Cryptocurrency exchange Cryptopia and its users’ worst fears were realized yesterday when it was revealed that another 17,000 wallets have been drained of funds in a second attack, reaffirming suspicions that the exchange hasn’t yet got the hack under control, despite an ongoing police investigation into the first theft.
Users Adding Funds
Blockchain investigators Elementus, who investigated the first hack following days of silence from Cryptopia, were alerted to renewed activity within the affected wallets Monday and began to monitor events. They found that the 2,000 wallets they had already identified as still being potentially vulnerable were indeed being drained, but then discovered that thousands of unsuspecting users had added funds to their compromised wallets, allowing the attackers to drain another 15,000 wallets in addition.
The hackers principally targeted ETH, taking a total of 1,675 from the wallets at a present value of about $180,000 in addition to the $16 million taken in the additional hack, and sending them to one address. It was initially thought that the activity could have been Cryptopia finally getting access to wallets and securing funds, but when some ETH began to find its way to an address used in the original attack, it was clear that the hackers were going back for more. Many of the added funds seem to have come directly from mining pools, which suggests that users have forgotten to switch the target of their mining activities to an uncompromised location.
Not Looking Good for Cryptopia
Cryptopia have so far declined to comment on the escalation of the attack, but it’s clear that they still have no control over their own wallets. The continuation of the attack is particularly concerning given that it has occurred during a police investigation into the breach. The initial police statement, made on January 22, stated that “good progress” was being made, a statement that rings a little hollow following the crime continuing under their noses. Given their performance so far, very few people are holding their breath for an official Cryptopia announcement, but with every day of silence that passes, punctured now and again by further bad news, the viability of Cryptopia as a business comes more and more into question.