Pages:
Author

Topic: Cryptopia exchange hacked - page 6. (Read 4122 times)

hero member
Activity: 1316
Merit: 514
March 27, 2019, 09:50:45 AM
Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.

This process is painstaking process and really slow. Judging from their previous performance before they even hack they usually have a wallet under a maintenance for 2weeks to 4 weeks for a mere wallet update.
full member
Activity: 728
Merit: 169
What doesn't kill you, makes you stronger
March 27, 2019, 07:04:38 AM
If they carry on renewing their wallets with this speed,
we might wait until december.
Also they did haircut the btc but i dont believe BTC were stolen.
Why dont they open tell what was stolen?
Why dont they open tell who will do the losses or will they repay them?
Do they even know what was stolen?
Every single day we have to check if anything happened...and it did not...


From my own personal research back when the hack was first announced I had noticed movement in their BTC wallets that seemed to be the result of the hacker.
Initially I though that maybe the movement was the result of Cryptopia moving their BTC to new wallets just to be safe, but if what they said about shutting everything down (no that this would help with anything other than stopping tradings if their private keys were compromised) and leaving the office access to police, then the BTC movement was done by the hacker.

My research could have mistakes though, so double check yourself if you want. That's my initial post,

Okay I think I found the Cryptopia's BTC wallet. My deposit there is kinda old and I can't recall 100% if it's the address I deposited was Cryptopia's or another exchange's, but I traced the movement and since the wallet's movements stopped on 14th January I'm 99% sure it's Cryptopia's.

This is their wallet: 3ALZ4ALw2T4jebXXUy8GMv2rLB7JpFL1JD

After many hops between 1-use addresses, I find a big amount of funds consecrated here: 12YBZCaPe45LFbvgYWP5AVm3pvZTtHTiNY
This was a new address created on 13th January.
It seems that after gathering BTC from different Cryptopia's wallets, summing 392.31 BTC, they sent a "test" transaction of 3 BTC on 14th January and 10 minutes later they sent all the amount to the same address.

From that point on, it seems like the funds were split to multiple addresses, probably many of which are exchanges.

Your thoughts? Anything I missed maybe?
hero member
Activity: 1651
Merit: 863
March 26, 2019, 11:36:28 AM
If they carry on renewing their wallets with this speed,
we might wait until december.
Also they did haircut the btc but i dont believe BTC were stolen.
Why dont they open tell what was stolen?
Why dont they open tell who will do the losses or will they repay them?
Do they even know what was stolen?
Every single day we have to check if anything happened...and it did not...
sr. member
Activity: 2156
Merit: 323
March 26, 2019, 10:42:03 AM
Meanwhile Cryptopia have been enabled lots of trade pairs, but deposits and withdrawals still down. Appears that they're moving the assets to the new safe wallets, first until then we won't be able to withdraw.
full member
Activity: 728
Merit: 169
What doesn't kill you, makes you stronger
March 26, 2019, 10:12:28 AM
Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked
You know what they wrote:
Quote
For the loss caused to our users, DragonEx will take the responsibility no matter what.

This should be the role model of any exchange that been hack Cheesy They announce being hack after a couple of days and providing the details of the after 1 week Cheesy , While in our beloved cryptopia they hide behind the police for almost 2 months and up to know they didn't bother to issue a statement on what had been loss.

And guess what? no tweet today Cheesy no changes in the number of secure coins in coininfo page after 1 week,

You better keep smashing that F5 in their page! They might suddenly open depositing and trading with withdrawing disabled... or something stupid like that.
Cryptopia keeps amazing me day after day, decision after decision!
hero member
Activity: 1316
Merit: 514
March 26, 2019, 06:28:54 AM
Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked
You know what they wrote:
Quote
For the loss caused to our users, DragonEx will take the responsibility no matter what.

This should be the role model of any exchange that been hack Cheesy They announce being hack after a couple of days and providing the details of the after 1 week Cheesy , While in our beloved cryptopia they hide behind the police for almost 2 months and up to know they didn't bother to issue a statement on what had been loss.

And guess what? no tweet today Cheesy no changes in the number of secure coins in coininfo page after 1 week,
hero member
Activity: 1651
Merit: 863
March 26, 2019, 06:12:34 AM
Just now another Exchange had been hacked:
https://www.coindesk.com/singapore-based-crypto-exchange-dragonex-has-been-hacked

You know what they wrote:

Quote
For the loss caused to our users, DragonEx will take the responsibility no matter what.
full member
Activity: 728
Merit: 169
What doesn't kill you, makes you stronger
March 26, 2019, 03:31:30 AM
Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN.  

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack! Roll Eyes
I think Cryptopia might pass from all those 3 types eventually!

I was a locksmith for many years before i got into infosec:

The average thief will spend 5 minutes trying to break into a home.   If they fail, they move to the next house.

HOWEVER.

If they want to get in - they are going to get in.


The same holds true with crypto.

That's exactly the point. There is a difference between a company using hot wallets and cold storage, just like there is a difference between someone using a regular vs. a high-security lock/door. You're acting as if they are the same.

Actually in essence they're pretty much the same thing, both a cold storage and a hot storage are a pair of public and private key. What we "usually think" of cold storages is that the company using them won't have the private key saved in a place that's accessible from the internet.

However what we think as common sense is not necessarily what Cryptopia or any other company might be doing, they might just have the private keys of the cold storage in the CEO's personal PC while he's downloading pirated software or clicks on any ads that pops in his screen for all we know.
sr. member
Activity: 503
Merit: 286
March 25, 2019, 12:32:22 PM
Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN. 

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack! Roll Eyes
I think Cryptopia might pass from all those 3 types eventually!

I was a locksmith for many years before i got into infosec:

The average thief will spend 5 minutes trying to break into a home.   If they fail, they move to the next house.

HOWEVER.

If they want to get in - they are going to get in.


The same holds true with crypto.

That's exactly the point. There is a difference between a company using hot wallets and cold storage, just like there is a difference between someone using a regular vs. a high-security lock/door. You're acting as if they are the same.
legendary
Activity: 2198
Merit: 1000
March 23, 2019, 03:34:09 PM
Like the rest of us, i keep waiting to hear something new  Roll Eyes yawn
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
March 22, 2019, 05:57:01 PM
I don't know how trustworthy Bitfinex's or any exchange's volume reports are.
I know the webpage visit rate is not a precise compare tool, but for an exchange which was reporting about 10 times more volume than Cryptopia (not sure of the exact number), Bitfinex didn't have any different traffic compared to Cryptopia.
https://www.similarweb.com/website/cryptopia.co.nz?competitors=bitfinex.com

That's probably not the best metric. IIRC, Cryptopia supported close to 1,000 coins, most of which were very low volume. They probably have lots and lots of tiny traders who are trading altcoins.

Bitfinex has much thicker order books. We can also see that much larger traders use it -- they make large market orders and set up walls on the order book. Bitfinex could easily be inflating their volume but I'm pretty sure it's still much bigger than Cryptopia. Even little fish like me avoid Cryptopia because I can usually get a better price on a bigger exchanges.
hero member
Activity: 1651
Merit: 863
March 22, 2019, 07:58:31 AM
Finex needed or maybe still needs high volume from traders.
You had or have to deposit huge amounts.
Their Wallets are known.
https://bitinfocharts.com/de/bitcoin/wallet/Bitfinex-coldwallet
Only in this wallet Bitfinex holds more than 400Mio Dollars...


Its not a shitcoinexchange where you trade in microBTC-sizes.
So the comparing of Networktraffic wont show comparable traded volumes.
Buying/selling 20BTC is nothing at Bitfinex.
At Cryptopia, you are a whale with 20BTC.
full member
Activity: 728
Merit: 169
What doesn't kill you, makes you stronger
March 22, 2019, 07:08:14 AM
Ok so it will turned out as Bitfinex 2.0 wherein the compensation will be tokens. The reason also I stopped using that exchange.

at least it sounds like there will be a market for these CLM tokens. so anyone who wants to dump them and run can do so. as an alternative, those who believe cryptopia will be viable can buy the CLM tokens cheap and either flip them for profit or wait for repayment.

it worked for bitfinex......cryptopia isn't as attractive from a volume/prestige standpoint but the losses appear to be much smaller than bitfinex too.

I don't know how trustworthy Bitfinex's or any exchange's volume reports are.
I know the webpage visit rate is not a precise compare tool, but for an exchange which was reporting about 10 times more volume than Cryptopia (not sure of the exact number), Bitfinex didn't have any different traffic compared to Cryptopia.
https://www.similarweb.com/website/cryptopia.co.nz?competitors=bitfinex.com

I'd like to see older data but unfortunately I can only see that since September, Bitfinex and Cryptopia had the same amount of visitors. Now how big amounts was each visitor trading... is something we can't know for sure.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
March 22, 2019, 02:44:16 AM
The lost funds are replaced with the CLM token as a loss marker. The exact method of how this will work they haven't announced yet.

They replace them to all the users? Because i don't see any CLM tokens in my balance...


They are only issued to those that have an affected coin. They also still haven't completed the audit and transfer to new wallets addresses for all the coins.

legendary
Activity: 1652
Merit: 1483
March 22, 2019, 01:40:14 AM
Ok so it will turned out as Bitfinex 2.0 wherein the compensation will be tokens. The reason also I stopped using that exchange.

at least it sounds like there will be a market for these CLM tokens. so anyone who wants to dump them and run can do so. as an alternative, those who believe cryptopia will be viable can buy the CLM tokens cheap and either flip them for profit or wait for repayment.

it worked for bitfinex......cryptopia isn't as attractive from a volume/prestige standpoint but the losses appear to be much smaller than bitfinex too.
hero member
Activity: 1246
Merit: 708
March 21, 2019, 06:37:43 PM
indeed, better little compensation than nothing.
And most important thing should be cryptopia will survive.. there is no other 3rd class coins exchange like cryptopia :|


Sorry seems to me posting in cryptopia hack event thread - I think we should focus ther bout hack thing at most (not bout cryptopia future)
legendary
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game
March 21, 2019, 06:19:47 PM

Ok so it will turned out as Bitfinex 2.0 wherein the compensation will be tokens. The reason also I stopped using that exchange.

GG Cryptopia. I worked so hard for those tokens of mine on your platform. Thanks anyways I got decent profit out of it but still lots of left. No choice but to accept the compensation better than nothing although Im really truly disappointed to the process.
hero member
Activity: 553
Merit: 500
March 21, 2019, 05:49:29 PM
Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN. 

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack! Roll Eyes
I think Cryptopia might pass from all those 3 types eventually!

I was a locksmith for many years before i got into infosec:

The average thief will spend 5 minutes trying to break into a home.   If they fail, they move to the next house.

HOWEVER.

If they want to get in - they are going to get in.


The same holds true with crypto.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
March 21, 2019, 05:39:40 PM
Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN. 

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

Pretty much. All exchanges will be hacked, and some will be hacked beyond recovery or ability to compensate. When I got into Bitcoin years ago, one would have expected Cryptopia to simply disappear in a situation like this -- like Cryptsy and others did. Cryptopia probably could have handled things better PR-wise, but people should be happy they're getting anything back at all. The alternatives are Gox, Cryptsy, etc.
full member
Activity: 728
Merit: 169
What doesn't kill you, makes you stronger
March 21, 2019, 05:20:27 PM
Risk Management.  

You've done your due diligence:  unique email/pass, 2FA, VPN. 

No such thing is "safe".

There are only 2 types of companies: those that have been hacked, and those that will be hacked.

And then there are those which are not worth bothering to hack! Roll Eyes
I think Cryptopia might pass from all those 3 types eventually!
Pages:
Jump to: