Topic: Cryptopia Cryptocurrency Platform Services and Development - page 123. (Read 173849 times)

Good points, watching the debug.log for consecutive orphans/disconnects is probably best and easiest, I guess in its simplest form that are a few dozen lines of shell/python script.

Or instead of delisting coins out of nowhere, they could have asked them to implement the NLR feature that Ravencoin and Flo recently implemented which limits the number of blocks in a reorg. If they then set the required deposit confirmations twice as high they should be safe against any malicious reorgs.

I believe for many coins that are based on something more recent than Bitcoin core 0.8 this could be as easy as cherrypicking the commits from the Flo or Ravencoin repo. I wildly guess this could even be done unilaterally from an exchange without the support of the respective coins community, in worst case the exchanges wallet would just disagree with the rest of the network but would not credit transactions from later orphanized chains to their customers accounts.

https://chainz.cryptoid.info/vivo/wallet.dws?42143.htm
It's VIVO Cryptopia wallet, possible(not active withdrawals from 14.01.2019)

would be quite interesting, yes

Off the top of my head:

- Watch for reorganisation messages in the debug log showing excessive (say 10+ blocks) disconnects.

- Regular audit to check that deposit transactions are still marked as valid and have sufficient confirmations.

- Watch for large negative changes in computed/reported coin supply.

Can anyone put a list of some of Cryptopia's cold wallets, I want to keep an eye on them

Like BTC wallet and some other more-popular currencies?

How do you propose that an exchange detects 51% attacks ?

(Keep in mind an exchange wallet could contain up to a 100000 public and private keys and take a week or more to sync.) Each coin would have at least 5 or more wallets and I think they list around 400 coins.

Why did the coin devs not alert them about an attack on the blockchain ? Surely something with  $?? millions in marketcap is not left unattended or unchecked for blockchain exploits ?

Bitcoin for instance tracks all the ophaned blocks https://www.blockchain.com/btc/orphaned-blocks

Keep in mind that in a 51% attack the blockchain held balance is being exploited and manipulated - not anything on their exchange servers. Confirmations come from the blockchain nodes.

A 51% double spend attack alters the balance held on the blockchain well after the blockchain has provided the set confirmations that (I'm assuming) have been agreed upon by the coin devs and the exchange as being adequate for that coin. (If the confrimations were inadequate then why didn't the coin devs alert them. If the coin network devs were aware of the attack why did they not alert them - which are both a listing requirement in their TOS).

I am not aware of the full extend or specific details but I spent quite a bit of my spare time analyzing some 51% attacks for the article I wrote.

@xtraelv Muchly Wow!

As a non-employee you would lecture now about multiple 51% attacks you know nothing about?

Held to ransom is what Cryptopia did to the SexCoin community and to about another 100+ alts coins similarly affected. And as @einsteinium correctly points out, there were multiple attacks over many weeks over many, many alt coins.

You should read up on these posts before you click reply.

In regards to 51% attack please read https://bitcointalksearch.org/topic/m.48633011
One day or initial wave of hacking is on devs.
10 days of hacking is on exchange.

Do you agree?

Neither Lafu nor myself are employees of Cryptopia. Nor are we authorized to make any statements on their behalf.  There is no official representation of Cryptopia on Bitcointalk as they only consider discord and twitter as official media channels.

As a client of the exchange I probably have more $ at risk than most.

You are correct that their staff have instructed not to make any statements. Most are on leave as the offices are considered a crime scene.


The other incidents last year that you mentioned are different.

A 51% attack by definition is a blockchain based attack. https://www.investopedia.com/terms/1/51-attack.asp It means the blockchain has been exploited and fraudulent transactions by a single attacker have caused the genuinely mined transactions to be discarded through chain re-organisation and orphaned. Some reputable devs have re-embused their customers that have been affected by a blockchain 51% attack.

I explained how such an attack works here: https://bitcointalksearch.org/topic/m.46025953


A coin network that allows a 51% attack double spend happen is neither decentralized nor immutable. Both of which are essential for a trustless network.

Many coins have changed from POW to Hybrid, POS or a more complex algo or discontinued because they are unable to prevent attacks on the coin network.

Of course they will. They were operating so smoothly when everything was still on the right track. If they were vulnerable to hacks then it should have happened when btc was still in $6k or above. But I think the management has a change of mind and want to get out of the game with a lot of money than wait a bit more with no returns.

I don't think it's an exit because with the listing fees they were charging (on top of the typical trading and withdraw fees) they should be doing well. I guess there's a slight chance that they sow their trading volumes diminishing and though it was now the time to exit with a BANG instead of waiting for a slow death, but the numbers I've found don't support this claim.

Trading volumes can be faked, I mean the exchange can trade against itself to generate a volume if they want, so I checked their website's analysis in comparison to Bittrex and a few other exchanges.
For example this is the link of the comparison against Bittrex: https://www.similarweb.com/website/bittrex.com?competitors=cryptopia.co.nz
As you can see they have a similar trend to Bittrex, though a 37% lower in traffic, Bittrex's traffic is falling a bit faster than Cryptopia's.

Ofcourse the most important factor is the volume and not how many people visit their site or how often they do so; nonetheless site traffic is a good measure as well and with such a big traffic there shouldn't be a reason for an exit.


The two most likely scenarios are a hack from the inside, from one of the employees... or a hack from the outside thanks to their bad infrastructure.
We can't know for sure if their infrastructure was bad, but if the many wallets in maintenance for weeks or even more than a month is a tell.....

What is more unprofessional is not sending an email to all their users informing what has happened.

I never frequent Twitter and had to manually look them up, and found nothing useful there. And I am sure there are people who never go on Twitter, Bitcointalk, or even Discord.

So they really should of sent an email to all their customers informing what has happened. Or done a better job posting updates on their websites main url.

Sorry man, but it's hard for me to believe in you.
First you didn't proof anything because you don't know all the story, AU was one of the first ICO before was ETH and they did want to gold-back the coins before, but indiegogo didn't allow them, they never lied.
Second, you defended cryptopia all the way even when they didn't respond and it was very strange.
I do believe someone from inside cryptopia is involved in this scam and I hope you not ignore people because what they think.

I got my answer here. I guess they were insolvent the moment we all started experiencing delays with our transaction withdrawals.

Before Christmas Cryptpoia sent out a blanket email stating that they had been hacked by 100+ alt coins (via a 51 % attack) and were closing those markets.  It was at that point that Cryptopia *should* have said they were trading insolvent and should have halted operations because they were unable to cover losses through theft instead telling users to withdraw on a "first come, first served basis".

Here I am on the 16th of December warning people to withdraw their funds: https://twitter.com/Timelord2067/status/1074071116316962816

xtraely and lafu and anyone else claiming to be representatives of Cryptopia definitely aren't because they would have been instructed not to make any statements while a criminal investigation is on going.

Same with the Discord channel, no official representatives would be game to make any statement that could jeopardize the NZ Police's investigation.

So no. Not just three coins that have been hacked.  Cryptopia has been asleep at the wheel for the last six months.

Taking the site down for a long time will also result in lost daily revenue. The site's hosting and other monthly expenditures don't all stop when the site is kept in maintenance mode until who knows when, right? Can't the user/s involved have their accounts frozen instead so everyone else can continue trading? After all, any gains resulting from trading of unaffected coins can still contribute to revenue that can pay off cryptopia's expenditures....

If you keep on ignoring what has been said by me many times before and personally attacking me you will just be put on the ignore list.

I have provided all the evidence that shows that Aurumcoin has lied, is a scam and is to blame for the 51% attack.

What you are talking about has nothing to do with the current issues.

As for the current security breach I try and provide as much information as possible. There are no Cryptopia staff that post announcements on Bitcointalk so I try to keep people updated - if you want to shoot the messenger - go ahead. I will put you on ignore.

Potentially I have lost more in this security breach than most of the people commenting here combined. Want to harass a victim of this crime ? Go ahead and be an asshole.

I know some of the employees of Cryptopia and they know as much as the general public. (They are currently on leave due to to the police investigation)

As far as I am concerned Cryptopia is doing everything it can in this disaster that is prudent for a company in such a situation can do. They have called the authorities for help and are doing a thorough investigation of what happened.

There is no magic wand. It will take time to sort through the issues.



The security breach has resulted in some losses and was stopped by taking the site offline and calling in the authorities. Now you are suggesting to put the site back online so potentially the rest can be stolen ? Are you for real ?

I think most of the coins I stake and trade on Cryptopia (CompoundCoin, VersionCoin, TruckCoin, InflationCoin, Bottlecaps, and 808) must be safe as DOGE is now known to be non-affected there.  They should reopen as soon as possible.  I pray no one slows them down from doing this.  You can't cry over spilled milk.  We deserve access to the coins that are there, and since developers paid them, it's their duty to re-open ASAP.

A company can't trade if it is insolvent.

What do you think members?