24. January 2019ETH$116,34 0.48%Facebook Twitter LinkedIn xing mail
A new analysis of Elementus brings light into the Dark to the Hack of the new Zealand Bitcoin exchange-Cryptopia. Using an in-house Software (Elementus query engine), the policy of Elementus the stolen Funds on the Ethereum Blockchain. Out of it came, among other things, that the amount of loss is in the Case of Cryptopia a minimum of around 16 million US dollars. Previous estimates have amounted to three to 13 million US dollars.
Apparently, the suspect's Wallet movements began already on Sunday, the 13th. January – a day earlier than Cryptopia originally specified. In the case of the affected Wallets are Central Wallets for the crypto-exchange. One of the Wallets contained Ether, the Token other ERC20 -.
Only a little later, Funds from the over 76.000 customers ' Wallets began to disappear. On the following day, the 14th. January, castle Cryptopia the operation and went into "maintenance mode". 15. January informed Cryptopia finally, the Public about the security breach.
The thieves have stashed part of the loot to various crypto-exchanges. So ETH and ERC20 store Token to the value of around one Million US dollars to a total of 13 different Exchanges. The lion's share accounted for by Bibox (326.581 US dollars), Binance (279.525 US dollars) and Huobi (147.715 US dollars).
part of the rest of the loot stores, however, three Wallets, which are apparently in the possession of the hackers.Read also: turbulence in the case of Huobi: bear market Bitcoin exchange in distress
The raw data posted Elementus on Github. Below is an excerpt of the list of stolen Coins:
The some other Hack
The Cryptopia Hack differs according to the estimates in the two main points of "conventional" attacks on Bitcoin exchanges. Accordingly, the number of the affected Wallets was one with about 76.000 unusually high:
"The Funds were taken from more than 76,000 different Wallets, none of which Smart Contracts. The thieves must not have received access only to one but to thousands of Private Keys.“
Secondly, the fact that the attack could also be after their discovery continued, the analysts puzzled:
"After Cryptopia had discovered the Hack, they observed, how the money flowed still four more days out of their Wallets, seemingly powerless to stop it. Since it was not in the case of these Wallets, Smart Contracts, it should have been no technical complications, the Cryptopia prevent, to secure the funds.“
This indicates, in turn, to the fact that Cryptopia kept all the Private Keys on a single Central Server – a mortal sin in terms of Exchange security.
"A possible explanation is that Cryptopia has stored your Private Keys without redundancy on a single Server. If the thieves managed to gain access to this Server, you could have the Private Keys and deleting it from the Server download, so that Cryptopia could not access on their own Wallets.“
In addition, around 2,000 Wallets running at the moment of danger, to be removed. This house ETH in against a total value of around US $ 46,000.Read also: Cryptopia: Bitcoin exchange attack suffers, for the time being in maintenance mode
The report concludes with a call to all concerned crypto-exchanges, Funds derived from the Cryptopia Hack, freeze.