Date:: January 14th, 2019
Amount Stolen: $16,000,000
Note: Technically, 2 hacks in 2 weeks
In early 2019, US$17 million in Ethereum and ERC-20 tokens were stolen from the New Zealand cryptocurrency exchange Cryptopia, affecting around 960,000 Cryptopia users.
It all started with Cryptopia users having difficulty accessing their accounts, and it only went downhill from there. The company originally thought it was a technical issue, but later clarified on Twitter that it was a security breach.
The exact amount stolen in the hack is still unknown. Unfortunately for Cryptopia, they suffered from another hack 15 days after the first one. That was the end of the New Zealand-based exchange – they are now going through the liquidation process.
2020 Update: Cryptopia is still undergoing liquidation, but it has now been revealed that the exchange was failing to meet anti-money laundering (AML) requirements when creating new user accounts. For over 900,000 active user accounts, there is no customer data beyond usernames and email addresses.
Less than 1% of users had completed customer identification, a vital part of AML procedures which ensures that customers are who they say they are. Thousands of accounts which held over $3 million worth of cryptocurrency were traced back to uninhabited islands or physical addresses that didn’t exist. As it stands, many of those who lost funds in the hack aren’t eligible to be refunded by liquidators because there is not enough information on who owned what accounts. "
Went dark on Jan. 15 after it discovered a “security breach” with “significant losses.” It stayed dark through the rest of January and deep into February. The site claimed it could not comment during the police investigation of the estimated $16 million hack.
It is not clear how Cryptopia was hacked, but investigators discovered in August that Cryptopia had been pooling users’ funds in a catchall wallet. The New Zealand exchange tried to right its ship after the hack and even briefly reopened trading services in March. But the revival was not meant to be: the exchange went into liquidation in May and 10 days later
- 0xc8b759860149542a98a3eb57c14aadf59d6d89b9
- 0xaa923cd02364bb8a4c3d6f894178d2e12231655c
- 0x9007a0421145b06a0345d55a8c0f0327f62a2224
- 0xd0b0d5a8c0b40b7272115a23a2d5e36ad190f13c
- 0x6874c552d3fd1879e3007d44ef54c8f940e84760
- 0x3b46c790ff408e987928169bd1904b6d71c00305
- 0xd694e78234fe3eaf9f87c3ced8229f2e8e3ad98d - also used for BTC Markets
- 0xfe61ad22a847c4df702731c7d5e803d283ea1376 - Huobi Depo - also used for Bancor stolen funds and Klickl / IDCM (0xec4ac9f8125ddda87c75e82f96f4cda1859eb2d7) stolen funds
- 0xd294ac18b524ff59ab7fffcbd459f11128220550 - also used for Bancor Stolen funds
- 0x338fDf0D792F7708d97383EB476e9418B3C16ff1 - Fake buyer address
- 0x1e16253b81F418ee44430d94502Bc766fe8CaDba - Fake seller address
- 0x7bdf9a0fba5c7ce328fe0768eaf2a2dfb0afb35f - Fake seller address
- 0x3d40897675A7467A73610c3ABbBc8292835e67F2 - Bundling address
- 0xd4E79226F1E5A7a28Abb58F4704E53cd364e8D11
- 0x480ba3b8ec861b1adb78fe7cd7e4c2b543503cfd635ade023255511372d5d3e5
- 0x31a58df14ea3420878267e2b9cdd242d983b5298ef48c5cd9a799ed10605f393 - 50m Cennz
- 0xa8460ac3a1fcc4beb88f809576e42aefc83d5dc5d4dadbd86632659e8530e3d2 - 6m ENJIN
- 0x7b71a39db74cef6f9c09c801a4d7416b592f3cb669cf356b3ff6d6167d8e949b - 1300 ETH
- 0x53ff5fac9563945d372ed956971e01d0960cbaf184fc21d2e9d40ee5a50ebb5f - 2.5m Pillar
- 0x22266cfe188af760b13a4d13989bc314043d899c46bfeb536d7e965c541fe85f - 100k TUSD
- 0x8a7c2b34f23eee02401e7c3fa1ea2ce8d3132e7ca3811d673ca35898c9535aae
- Jan 13, 2019 1:30:35 PM
- Jan 14, 2019 4:45:02 AM
- Theft Txn:: 689e1b20fb750413cf03e8c5bfa842db2b21dc8f072134fd095df93744d62b03
- to MBUGgsf6B44nHdiPVK7LQnTPLqJNDDJWi4
- to LhWnreScs7DUY1HPTHA8uHYgJNHDws5uAR
- to LPw9U6qQZNnhmK8MMSBjv7zqAPtSJycvp3 (Huobi Deposit Address)
- Jan 18, 2019 9:45:49 AM
- Jan 19, 2019 2:22:38 PM
- Theft txn: f86334def4a9c5e0e5fd304088858184ec133abaf9813965193259083ae173c1
- to qzsxcgv3pf0ju6xkjl4kzp69s46whs76rga0ctalam
- to qz8yltmsl2temttutmzlkt7yqk3gaq9nwcfjz8sdtw (Huobi Deposit Address)
- Jan 18, 2019 6:55:16 AM
- Jan 24, 2019 3:22:12 AM
- https://coindesk.com/markets/2019/01/15/new-zealand-crypto-exchange-cryptopia-goes-offline-citing-hack/
- https://coindesk.com/markets/2019/01/16/new-zealand-police-keeping-open-mind-on-cryptopia-hack/
- https://coindesk.com/markets/2019/02/27/hacked-exchange-cryptopia-discloses-estimate-of-stolen-crypto/
- https://coindesk.com/markets/2019/03/20/cryptopia-exchange-resumes-crypto-trading-amid-banking-issues/
- https://coindesk.com/markets/2019/05/15/hacked-cryptocurrency-exchange-cryptopia-goes-into-liquidation/
- https://coindesk.com/markets/2019/05/27/hacked-crypto-exchange-cryptopia-files-for-us-bankruptcy-protection/
- https://coindesk.com/markets/2019/08/21/cryptopia-exchange-kept-users-cryptos-in-pooled-wallet-liquidator/
- https://grantthornton.co.nz/cryptopia-limited/https://twitter.com/cryptopia_n-
- https://peckshield.medium.com/follow-the-money-tracking-the-asset-movements-of-cryptopia-hack-1485ff202985
- https://quadrigainitiative.com/casestudy/cryptopiaexchangeerc20hack.php
- https://twitter.com/Cryptopia_NZ/status/1085084168852291586
- https://web3rekt.com/hacksandscams/cryptopia-690
- Annex 95: Suspected DPRK cyberattacks on cryptocurrency-related companies (2017-2023) investigated by the Panel