SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Police making progress into Cryptopia breach

Wed, 23rd Jan 2019
FYI, this story is more than a year old

New Zealand Police say they are making 'good progress' into the investigation of an alleged cryptocurrency theft from Christchurch-based crypto exchange Cryptopia.

On Tuesday police released a further media statement that said they are developing positive lines of enquiry that will help to identify the source of the transfer, and when the cryptocurrency was sent to.

The investigation comes after Cryptopia suffered a breach on January 13 and 14. The breach resulted in 'a significant amount' of stolen cryptocurrency, which was then transferred to another location.

"This is a very complex investigation, involving expert digital forensic investigators from within New Zealand and in various overseas jurisdictions, as well as overseas authorities," says a statement.

This week investigation team has met with Cryptopia's management and staff to outline how the investigation has been going.

Police are also working with the larger cryptocurrency community to help with the investigation.

Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation.

The investigation is expected to take some to time complete, and the digital forensic team will be on-site at Cryptopia's premises for some days to come.

According to a blog from cryptocurrency firm Elementus, not much is known about the breach and some reports pitch the amount of money lost as between US$3-16 million (NZ$4.4million-23.5 million).

Elementus broke down the losses by cryptoasset (in USD). It speculated that the most losses came from Ethereum ($3.6m USD), followed by other tokens ($3.0 million USD), Dentacoin, Oyster Pearl, and Lisk ML. Centrality, Mothership, Ormeus, DAPS, Zap, and Pillar were also affected.

Elementus also speculates that the thief has tried to cash out at least US$882,000 from various exchanges.

"The lack of urgency on the part of the thieves is striking. Rather than withdrawing the funds as fast as possible, as is the case in most crypto hacks, they took their time extracting the assets over the course of nearly five days," Elementus says in a blog.

"After Cryptopia discovered the hack, they watched the funds continue to flow out of their wallets for four more days, seemingly powerless to stop it. As these wallets were not smart contracts, there should have been no technical complications preventing Cryptopia from securing the funds. The only plausible explanation for Cryptopia's inaction is that they no longer had access to their own wallets," Elementus continues.

Elementus speculates that 1948 Ethereum wallets and US$46,000 worth of Ether are still at risk.

Anyone with information which could assist the investigation can contact police by email at crypto@police.govt.nz.

Read more here.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X