptopia-hack-leads-to-significant-losses-1

The last time I used Cryptopia, about one year ago, I experience deposit issue. I immediately complain about it and their support responses were very quick, however, their technical team were really slow to fix my issue. Know I know why; I think they don't have a good technical team. They got hacked and then, shut down their service without any compensation to their customers. And then after they finally open their service again, they got hacked once again.

[Bostraticus]

If you keep funds in your account you always risk. Even the Binance that I use can be attacked once, so I don’t keep a lot of money there. Alternatively, you can use exchanges without registration, for example, ChangeNOW, which seems to me quite good, using it for several months.

[XmasJohn08]

This is a EXIT'SCAM    There was no hack