(https://steemitimages.com/DQmTmmvdstjAMrPVRubaNMzMvKfT4kfUDtFKUcuwiFZtBqd/ethcryptopia-ether.png)
So far, grim details have concerned millions of dollars worth of tokens stolen from the new Zealand cryptocurrency exchange Cryptopia on January 14. But the Elementus information company investigated the incident and now says that this hack was different from previous attacks of this kind - and the amount of stolen cryptocurrency is much higher than originally thought.
Details become clearer
Last week Cryptopia became the last exchange to be attacked. The Christchurch-based platform initially announced that it had abandoned its services for "unscheduled maintenance" and then reported that it "suffered a security breach that resulted in significant losses". Since then, the details have remained unclear and the lost amount has not been made public. New Zealand police announced that they are working with the exchange to find out what exactly happened.
But since then, the data firm Elementus has started to provide information, including figures showing how much was stolen, and it's claimed to be around $ 16 million on air (ETH). According to representatives of the company, this hacking was especially unusual, as the theft was carried out in a number of small transactions using multiple wallets.
Nurya Gutierrez, co-founder of Elementus told:
A lot of different wallets were involved, which is strange. In other hacks we've seen in the past, hackers have withdrawn money and tried to launder it with one deal. But this guy was very careful and made a lot of transfers in small quantities. I think it's smart and cheap.
Gutierrez added that stealing tokens in small amounts and with more wallets is the best way to avoid detection and tracking.
Elementus released data indicating that of the stolen $ 16 million, the vast majority remains in two wallets controlled by hackers. Hackers shuffle funds in small portions and gradually transfer them to exchanges to cash money.
According to Elementus, more than 76'000 different wallets were used, none of which were based on smart contracts. This means that hackers had to gain access not to one private key, but to thousands. And instead of withdrawing funds as quickly as possible, they spent time retrieving the assets for almost five days after Cryptopia realized they had been stolen.
Slower than a normal hack
"The lack of urgency on the part of hackers is striking," says Elementus. Typically, hacks are performed quickly enough when hackers discover a vulnerability in the wallet's smart contract code that allows them to empty accounts, or when someone can get the wallet's private key and simply withdraw funds to their wallet.
It is possible that future hacks may copy the technique used with Cryptopia to avoid detection. Elementus clarifies that exchanges should freeze these funds as soon as they appear, adding that "there are no excuses. There is nowhere to hide on the blockchain, you need to immediately freeze 100% of these transfers."
Police in new Zealand have since stated that the investigation into cryptopia's hacking is "very complex"and that" positive lines of investigation are being developed to identify the source of the transfer."
LINK - https://altstake.io/news/16-mln-bylo-ukradenovovzlomecryptopia