Liquidators administering the demise of Cryptopia, the New Zealand-based digital asset exchange, said they were making "good progress", but reconciliation of customer funds would still take some time.
The main problem for the Grant Thornton team wrapping up the defunct exchange's business was in determining the value of customer holdings. There were two main reasons for the time and complexity of the process, the administrator said in statement.
First, customers did not have individual wallets. Instead, Cryptopia held details of customer holdings in pooled coin wallets, making it near impossible to determine individual ownership using just the keys in the wallets. Second, no detailed reconciliation process between customer databases and the cryptoassets held in the wallets was ever completed.
The liquidators claim to have mode the funds to a "safe non-hacked enviroment" as a precaution, as the source of the security breach Cryptopia suffered hasn't yet been determined.
Cryptopia was founded in 2014 by Rob Dawson and Adam Clark, but on January 15 this year the exchange announced it had "suffered a security breach resulting in significant losses".
Indeed, hackers were able to access Cryptopia's wallets for three days, making away with ether and ERC20 tokens worth a total of around $16 million, according to data from New York blockchain company Elementus.
Elementus also determined that the hackers must have gained access to potentially thousands of private keys, given the large number of wallets hacked, leading some to suggest the attack was an inside job.
Grant Thornton said it was still determining whether it would be able to recover any of the cryptoassets that were stolen in the hacking attack. "This is a complex situation with cooperation needed from third parties," the administrator said. It added:
This process is well underway but will still take some time to complete. We are working to reconcile the accounts of over 900,000 customers, many holding multiple crypto-assets, millions of transactions and over 400 different crypto-assets. These must be reconciled one-by-one.
Furthermore, Grant Thornton said it would also require direction from the New Zealand courts before it could return cryptoassets to customers.
We have certain legal requirements and obligations both in New Zealand and internationally that liquidators must meet, such as Anti Money Laundering/Know Your Client requirements when considering any repayment or return of assets.
The liquidator said it would correspond with customers as to how the process would be completed and that it would continue to update them as further information comes to hand.