Cryptopia Hack ‘So Unusual’ Versus Typical Attacks: Elementus Blockchain Analysis

The recent hack and theft of digital assets from the New Zealand-based Cryptopia exchange was unusually widespread and lasted much longer than typical hacks, Max Galka of and his team have determined after conducting an analysis.

Galka is a data scientist, adjunct lecturer at the University of Pennsylvania, and CEO and founder of Elementus, a blockchain analytics outfit.

The investigative research only used Ethereum and ERC-20 tokens as evidence, with the researchers leaving out Bitcoin’s and other blockchains involved in the attack. Elementus also posted the raw data that they used for their research.

The vast majority of stolen ether and ERC-20 tokens - $15 million worth at recent prices - remain unsold in the thieves’ wallets. In total about $16 million worth of ether and ERC-20 tokens were stolen.

Features of the Hack

The upshot of their research is that Cryptopia’s hack was an unusual one, and Elementus outline two features of the attack to support this claim.

First, the scope of the attack was unusually large and comprehensive. Elementus claim that 76,000 wallets were penetrated in the attack, meaning thousands of private keys had to be swiped from somewhere - perhaps a central location of private keys.

Elementus point out that exchange attacks “typically involve the breach of a single wallet, and by the time the theft becomes publicly known, the funds are long gone.”

Second, Elementus describe a glaring “lack of urgency” in how the attack was conducted. They highlight that the attack lasted for more than four days, during which Cryptopia - we assume helplessly - simply watched the ether and ERC-20 tokens be withdrawn.

Elementus emphasize that “there should have been no technical complications preventing Cryptopia from securing the funds.” These features of the attack lead them to generally conclude that “The only plausible explanation for Cryptopia's inaction is that they no longer had access to their own wallets.”

Insider Allegations

Some in the cryptoasset industry and community have speculated that the theft was actually an exit scam. Elementus did not at all entertain this possibility, and they don’t seem to be of the opinion that this was the case - but their analysis of the incident does not necessarily preclude it.

For example, the obvious rejoinder to Elementus’ conclusion - that “The only plausible explanation for Cryptopia's inaction is that they no longer had access to their own wallets” - is that Cryptopia themselves conducted the attack with possession of their own wallets.

But there is absolutely no public evidence, at this time, to support the "inside job" theory.

The New Zealand police, who are investigating the matter, issued a press release yesterday updating the public on their progress. Not much new information was forthcoming, however, with the department writing:

Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation. The investigation is expected to take some time to complete, and the digital forensic team will be on-site at Cryptopia’s premises for some days to come.

New Zealand PD

The New Zealand PD reiterated that the situation remained “very complex,” and implored “Anyone with information which could assist the investigation” to get in touch here.

JPMorgan Chase Accused of Fixing Metal Prices Despite Talk of Bitcoin Market Manipulation

  • Wall Street giant JPMorgan Chase's metals desk has been accused of 'thousands' of trades related to price-fixing.
  • US prosecutors have invoked RICO laws against the bank which are reserved for organized crime rings. 

While the U.S. Securities & Exchange Commission (SEC) and other regulatory bodies have been critical of bitcoin over market manipulation, new reports reveal that JPMorgan Chase is facing allegations of fixing prices for precious metals. 

JPMorgan Chase Price-Fixing

According to a report by Bloomberg on Sept. 16, U.S. prosecutors have invoked the racketeering law (RICO) against JPMorgan Chase’s metals desk, which is being described as a criminal enterprise. For nearly a decade, employees of the trading desk have allegedly engaged in thousands of illegal moves to price-fix precious metals and defraud market investors. 

Assistant Attorney General Brian Benczkowski told journalists, 

Based on the fact that it was conduct that was widespread on the desk, it was engaged in in thousands of episodes over an eight-year period -- that it is precisely the kind of conduct that the RICO statute is meant to punish.

RICO is typically reserved for only the most severe, organized crime rings, with former prosecutors calling it a bold move by the Justice Department against the bank. Prosecutors claim that more than a dozen employees participated in the scheme, with two having already pleaded guilty and cooperating with authorities. 

Crypto supporters have been quick to point out the irony in JPMorgan’s situation. Jamie Dimon, CEO of the Wall Street bank, has been one of the most vocal detractors of bitcoin over the years, famously calling the crypto-asset a “fraud” in Sept. 2017.


Featured Image Credit: Photo via