Cryptopia Suffers Catastrophic Hack, Evidence Suggests $2.5 Million Ethereum Stolen
New Zealand-based Cryptopia is the first cryptocurrency exchange to get hacked in 2019. Estimates of the damage range between $2.5 to $3.5 million; The attack was confirmed in the late hours of Jan. 13th after the company announced emergency “maintenance.”
Cryptopia is a tiny exchange with daily trading volume averaging approximately $2 million. The evening of Jan. 13th, they were hacked for a substantial sum of crypto:
— Cryptopia Exchange (@Cryptopia_NZ) January 15, 2019
Remarkably, the exchange withheld this information until Jan. 15, sparking outrage from customers on Twitter for being offline for two days before acknowledging the attack. While Cryptopia is yet to mention the exact losses, bug hunting firm Hacken claims to have discovered a fraudulent transfer of 19,390 ether from the exchange’s accounts during its supposed ‘maintenance’ period, worth $2.5 million at press time.
New Zealand Crypto Exchange @Cryptopia_NZ has been hacked. We came to this conclusion after observing an ETH transaction (https://t.co/NqBirTc0jS), of 19,390 ETH being moved out of Cryptopia’s tagged wallet to an unknown address.
Hacken and @CER_Hacken are looking into this case. https://t.co/KGf7g4egrM— Hacken (@Hacken_io) January 15, 2019
In addition, a lesser-known altcoin called Centrality (CENNZ) was stolen in the hack as well, with 48 million tokens worth $1.2 million transferred from Cryptopia’s wallet.
19,391 #ETH (2,438,152 USD) transferred from #Cryptopia to Unknown wallet
— Whale Alert (@whale_alert) January 13, 2019
The exchange has since alerted the local police and the High Tech Crimes unit of the country and claims to be actively involved in working towards identifying the culprits. All parties are treating the issue as a “major crime,” and the exchange remains offline with all 535 cryptocurrency trading pairs suspended at the time of writing.
Members of the broader crypto-community are suggesting the hack could be a possible “exit scam” given the 48-hour “maintenance” period and are pointing out the hefty ether transaction as one possibly conducted by Cryptopia’s team. CNBC talk show host Ran Neuner also questioned the exchange’s lackluster security practices. He goes on to question whether Cryptopia users would be refunded for their losses due to exchange’s incompetence.
Meanwhile, Binance CEO, Changpeng Zhao, incited controversy after suggesting cryptocurrency users must store their assets on trusted exchanges or DEXes. Commenters pointed to Mt.Gox being a trusted exchange in 2013, before it saw 744,408 bitcoins stolen in a massive hack. Later, the outspoken entrepreneur confirmed his tweet was meant to advertise Binance’s upcoming DEX product.
Over time, several trusted exchanges which boasted high-security have fallen victim to hackers, including Bitfinex, CoinCheck, Poloniex, and BitFloor. Thus, practicing a safe trading and crypto-storing behavior is a top priority for those looking to invest in cryptocurrencies
Despite CZ’s strong opinions, storing a majority of your holdings on exchanges is a risky affair given that the biggest names have been hacked previously and no security feature is reliable enough to be deemed “unhackable.”
The best way to store crypto-assets is in offline wallets, including hardware devices and paper wallets. Only a fraction of a trader’s reserves should be left on exchanges for trading or quick currency transfers. However, for active traders, choosing an exchange with insurance, such as Gemini, could serve as a strong incentive in lieu of using hardware wallets.