According to a report by Elementus company, today, cybercriminals who had hacked the New Zealand-based cryptocurrency exchange Cryptopia two weeks ago, continued pulling funds from users’ Ethereum wallets. The owners of 5 240 wallets that had already been drained during the initial attack, are still unaware of the breach.
New Zealand-based crypto exchange Cryptopia was hacked on January 14, but the trading platform’s administration has still failed to regain control over their Ethereum wallets, thus allowing hackers to siphon more and more users’ funds, as reported by the experts from Elementus.
It subsequently transpired that the hackers were able to get away with $16 million worth of crypto, mostly ethers. Notably, the police succeeded in tracking the source of the hack.
According to Elementus, January 28 saw the cybercriminals siphoning yet another 1 675 ETH (worth about $180 000) from 17 000 Cryptopia accounts. Interestingly enough, 5 240 of these wallets belong to victims of the original hack which took place two weeks ago. This means that these users are still unaware of what is happening, as they have topped up their balances after their wallets were emptied by hackers.
The intruders were accumulating stolen funds in this Ethereum address:
Then, the combined funds were moved into the address below, the same wallet that currently stores the other stolen Cryptopia funds.
This means that both attacks were pulled off by one and the same hacking group.
The experts at Elementus believe that this confirms their earlier hypothesis about Cryptopia administration being no longer in control of the private keys to their Ethereum wallets. Moreover, despite the hack, many Cryptopia users continue depositing funds into their accounts, like nothing’s wrong.
As long as the hackers remain at large, any funds deposited into Cryptopia wallets are likely to be stolen by the criminals, the experts concluded.