Altcoins Talks - Cryptocurrency Forum
Learning & News => News related to Crypto => Topic started by: PRIBO247 on January 23, 2019, 02:00:59 PM
-
Details have so far been murky regarding millions of
dollars worth of tokens stolen from New Zealand-based
cryptocurrency exchange Cryptopia on Jan. 14. But data
company Elementus has been investigating and now
says the hack was different from previous attacks of this
nature – and the amount stolen is much higher than
originally thought.
Details Becoming Clearer in ‘Weird’ Hack
Last week Cryptopia became the latest exchange to be
hit by an attack. The Christchurch-based platform had
initially announced that it had taken down its services for
“unscheduled maintenance” before revealing it had
“suffered a security breach which resulted in significant
losses.” Since then, details have been unclear and the
amount lost has not been made public. Police in New
Zealand announced that they were working with the
exchange to figure out precisely what happened.
But data firm Elementus has since started to provide
information , including figures revealing how much was
taken, which it claims to be around $16 million in
ethereum (ETH) an ERC20 tokens. The company told
news.Bitcoin.com that this hack was particularly unusual
as the theft was conducted in a number of small
operations using a number of wallets.
“Many different wallets were involved, which is weird.
With other hacks we have seen in the past, they just took
the money and tried to launder it in one shot. But this
guy has been very careful and has done many transfers
in small amounts,” Nuria Gutierrez, the co-founder
of Elementus said. “I guess it’s smart – and cheap.”
Gutierrez added that stealing tokens in small amounts
and with many wallets it a better way to avoid detection
and being traced.
Elementus revealed data showing that of the of the $16m
that was stolen, the vast majority remains in two wallets
controlled by the thieves. The hackers have been
shuffling the funds around in small pieces and gradually
moving them into exchanges to cash out. Over 76,000
different wallets, none of which were smart contract-
based, were used, meaning the thieves must have gained
access to not one private key, but thousands of them,
according to Elementus. And instead of withdrawing the
funds as fast as possible, they took their time extracting
the assets over the course of nearly five days after
Cryptopia realized they were being stolen from.
A Slower Than Usual Hack
“The lack of urgency on the part of the thieves is
striking,” Elementus said. Normally hacks are done fairly
quickly, with hackers discovering a vulnerability in a
wallet’s smart contract code, which allows them to
empty its funds, or when someone is able to get a hold of
a wallet’s private key and simply withdraws the funds
into their own blockchain wallet.
It is possible that future hackers may try and copy the
Cryptopia technique in order to avoid detection.
Elementus said that the exchanges should be freezing
these funds as soon as they arrive, adding that there are
“no excuses. On the blockchain there is nowhere to hide,
and no reason 100 percent of these transfers should not
have been frozen immediately.”
Police in New Zealand have since said the investigation
into the Cryptopia hack is “very complex” and that
“positive lines of inquiry are being developed to identify
the source of the transfer,” but it will take some time to
complete, according to local media .
https://news.bitcoin.com/