The hackers who earlier this year breached the New Zealand-based cryptocurrency exchange Cryptopia have already managed to cash out over $3.2 million through major crypto exchanges, $2 million of which through the popular EtherDelta decentralized exchange.
According to data shared by Elementus, the hackers have also cashed out significant amounts through Huobi, Binance, and Bitbox, among other exchanges. These likely have know-your-customer (KYC) checks in place for such large amounts, meaning it may be possible to identify them.
Cryptopia update— Elementus (@elementus_io) February 4, 2019
As of this morning, the hackers have liquidated $3.2m in tokens, with the bulk of that going to Etherdelta pic.twitter.com/QVbb8mSszX
As for the funds cashed out through EtherDelta, these are likely going to be untraceable in the future, as EtherDelta is a decentralized cryptocurrency exchange that doesn’t require KYC or anti-money laundering (AML) checks. As covered, its founder has been charged for operating an unregistered security exchange.
New Zealand’s police have revealed the crypto exchange’s hack is a “complex situation,” but noted they’re taking the investigation “very seriously.” Authorities have, however, been unable to predict how long the investigation is going to take.
The Cryptopia Hack
The Cryptopia hack was the first major security breach of 2019 in the crypto space. Per the exchange the hack occurred on January 14, and although the exchange first claimed it was experiencing unscheduled maintenance, it was soon revealed it was hacked.
An investigation conducted by Elementus initially found that the hack was an unusual one. Their investigation only used Ethereum and ERC-20 tokens as evidence, and found that the attack was unusually large and comprehensive, as the team claims 76,000 wallets were penetrated in the attack, meaning thousands of private keys were obtained.
The researchers pointed out that these attacks usually see one single wallet get breached, and that “by the time the theft becomes publicly known, the funds are long gone.” In this case, however, there was a glaring “lack of urgency,” as the attack lasted weeks. A plausible explanation they found was that Cryptopia “no longer had access to their own wallets.”
Some in the cryptocurrency community have alleged it was an inside job, as to some it’s plausible Cryptopia wasn’t able to stop the attack after being aware of it as one of its employees was behind it.
While this is all speculation and the investigation is ongoing, users have been crusading to try and get back the funds they had deposited on Cryptopia.