Cryptopia, New Zealand's biggest cryptocurrency exchange, shut its doors on January 14 after hackers drained significant amounts from customer accounts. Police now estimate the theft could exceed $3.5
Cryptopia, New Zealand's biggest cryptocurrency exchange, shut its doors on January 14 after hackers drained significant amounts from customer accounts. Police now estimate the theft could exceed $3.5 million.
On January 13, monitoring service Whale Alert tracked 19,391 ether moving from Cryptopia to unknown wallets. That ethereum was worth about $2.44 million. The same day saw another 48 million centrality tokens leave the exchange, valued at about $1.18 million.
Starting January 15, New Zealand police coordinated with overseas law enforcement on the case. Two days later, on January 16, officers arrived at Cryptopia's Christchurch headquarters to examine the building and conduct a forensic digital investigation. The High Tech Crimes Units and police classified the breach as a major crime.
Police declined to confirm the exact theft amount. "We are not yet in position to say how much cryptocurrency is involved, other than it is significant amount," a police statement said on January 16. The statement added: "It was still too early for us to draw any conclusions and police will keep an open mind on all possibilities while we gather the information we need."
The scope of the investigation remained unclear. "We are dealing with a complex situation and we are unable to put a timeframe on how long the investigation may take," police said in a statement. "A priority for police is to identify and, if possible, recover missing funds for Cryptopia customers, however there are likely to be many challenges to achieving this."
Cryptopia management cooperated with investigators, according to police. The company's founders, Rob Dawson and Adam Clark, launched the platform three years ago and grew it to serve more than 1.4 million users.
New Zealand's Financial Markets Authority also entered the case. The FMA received notice of the breach on the morning of January 16, a spokesperson said. "We will be engaging with the firm and the police," the FMA representative told Stuff. The FMA does not regulate the exchange or the tokens it lists, though companies offering crypto-related financial services must register with the Financial Services Providers Register.
Complaints about Cryptopia had surfaced before. In November 2018, users lost more than 100 cryptocurrencies stored on the exchange, and the exchange demanded fees from developers to return them. In one case, a customer paid $1,700 to recover coins after forgetting to include the required payment ID with his deposit.
Within days of the hack, Christchurch lawyer Clive Cousins heard from about 40 people interested in joining a joint lawsuit against the company.
Exchange hacks have become routine in the crypto world. Research from Ledger, the hardware wallet maker, found that 2018 saw at least $856 million stolen from exchanges across the industry. Coincheck lost $530 million. CypheriumChain lost $10 million. Taylor, a crypto trading app, lost $1.5 million.
"Hackers are getting more sophisticated every day, and the Cryptopia hack is evidence that this trend will continue into 2019," Eric Larchevêque, the CEO of Ledger, said. "Its critical that consumers use these hacks as learning opportunities and proactively protect themselves by taking direct control of their assets."
