As much as $16 million worth of Ethereum and ERC20 tokens were stolen in the recent hack of New Zealand exchange Cryptopia

As much as $16 million worth of Ethereum (ETH) and ERC20 tokens were stolen in the recent hack of New Zealand exchange Cryptopia, according to an analysis from blockchain infrastructure firm Elementus, Jan. 20.

Elementus’ findings and analysis were published under a week after Cryptopia first publicly announced its detection of the breach. As reported, the exchange had initially informed the public that the platform was undergoing unscheduled maintenance, before avowing that a hack incurring “significant”— but unspecified — losses had occurred.

According to Elementus, data on the Ethereum public blockchain indicates that funds began to be siphoned from Cryptopia’s two core wallets — one holding ETH, the other tokens — on the morning of Jan. 13.

That same afternoon, once both core wallets had been emptied, funds reportedly began to be transferred out of Cryptopia’s 76,000+ secondary wallets, a process that would continue until the early hours of Jan. 17. At the same time, Cryptopia had informed the public about the incident and alerted law enforcement by Jan. 15.

Elementus indicates that just under $3.6 million in ETH was stolen, with ~$2.4 million in Dentacoin, and almost $2 million in Oyster Pearl, as well ~$3 million in unspecified other tokens.

Asset Value (USD)
ETH $3,570,124
Dentacoin $2,446,212
Oyster Pearl $1,948,223
Lisk ML $1,718,610
Centrality $1,148,144
Mothership $880,141
Ormeus $452,841
DAPS $384,425
Zap $147,158
Pillar $254,521
Other tokens $3,051,709
Total $16,002,108

Value of crypto assets stolen from Cryptopia as of Jan. 19. Source: Elementus

According to Elementus’ investigations, the hackers have thus far cashed out ~$880,000 of the stolen crypto via exchanges, which reportedly include major platforms such as Binance, Huobi and HitBTC. The remaining ~$15 million reportedly remains in two wallets identified as being under control of the perpetrators.

Elementus deems the incident to be unusual in that it differs from two common profiles of exchange hacks: these being either the exploitation of vulnerabilities in a wallet’s smart contract code, or unauthorized access to private key credentials, which typically involves the breach of a single wallet.

In Cryptopia’s case, the thieves’ gained access to as many as over 76,000 wallets, and moreover apparently displayed a lack of urgency in siphoning the funds over time. Elementus moreover suggests that Cryptopia’s inaction — for several days after the incident was detected — may imply the exchange had lost access to its own wallets.

Also read: Top 5 crypto exchange Huobi has plans to launch its own stablecoin this year as part of its 2019 road map