Cryptopia, the New Zealand cryptocurrency exchange platform that was hacked on January 14th, has undergone yet another huge loss from the same hackers. It has been 15 days since the last attack and its continuity highlights that thousands of Cryptopia wallets may still be at risk. During the first attack, $16 million worth of crypto was stolen from the exchange.
According to Elementus, the blockchain analysis firm that has kept a close eye on the Cryptopia hack, the same hackers has siphoned an additional 1,674 Ethereum (ETH) from another 17,000 Crytopia wallets. The total Ethereum siphoned amounts to $180,000. Out of the 17 thousand wallets, 5,240 had been cleared out by the first hack this means that the users continued depositing new funds even after being hacked.
It is unclear whether the owners of these wallets were unaware of the Cryptopia attack or they just assumed that the security failure had already been resolved. The fact that the funds are automatically deposited as payments from mining pools is another explanation for the deposited funds.
Has Crytopia Lost Control of The Private Keys To Their Ethereum (ETH) Wallets?
Seemingly, yes. According to Elementus, the crypto exchange had lost control of their private keys to the hackers. This suspicion proves to be true since the $180,000 stolen funds were moved to a similar Ethereum address to the other stolen funds. According to Elementus,
“The hacker has the private keys and can withdraw funds from any Cryptopia wallet at will.’’
Cryptopia users, especially mining pools that opted to receive their rewards automatically via ‘direct deposit’ and have forgotten about it, are advised to check whether they are sending payouts to one of Cryptopia’s wallets.
There’s seemingly nothing that can be done to stop these hackers from siphoning funds out of Cryptopia users wallets. Those who continue to use this wallet will continue losing their funds.
Cryptopia is a combine crypto currency exchange, trading platform and marketplace. The platform was founded by Adam Clark and Rob Dawson and designed to facilitate the buying, selling and trading of almost anything using crypto. These two attacks are a great drawback to the platform whose main aim was to offer an outstanding user experience.