Normally when we learn about another centralized exchange being hacked, we simply add it to our growing list of documented exchange hacks & tweet out an update. Which is exactly what we did on January 15th when details surfaced about Cryptopia being hacked.
It is not really an article we take joy in updating, knowing that people have potentially lost their life savings, but a big part of developing Saturn Network has also been to promote safer cryptocurrency practices. Documenting the rising number of centralized exchanges that are breached by hackers or steal from their own customers, really is the best way to show that you have to take your crypto security into your own hands. Lesson one has always been: if you do not control the private key then there is always a risk you may lose these funds.
Now we hear that just 15 days later, hackers were able to break into Cryptopia's wallets AGAIN and steal another 1,675 ETH.
For those that do not know, Elementus, is a protocol being developed to provide & analyse data on any public blockchain. Their analysis showed that the initial Cryptopia hack resulted in around $16 million USD being stolen in ETH and ERC20 tokens. So even though we have had no official announcement from Cryptopia or NZ police, I think it is safe to say this second breach has indeed happened.
What does this second hack mean?
- Cryptopia no longer has any control over its wallets, the attacker must have access and control of all of their private keys. The first hack breached over 76k wallets and this second one accessed over 17k wallets.
- This second hack emptied some wallets that had been emptied already! This means people are for some unknown reason still depositing funds into Cryptopia. Do not do this.
I also believe it reinforces the argument that this could have been an inside job orchestrated by the exchange themselves. Surely, any exchange with their customer's interests at heart would move to protect any remaining funds that had not been stolen in the first attack. And if the reality is they were hacked a second time, it proves they gave zero thought into having an action plan in place for an eventual breach. Showing once again that for the most part centralized exchanges operate thinking about profit & not about how they can keep their users safe.
One thing is for sure, I highly doubt we will see Cryptopia operating again. How will anyone trust them after being hacked twice in the space of 15 days?