Cryptopia Hack Continues – Who Has Control?

On Tuesday, January 29th, the unofficial report was published on Elementus’ blog which states that 15 days after the initial hackers’ attack on the Cryptopia exchange, another 17,000 wallets were deprived of another 1,675 ETH as the attack continues.

Elementus, the company building the future of data interoperability on the blockchain, claims that their most recent research revealed that approximately $180,000 worth of Ether was transferred from Cryptopia’s wallets to the private address linked with the original attacker again.

The first breach was estimated to be worth approximately $16 million.

Cryptopia doesn’t control their wallets

It is highly unusual that the attack on the exchange can last for such a long time after it was initially spotted. Therefore, the situation is more than worrying for investors who held their funds in Cryptopia’s wallets.

Since hackers were able to drain ETH from the exchange for the second time, it is obvious that Cryptopia and authorities weren’t able to regain control over the trading platform and prevent further attacks from happening.

Elementus back their claims by providing the evidence in the form of two addresses used to withdraw funds from Cryptopia.

Address 0x3b46c790ff408e987928169bd1904b6d71c00305 was initially used on January 28th, while the majority of funds was moved on January 29th to the following address:

0xaa923cd02364bb8a4c3d6f894178d2e12231655c

Elementus states that it is evident that the same hacker did the second theft as the second address was used during the first series of breaches.

Users still depositing funds

Elementus also claims that ETH wallets attacked this week were also deprived of their funds during the initial breach.

So, how are users still able to deposit funds, and why are they doing that?

Although this seems a little dubious to say the least, the answer to this mystery is a simple one. Despite the warning on the Cryptopia website which states that miners should not place the automatic deposits to addresses on the exchange, some of them obviously disregarded this cautionary advice.

It seems that some of those miners failed to redirect their mining rewards to another ETH address after the initial hack, so their mining software continued to send ETH to Cryptopia, allowing hackers to continue the attack.

Cryptopia thinks that funds are safe?

Meanwhile, on their official Twitter, Cryptopia released the following statement:

“The police are continuing to investigate this crime, and as a result, we have had no direct access to our systems since the breach.

Keeping the exchange locked down during this process is important to protect funds and wallets. Once we have access and can provide an accurate assessment of the damage.”

This release means that:

1. Cryptopia failed to secure the platform after the initial breach by taking it offline.

Or:

     2. The authorities failed to do so since January 15th.

Either way, most cybersecurity experts stated their opinion that the first step in such occurrence is to secure the platform from further attacks, and then continue with the investigation.

If the Elementus’ report is based on facts, the authorities, who claim that “good progress is being made” on the investigation, failed to do the basics, or they allowed the attacker to strike the second time on purpose.

Stay tuned as The Blockchain Land is going to keep you updated of all new developments regarding the topic.