Fifteen days after the January 14 Cryptopia hack, hackers who stole over $16 million from Cryptopia exchange have returned. According to an article published by Elementus today January 29, the thieves started withdrawing money from the exchange wallets yesterday.
Elementus had warned some wallet holders on the exchange about the vulnerability of their wallets on the exchange as they anticipated a second strike. Unfortunately, these, nearly 2000 of those same wallets were affected this time and 5000 more that were drained in the first hack.
According to today’s report, the thieves moved the funds to a different wallet address before finally transferring all stolen funds adding up to $180 thousand to their wallet which is said to contain the previously stolen $16 million.
“Initially it wasn’t clear whether this might be Cryptopia securing their remaining funds. But by 9:50pm this evening, we got our confirmation that this was indeed the same thief. At that time, the incoming transfers stopped and the combined funds were moved into the address below, the same wallet that currently stores the other stolen Cryptopia funds.”
Meanwhile, the New Zealand Police have been on the case but no tangible information has been found concerning the whereabouts of the thieves or what progress has been made in the hunt that has been on since the 14. Indeed it is a difficult case like they stated in the report because the thieves must be very confident about their activities to return and spend a whole day draining funds again.
Attacks on crypto exchanges have become commonplace despite the enduring bear market. Even in 2018, there were notable hacks such as that of Mt Gox which has made the company bankrupt. It is sad that this trend has followed the industry into the new year and is likely to continue.
Apparently, the users have not been instructed to stop topping their wallets or they are completely unaware which is kind of strange. An earlier report said users had stormed the exchange’s office demanding their money but only ~40 of them. It is however uncertain if any refund has been made to any of the users.