One would think that after the initial hack of Cryptopia, plans would be set in motion to forestall future occurrences, but no, that is not the case at all. In fact, as it stands, thousands of Cryptopia wallets remain vulnerable to more attacks.
More Theft after A Time Off
The initial breach occurred 15 days ago, and today, the onslaught keeps mounting. According to recent data, another 17,000 Cryptopia wallets have lost 1,675 ETH.
The Cryptopia hacker who took a rest after stealing $16 million in the first attack, came back for more yesterday, stealing 1,675 ETH (which is worth about $180,000) from 17,000 different sets of Cryptopia wallets.
The affected wallets include more than 5,000 wallets belonging to unknowing Cryptopia users who were victims of the first attack but have since topped up their wallets. The 1,948 wallets classified as at-risk wallets were not spared as all accrued earnings in the active ones were siphoned as well. The siphoning of funds began at 6:59 AM on January 28 and was active for the whole of the day.
At first, it was difficult to know who was responsible for the movement of funds, perhaps Cryptopia was trying to secure the remaining funds in its possession. Anyway, everything became clear by 9:50 PM on the same day that it was indeed the same culprit. At that point in time, the incoming transfers ceased, and all the funds were transferred to a particular address, the same one used to store the previously stolen funds.
From the events of the past days, the following have been observed:
1) It has become obvious that the hacker is holding Cryptopia to ransom. It is clear that the hacker is the one in possession of Cryptopia’s Ethereum wallets private keys.
This means that more funds are likely to be stolen by the thieves once they are sent to Cryptopia unless they are caught.
2) The hack has done nothing to stop many Cryptopia users from making funds deposit into their Ethereum wallets.
In the space of two hours of the hack, a lot of the Ethereum wallets that were affected received top-ups from their owners.
It is surprising that users continue to send their funds to Cryptopia even in the face of the still active security breach.
Majority of the incoming funds originates from mining pools. It could be that the funds’ transfer happens automatically on behalf of miners who chose to be paid through “direct deposit” and are no longer aware of their decision.