Author

Topic: Cryptopia hack leads to ‘significant losses’ (Read 293 times)

full member
Activity: 459
Merit: 102
This is a EXIT'SCAM  Cry  There was no hack
jr. member
Activity: 59
Merit: 1
If you keep funds in your account you always risk. Even the Binance that I use can be attacked once, so I don’t keep a lot of money there. Alternatively, you can use exchanges without registration, for example, ChangeNOW, which seems to me quite good, using it for several months.
sr. member
Activity: 1400
Merit: 268
Fully Regulated Crypto Casino
The last time I used Cryptopia, about one year ago, I experience deposit issue. I immediately complain about it and their support responses were very quick, however, their technical team were really slow to fix my issue. Know I know why; I think they don't have a good technical team. They got hacked and then, shut down their service without any compensation to their customers. And then after they finally open their service again, they got hacked once again.
full member
Activity: 459
Merit: 102
There is a telegram grup were they say they will open Monday (Tomorrow)  Undecided
copper member
Activity: 2968
Merit: 575
www.Crypto.Games: Multiple coins, multiple games
Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...
That would be quite irresponsible of them if they do not have backup of those wallets. A pen and paper wouldn't be the best option to safe your sensitive data. You might lose them in accidents too. Forget about the accidents, the amount of work would actually be tedious. There are better ways to store them digitally.
Sad to hear exchanges getting hacked and they have nothing to do since they didn't take any precautionary measures.
copper member
Activity: 164
Merit: 40
einax.com
Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
They have backup or not it's useless if the funds are directly stolen which was actually happened on cryptopia.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.
Well, if cryptopia only has hot wallets or their funds stored in hot wallets are much higher than in their cold wallet then it's the same synopsis.

The most stupid scenario if cryptopia or any exchange only store their funds to a hot wallet coz when there's a breach of security it's obvious that most of their funds will be lost.

Cryptopia is an altcoin exchange. And storing/consolidating funds is a major problem for exchange that works with many different tokens. Consider this:
You have thousands and thousands of deposit addresses with tiny token deposits made to each. Among all of them there is a significant sum, but it's prohibitively expensive to consolidate those in cold wallet (for ETH tokens you need to first fund deposit address with your own ETH, paying fee and then pay another fee to move tokens to cold store and then pay again to get it back to hot wallet and again to perform withdrawal. Also, you have to account all transaction fees, nonces and track and confirm every transaction). Judging by how long it took for us to design a system to perform cost-effective funds consolidation to keep enough funds to cover the immediate withdrawal and yet store most value offline, I'd say most of the smaller exchanges that were built on the budget won't go nearly as far to protect their hot wallet and simply keep everything except most valuable online to avoid complications. Cryptopia was not small by any means, but I assume they have not upgraded what they had for years, and rushed their ETH token integration without thinking it through and iterating it to perfection. Otherwise, it was probably an insight job - an exchange's worst nightmare.
copper member
Activity: 164
Merit: 40
einax.com
I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.
It may sound like exchanges won't be doing it, because it doesn't look professional at all, but I'm pretty certain that most competent exchanges engrave the private keys of their main cold wallets, the ones people usually assume have been lost because there hasn't been any activity for years, but are still controlled by an exchange.

Coinbase is a perfect and recent example. Out of nothing coins that haven't moved for like 3 or so years have started moving, and everyone assumed it was a whale, but were simply the deep cold wallets of Coinbase.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.
Obviously, hacks always concern hot wallets. Cold wallets can't be gained access to through the internet, and if it is possible anyway, then it simply isn't a cold wallet, but a hot wallet.

The architecture of the hot wallet plays an important role in the security of an exchange. Basically, hot wallet should only speak to the backend that serves users and does security checks and vetting on all requests and actions. For us, it is unthinkable for hot wallets to be connected to the internet. The connected machine only propagates raw transactions and knows nothing about how they are being signed.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
They have backup or not it's useless if the funds are directly stolen which was actually happened on cryptopia.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.
Well, if cryptopia only has hot wallets or their funds stored in hot wallets are much higher than in their cold wallet then it's the same synopsis.

The most stupid scenario if cryptopia or any exchange only store their funds to a hot wallet coz when there's a breach of security it's obvious that most of their funds will be lost.
legendary
Activity: 2170
Merit: 1427
I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.
It may sound like exchanges won't be doing it, because it doesn't look professional at all, but I'm pretty certain that most competent exchanges engrave the private keys of their main cold wallets, the ones people usually assume have been lost because there hasn't been any activity for years, but are still controlled by an exchange.

Coinbase is a perfect and recent example. Out of nothing coins that haven't moved for like 3 or so years have started moving, and everyone assumed it was a whale, but were simply the deep cold wallets of Coinbase.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.
Obviously, hacks always concern hot wallets. Cold wallets can't be gained access to through the internet, and if it is possible anway, then it simply isn't a cold wallet, but a hot wallet.
legendary
Activity: 2170
Merit: 1789
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...

I don't really know how Cryptopia handles their private key, but I'm pretty sure even the most secure exchange won't use pen and papers. It's not fast enough and even gave practical problems when they need to move and manage their wallet. Still, that doesn't mean they should leave it online either.

Let's hope the hacker(s) only hack their hot wallet, because if it's not, then Cryptopia is really doomed.
legendary
Activity: 3094
Merit: 1127
Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/
Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...
Not really be necessary to be written up on paper but rather having the database which contains all the confidential informations specially talking about wallets.
Im not saying that im not believing on them because once you do have an exchange business as an owner you wont really skip out this very critical thing.
If theres a hack then expect theres a loss as simple as that.
full member
Activity: 798
Merit: 103
Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/
Thanks for the link. On this blog, they say that it seems that Cryptopia maybe don't have access to thoses 76K wallets. They are real newbies if they didn't have any backup saved somewhere and written on some papers.
And how could they leave their private keys or mnemonics on a server with access to the internet...
Pen and papers is still the safest way to backup passwords.
I hope the hackers only had access to the Ethereum wallets.
I gave you 1 smerit. My last one...
sr. member
Activity: 910
Merit: 351
Still no legitimate guideline out from Cryptopia, appears we're stuck at a similar position on most recent 6 days. Although investigated by New Zealand police upon Cryptopia Hack. Seems like Cryptopia Exchange will be out of service during throughout the investigation.

Yeah, which is quite alarming. According to this article[1], it seems the hackers managed to empty a lot of wallets from Cryptopia (ETH & ERC20 only), around $16 M were stolen. It claims that somehow the hackers were able to get access to more than 76k wallet address.

[1] https://elementus.io/blog/cryptopia-hack-transparency/
sr. member
Activity: 910
Merit: 351
Who invested in Cryptopia?

What does "invested in cryptopia" means actually? I don't recall they do any ICO or something similar.

Anyway, this hack has been investigated by police and it seems still ongoing.[1] The amount of losses is claimed to be around $3.6, compared to previous hack, it is way smaller (but of course it's still money). Hopefully it can be resolved quickly though I doubt the hacker (whoever it is) will get caught.

[1] https://blockonomi.com/police-investigation-cryptopia-hack/
full member
Activity: 459
Merit: 102
LoL I lose all my DCN and LYNX -2180$
sr. member
Activity: 560
Merit: 286
Binance blocked last night funds coming from cryptopia hack.

check @cz_binance twitter
member
Activity: 1106
Merit: 11
Crypto in my Blood
I have a little investment in cryptopia and this is really bad news for all user who has an account in cryptopia with a big investment. We don't know what will happen after reopening the market.
member
Activity: 186
Merit: 12
Jump to: