In January 2019, Cryptopia, a major cryptocurrency exchange based in New Zealand, faced a cyber-security breach. The exchange was hosting about 800 tokens at the time and it was quite unfortunate to see that they went silent after the incident and took down the site for maintenance on 15th January.
Assessing the Damages Incurred
The exchange suffered a loss of tokens equivalent to about $16 million dollars, reported initially. A major blow to the ERC20 community. When the authorities were notified and the investigation was still underway, the hackers still had control over the exchange and stole another 1,675 ETH amounting to $181,000. The second attack came after the authorities gave statements about “good progress being made with the investigation”.
New Zealand Police’s Detective, inspector Greg Murton, said that the investigation would take some time as the cyber environment is complex. He stated that the focus of the investigation was on identifying those behind the attack and the retrieval of the stolen digital assets.
Elementus reported that Cryptopia’s private keys were stolen along with its customer’s details in the second security breach. After almost a month of “unscheduled maintenance”, Cryptopia broke the silence and tweeted that “9.4% of our total holdings was stolen” and that they are “continuing to work on assessing the impact incurred as a result of the hack in January.”
The two consecutive attacks on the exchange led to extensive bickering by the customers who could not access their accounts nor had any safety assurance of their digital assets. Some users came forward, demanding an explanation about the inaccessibility of the funds. An investor said that he had a substantial amount of money “securely stored” on the exchange and he thought that since it’s a New Zealand-based exchange, it would be pretty safe.” Sadly, this wasn’t the case. Another user tweeted that the company is famous for delisting coins because of security concerns. He said that they should spend more time on their own security rather than arbitrarily removing coins.
In response to the negative narrative being developed, the exchange claimed that they were working with multiple government agencies and that the police had given them access back to their building. In a series of updates that followed, Cryptopia stated that they were securing each cryptocurrency wallet and would resume trading. The exact date and time were not revealed. They also warned users to “refrain from depositing funds into old Cryptopia addresses.”
Past and Present
Hacking exchanges has become a norm after cryptocurrencies saw a boom during 2017. Another exchange was hacked multiple times during that year and had to replace its private keys to resume trading. Cryptopia will have to take a similar approach at its earliest if it wishes to gain back its investors’ trust. Even today, the site remains inaccessible. The company has tarnished its reputation as an exchange while others, such as Coinbase, continue to add support for more cryptocurrencies.