Cryptopia Cryptocurrency Platform Services and Development - page 122.

krysta11

sr. member

Activity: 288

Merit: 253

Quote from: RivAngE on January 23, 2019, 06:45:22 AM

I don't understand why hasn't the community found out if Cryptopia's BTC wallets have been emptied as well or not.

I hadn't deposited or withdrew any BTC recently and I don't think I can find my last transaction with Cryptopia and track it, but I'll try it.
Wouldn't someone else have it traced and found their BTC addresses though?

It's one of hot BTC Cryptopia wallets(possible old)
https://chainz.cryptoid.info/btc/wallet.dws?55139810.htm

RivAngE

full member

Activity: 728

Merit: 169

What doesn't kill you, makes you stronger

I don't understand why hasn't the community found out if Cryptopia's BTC wallets have been emptied as well or not.

I hadn't deposited or withdrew any BTC recently and I don't think I can find my last transaction with Cryptopia and track it, but I'll try it.
Wouldn't someone else have it traced and found their BTC addresses though?

psycodad

legendary

Activity: 1612

Merit: 1608

精神分析的爸

Quote from: Larsin on January 23, 2019, 05:14:33 AM

Tell me please, is there anything heard about tether? I ~~have~~ had 3,000 of them there Cry

TFTFY

P.S.: Not making fun of your loss just pointing out the facts. I myself ~~have~~ had ~0.35 BTC in alts, BTC and LTC in topia when they went dark.

Larsin

full member

Activity: 271

Merit: 100

Tell me please, is there anything heard about tether? I have 3,000 of them there Cry

four3200

sr. member

Activity: 1246

Merit: 257

Quote from: einsteinium on January 21, 2019, 06:00:51 AM

Quote from: xtraelv on January 21, 2019, 05:48:19 AM

Quote from: Timelord2067 on January 20, 2019, 10:47:15 PM

Before Christmas Cryptpoia sent out a blanket email stating that they had been hacked by 100+ alt coins (via a 51 % attack) and were closing those markets.

xtraely and lafu and anyone else claiming to be representatives of Cryptopia definitely aren't because they would have been instructed not to make any statements while a criminal investigation is on going.

Neither Lafu nor myself are employees of Cryptopia. Nor are we authorized to make any statements on their behalf. There is no official representation of Cryptopia on Bitcointalk as they only consider discord and twitter as official media channels.

As a client of the exchange I probably have more $ at risk than most.

You are correct that their staff have instructed not to make any statements. Most are on leave as the offices are considered a crime scene.

The other incidents last year that you mentioned are different.

A 51% attack by definition is a blockchain based attack. https://www.investopedia.com/terms/1/51-attack.asp It means the blockchain has been exploited and fraudulent transactions by a single attacker have caused the genuinely mined transactions to be discarded through chain re-organisation and orphaned. Some reputable devs have re-embused their customers that have been affected by a blockchain 51% attack.

I explained how such an attack works here: https://bitcointalksearch.org/topic/m.46025953

Quote

In May Bittrex was the victim of a 51% double spend attack on the Bitcoin Gold network. The Bitcoin Gold developers only offered to partially compensate Bittrex for the losses and Bittrex chose to delist Bitcoin Gold instead.

A coin network that allows a 51% attack double spend happen is neither decentralized nor immutable. Both of which are essential for a trustless network.

Many coins have changed from POW to Hybrid, POS or a more complex algo or discontinued because they are unable to prevent attacks on the coin network.

In regards to 51% attack please read https://bitcointalksearch.org/topic/m.48633011
One day or initial wave of hacking is on devs.
10 days of hacking is on exchange.

Do you agree?

Actually it was on the customers.
Lost coins & Lost listing.

[which in hindsight is not a bad deal]

four3200

sr. member

Activity: 1246

Merit: 257

Quote from: RivAngE on January 22, 2019, 08:04:29 AM

Quote from: four3200 on January 22, 2019, 05:34:56 AM

Why no motion of all coins from the hot wallets to cold, as a security precaution?
Has this been done?
This would be the first move to make if keys are compromised.

If we think about it, whichever wallet was compromised would be emptied; for example why would the hacker get 1000 ETH if the wallet had 2000 ETH?
So what's stolen is stolen. I don't think it's possible to hack a new wallet while the exchange is not operating.

Any wallet/coin could possibly be compromised.
The second (the very second) you know that unauthorized TX have been sent you immediately shift funds to new privkeys as fast as their block chains can move.

Next you inform and sign where/howmany COINS you still have in secured custody.

Dead simple.

paramind22

hero member

Activity: 2730

Merit: 552

You would think in these days of all these new computer programming languages and AI that batch files could be run of each user's remaining balances, and a text file dump of that information be given to each person upon a log in. Maybe in five years, or maybe people in general are just too uncaring or lazy of think of that and create it.

RivAngE

full member

Activity: 728

Merit: 169

What doesn't kill you, makes you stronger

Quote from: four3200 on January 22, 2019, 05:34:56 AM

Why no motion of all coins from the hot wallets to cold, as a security precaution?
Has this been done?
This would be the first move to make if keys are compromised.

If we think about it, whichever wallet was compromised would be emptied; for example why would the hacker get 1000 ETH if the wallet had 2000 ETH?
So what's stolen is stolen. I don't think it's possible to hack a new wallet while the exchange is not operating.

Labrader

member

Activity: 224

Merit: 24

Quote from: FinalProgram on January 20, 2019, 10:38:49 AM

Todays message from Cryptopia Discord server:

Quote

Update from Managing Director of Cryptopia Exchange.
The co-founders, shareholders, executive and the entire Cryptopia Team appreciate the support that is being demonstrated here.
We cannot even consider re-opening the exchange while the investigation is in progress.
To even consider doing so would be totally irresponsible of us as it could likely make the way clear for further attacks and even more damage.
Please have patience and faith. We will continue to update everyone as and when we can. Take no notice of the armchair experts.

Actually a very responsible thing would be to allow read-only access, so that customers may take snapshots of their accounts.

four3200

sr. member

Activity: 1246

Merit: 257

Quote from: xtraelv on January 22, 2019, 01:09:14 AM

https://www.police.govt.nz/news/release/police-making-progress-crypto-currency-investigation

Why no motion of all coins from the hot wallets to cold, as a security precaution?
Has this been done?
This would be the first move to make if keys are compromised.

xtraelv

legendary

Activity: 1288

Merit: 1926

฿ear ride on the rainbow slide

https://www.police.govt.nz/news/release/police-making-progress-crypto-currency-investigation

trackers

jr. member

Activity: 54

Merit: 2

So the latest rumour I've heard (I live in this city and know people that work there) is that one employee (a person I used to know from the IT sector incidentally) is of particular interest, taking an overseas holiday the day before the hack at no/little notice, and is now unreachable.

Again just a rumour, though does correlate well with the elementus article which suggests the whole db has been yoinked

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: almightyruler on January 21, 2019, 07:34:32 PM

Quote from: Winstar78 on January 21, 2019, 07:07:56 PM

very, very scaring that cryptopia could have lost access to all his wallets.

It's possible they've lost access to private keys, but it's also possible that they were ordered to shut everything down by Police and were therefore not able to move remaining funds to cold storage. I would imagine that even experienced forensic/cyber criminal investigators assume that shutting down a compromised cryptocurrency server safeguards against further loss... which is very, very wrong.

If they had lost access to private keys their Bitcoin wallets would have been the first thing to get emptied. It's more likely they are taking legal advice on what their options are from lawyers.

almightyruler

legendary

Activity: 2268

Merit: 1092

Quote from: Winstar78 on January 21, 2019, 07:07:56 PM

very, very scaring that cryptopia could have lost access to all his wallets.

It's possible they've lost access to private keys, but it's also possible that they were ordered to shut everything down by Police and were therefore not able to move remaining funds to cold storage. I would imagine that even experienced forensic/cyber criminal investigators assume that shutting down a compromised cryptocurrency server safeguards against further loss... which is very, very wrong.

Winstar78

member

Activity: 365

Merit: 14

Quote from: yurimir on January 21, 2019, 05:18:03 PM

Fascinating investigation on the Cryptopia exchange hack - Some overdue transparency into the Cryptopia exchange hack

https://elementus.io/blog/cryptopia-hack-transparency/

very interesting and insightful. Now I can imagine why Ormeus dumped so much (also MGO) even if looks like the hackers still did not dump all on the market.

very, very scaring that cryptopia could have lost access to all his wallets. At this point they can have lost access to bitcoins, too. And they are desperately trying to recover the private keys so they dunno what to say to the public in the meanwhile.

now the only question is: will we recover at least a fraction of our funds? Will cryptopia go bankrupcy? Because, there will be for sure some idiot who will sue cryptopia because obtaining only a fraction of the funds, not knowing that going to court means locking all for years, like mtgox or recently bitgrail.

yurimir

legendary

Activity: 1554

Merit: 1044

Fascinating investigation on the Cryptopia exchange hack - Some overdue transparency into the Cryptopia exchange hack

https://elementus.io/blog/cryptopia-hack-transparency/

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: Nexu$ on January 21, 2019, 02:51:19 PM

Could you give me the link to the article you wrote about the 51% attacks? I would like to understand how this happens. Thank you

Here you can read : How does a double spend 51% attack work ? Explanation and examples.

Nexu$

full member

Activity: 144

Merit: 100

Quote from: xtraelv on January 21, 2019, 06:43:14 AM

Quote from: Timelord2067 on January 21, 2019, 06:25:48 AM

@xtraelv Muchly Wow!

As a non-employee you would lecture now about multiple 51% attacks you know nothing about?

Held to ransom is what Cryptopia did to the SexCoin community and to about another 100+ alts coins similarly affected. And as @einsteinium correctly points out, there were multiple attacks over many weeks over many, many alt coins.

You should read up on these posts before you click reply.

How do you propose that an exchange detects 51% attacks ?

(Keep in mind an exchange wallet could contain up to a 100000 public and private keys and take a week or more to sync.) Each coin would have at least 5 or more wallets and I think they list around 400 coins.

Why did the coin devs not alert them about an attack on the blockchain ? Surely something with $?? millions in marketcap is not left unattended or unchecked for blockchain exploits ?

Bitcoin for instance tracks all the ophaned blocks https://www.blockchain.com/btc/orphaned-blocks

Keep in mind that in a 51% attack the blockchain held balance is being exploited and manipulated - not anything on their exchange servers. Confirmations come from the blockchain nodes.

A 51% double spend attack alters the balance held on the blockchain well after the blockchain has provided the set confirmations that (I'm assuming) have been agreed upon by the coin devs and the exchange as being adequate for that coin. (If the confrimations were inadequate then why didn't the coin devs alert them. If the coin network devs were aware of the attack why did they not alert them - which are both a listing requirement in their TOS).

I am not aware of the full extend or specific details but I spent quite a bit of my spare time analyzing some 51% attacks for the article I wrote.

Could you give me the link to the article you wrote about the 51% attacks? I would like to understand how this happens. Thank you

bisti

newbie

Activity: 194

Merit: 0

Quote from: pinoycash on January 20, 2019, 10:44:15 AM

Quote from: FinalProgram on January 20, 2019, 10:38:49 AM

Todays message from Cryptopia Discord server:

Quote

Update from Managing Director of Cryptopia Exchange.

The co-founders, shareholders, executive and the entire Cryptopia Team appreciate the support that is being demonstrated here.

We cannot even consider re-opening the exchange while the investigation is in progress.

To even consider doing so would be totally irresponsible of us as it could likely make the way clear for further attacks and even more damage.

Please have patience and faith. We will continue to update everyone as and when we can. Take no notice of the armchair experts.

Can you share the Invite Link of their Discord Server? Its totally unprofessional sending an update on their discord while most people are waiting for an update on their twitter account.

Trust me, you dont need it, it is full of retards who are shocked by the fact that you are asking for any info or update about how / or when could I possible withdraw MY money.

HOW DARE I???

Timelord2067

legendary

Activity: 3696

Merit: 2219

💲🏎️💨🚓

Quote from: bisti on January 21, 2019, 07:26:22 AM

Can anyone put a list of some of Cryptopia's cold wallets, I want to keep an eye on them

Like BTC wallet and some other more-popular currencies?

You mean like this list from two pages back?

Or the thread that it originally came from? https://bitcointalksearch.org/topic/m.49253290 Roll Eyes

Topic: Cryptopia Cryptocurrency Platform Services and Development - page 122. (Read 173849 times)