In mid-January New Zealand exchange Cryptopia suffered a security breach resulting in significant losses. Elementus went to the Ethereum blockchain to figure out what happened.
Elementus is a protocol and platform that enables combining, analyzing, and programming on data from all non-private blockchains.
Based on Elementus calculations, which has some caveats, the total value of the stolen crypto (ether and various tokens), at current market prices, comes out to about $16 million.
Hackers have been shuffling the funds around in small pieces and gradually moving them into exchanges to cash out. The graphic and table below show how much has been sent to each exchange.
After Cryptopia discovered the hack, they watched the funds continue to flow out of their wallets for four more days, seemingly powerless to stop it. As these wallets were not smart contracts, there should have been no technical complications preventing Cryptopia from securing the funds.
Elementus concluded that the only plausible explanation for Cryptopia’s inaction is that they no longer had access to their own wallets, and the exchange not only lost their funds, they also lost access to all, or nearly all, of their 76k+ Ethereum wallets.
Of the $16mn that was stolen, the vast majority (~$15mn) remains in two wallets controlled by the thieves, which have addresses posted by Elementus.
The company concludes that some 2,000 Ethereum wallets and $46,000 in ether remain at risk. Most of these funds were deposited by Cryptopia users after the initial hack took place, apparently unaware of the security breach.
Elementus also said that exchanges should be freezing these funds as soon as they arrive.
“No excuses. On the blockchain there is nowhere to hide, and no reason 100% of these transfers should not have been frozen immediately. Any exchanges who care about compliance and want to block these illicit funds are encouraged to get in touch. We will set up a real-time alert to notify you the moment any of these stolen funds hit your accounts, free of charge.”