Pages:
Author

Topic: [Cryptopia] ONLINE ARTICLES related to hack &theft of funds 2022 (non discussion - page 8. (Read 5715 times)

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Is 'First come first serve' legal or not?

The only thing that would be stopping payments in such a scenario is the blockchain ledger balance which was fraudulently altered by the 51% attack.

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide

You like to keep confusing people, dont you?

Policies are not contracts !

Policies you can change any time anyhow.

Contracts consider two sides bindings.


I think the words Before you list, be aware of your obligations - makes it quite clear.

A "Terms Of Service" is a contract. A reference to their policies is specifically mentioned in their TOS.

I don't work for Cryptopia so I'm not privy to the discussions that coin devs have with their staff.

However - I know that they have had a similar listing & delisting policy published on their site since early 2016.

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
When they sent bills to developers that bill was min 10 times bigger.

But the coin developers also didn't detect the 51% attacks and act on them. They have only one network to monitor and are contractually obliged to monitor it.

can you show those contracts that you are talking about?


https://support.cryptopia.co.nz/csm?id=kb_article&sys_id=5d7482d2db9e9bc032a664a14a96199f

Quote
Before you list, be aware of your obligations to us to help maintain your listing.

You need to give us notice of the following:

At least 2 weeks' notice of any significant code or protocol changes for your coin, especially hard forks.
Major issues with your coin, including hacks or network problems, as soon as you become aware of them.
Any issues with deposits or withdrawals of your coin from Cryptopia.
At least 1 month's notice if you want our assistance with an air drop. Be aware that support for this is solely at our discretion.
As much notice as possible if you need to conduct a coin swap. By default we don't support coin swaps, but they may be considered on a case by case basis.
Cryptopia reserves the right to remove any coin listed in its exchange markets for violations of our listing terms. This is solely at our discretion. Reasons a coin may be eligible for delisting include, but are not limited to:

Any network issues or vulnerabilities that could be exploited. Examples include:
Low hash-rate.

Out of date code base or wallet stability issues.
Frequent issues with deposits or withdrawals (outside of Cryptopia's control).
Insufficient nodes to keep the wallet synced and network propagating transactions.
Coins which violate our terms and conditions, policies, or an applicable NZ law or regulation
Coin swaps (where we are unable to support these)
Coins without a working, reliable block explorer
Coins that fail to provide notification of mandatory updates
Abuse directed by a coin team's core community at Cryptopia or its staff.
At our discretion, Cryptopia may issue a warning for breaches of our listing terms and conditions and provide the coin team an opportunity to rectify any issue(s).

Coins issued with a delist notice will have their markets closed and there will be a 30-day notice and withdrawal period before the listing is removed. This information will be published on our coin info, delisting, and market pages and we will endeavour to email all affected users holding positive balances of the coin.

 
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
When they sent bills to developers that bill was min 10 times bigger.

But the coin developers also didn't detect the 51% attacks and act on them. They have only one network to monitor and are contractually obliged to monitor it.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide

Engineering is not watching the crystal ball. There are no 'hard things to do', but rather things that are either working or not.
51% is detected by software modules, monitors (and not by visually examining blocks in the chain), and they can trigger alerts.
Most coins are BTC forks so the way you set alert for one coin, you can set to all other coins.
If for whatever reason you can not set alert for specific coin, you do no list that coin, as security monitoring is essential and very basic responsibility for any exchange.
If there is no security there is no exchange.


I think you missed the point. I totally agree that coins that are unable to secure their blockchain have no place on an exchange and need to be delisted / not listed.

While it is important for exchanges to monitor blockchain operation and developments - ultimately the security of the blockchain is the responsibility of the developers of that blockchain.

Saying the exchange is responsible is like saying a reseller of software is responsible for the software itself. Ultimately the responsibility of the reliability of the operation of the software lies with the software developers.

If I sell something and the bank (blockchain) confirms the deposit and then I send the goods based on that advise - and later the bank reverses the transaction (after I sent the goods) then the problem has occurred at the bank (blockchain). Whether it is "open source", "decentralized" or whatever  - it is irrelevant. The initial failing is at blockchain level.

There are certain things that an exchange can monitor.  Ultimately if a blockchain gets attacked then the blockchain needs to fix the problem or get delisted.

Some blockchains have realized that and solved the issue while other conveniently shift the blame.

You will find that there are always those that disagree in opinion over this but by nature of a 51% attack - it cannot be detected until after it has occurred. Therefore if it can occur easily - the blockchain no longer has a valid commercial use.

Lets not forget, you do not have to list all those coins. It is a choice, not must!
As I said, if you do not have monitoring system for specific type of coins you do not list them.

Don't forget that coins pay to be listed and part of that they agree to the conditions of listing. It is a binding contract.
Some of the coins were listed well before 51% attacks became a valid security issue.

Blaming coin devs is not the way to go.

When a coin is exploited and fail to meet the conditions of listing (breach of contract)  then they are to blame.

Legit coins take their responsibilities seriously:

https://medium.com/floblockchain/flo-team-response-to-51-attack-8c9ef683d7ba
https://blog.zencash.com/zencash-statement-on-double-spend-attack/


Quote
Vertcoin (VTC), a peer to peer crypto software blockchain, recently experienced a 51% attack where the blockchain experienced four successful reorganizations.

The interesting thing about the attack is that Coinbase was commenting live about the event which gave the exchange a competitive advantage over Binance and Bittrex.

Coinbase went ahead to claim that all exchanges offering fiat based trading pairs and a wide range of assets could continue to fall victim to such attacks.

https://www.cryptodigest.com/exchanges/vertcoin-experiences-a-51-attack-coinbase-takes-advantage/

This verticoin block 1044331 Had a re-org depth of 310 blocks and two double spends targeting exchanges.
http://explorer.vertcoin.info/block/5313791a34a89e55c41b1522f6b5b607dad88b839e05432cbe9620e2f5e46bf1

legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Hi @BookeyBitMan and thanks for the tip off for the article.

Most sites will have now covered the same ground, so it pays to just check with the first three posts in this thread to ensure the details aren't just being rehashed.

I'll add the link to the relevant post later this afternoon.

Kudos.
jr. member
Activity: 128
Merit: 3
I read on CoinTelegraph article about Cryptopia "New Analysis Suggests" 01.22.
They wrote that total stolen coins value is 16 million dollars and stolen coins are ETH and ERC20 tokens.
Two wallets is hacked, one for ETH and one for ERC20 token, on the morning of Jan. 13

"In Cryptopia’s case, the thieves’ gained access to as many as over 76,000 wallets, and moreover apparently displayed a lack of urgency in siphoning the funds over time. Elementus moreover suggests that Cryptopia’s inaction — for several days after the incident was detected — may imply the exchange had lost access to its own wallets."

"As previously reported, until now estimations of the lost funds ranged between $3-13 million. Up to 40 Cryptopia users are reported to have sought legal representation in the incident’s aftermath."

How I see this is not good at all......
You can see all details/article here:
https://cointelegraph.com/news/new-analysis-suggests-16-million-in-crypto-stolen-in-cryptopia-hack
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
I don't understand from ths thread if BTC have been stolen too or not.

A quick check of this website: https://www.walletexplorer.com/ shows there doesn't seem to have been a known Cryptopia wallet(s) for BitCoin.  Most attention has been on the ERC 20 / ETH tokens not the Crypto Coins such as BitCoin, LiteCoin or similar.

Any information will be gratefully appreciated.
member
Activity: 365
Merit: 14
I don't understand from ths thread if BTC have been stolen too or not.
legendary
Activity: 1554
Merit: 1044
Yesterday's New Zealand police press release - Police making progress in crypto-currency investigation.



http://www.police.govt.nz/news/release/police-making-progress-crypto-currency-investigation
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
All Elite/1337 coins are still there:

https://chainz.cryptoid.info/1337/wallet.dws?32414.htm

2,303,828,263.89713 1337 look to be sitting in a hot wallet with the last withdrawls on the 13th of January 2019.

at one satoshi that makes 23.03 BitCoins worth of 1337 frozen.  Thanks for the heads-up.
hero member
Activity: 2730
Merit: 552
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Mothership Public Statement regarding the Cryptopia’s security breach on 14th Jan, 2019

Linh Le Jan 22 (2019)

https://blog.mothership.cx/mothership-public-statement-54aac6ee03cf - Archive: http://archive.fo/MK9P1

Quote
The official public statement from Mothership regarding the recent event happened to Cryptopia.

Mothership would like to release an official statement in the wake of the Cryptopia event, which in their own words:

    14th January 2019, the Cryptopia Exchange suffered a security breach which resulted in significant losses. Once identified, the exchange was put into maintenance while we assessed damages.
     Cryptopia has notified and is cooperating with the appropriate government agencies, including the NZ Police and High Tech Crimes Unit.

As the event unfolds, Mothership stakeholders had a considerable amount of tokens on the site and have been affected by the breach with over 32 million MSP, which is about 15% of the total supply. Cryptopia has not confirmed if the tokens on their exchange have been stolen; but as a company with a large number of customers involved, Mothership ought to take proper measurements and consider the worst scenario of this event as a hacking incident.

For immediate course of actions, we have reached out to HitBTC and Lykke regarding blacklisting the stolen coins. We are also getting in touch with Cryptopia while setting up our own onchain tracking so we know where the funds move and can blacklist them ourselves.

In direct reaction to the 32 million MSP affected, Mothership has decided to carry out a token swap. Those who are in possession of their tokens will be able to simply exchange their MSP. And those who have suffered from the Cryptopia incident will be able to go through a claim process and reclaim their MSP.

We will not build a separate swap product, but implement this swap on our own exchange, so the timing of the swap will follow the schedule of our launch.

The swap and claim process, at the time of discussion, will be roughly as follow:

    People who have MSP will have to create an account on the Mothership exchange, deposit their MSP and get the same amount of new tokens on their balance;
    People who had MSP on Cryptopia will also have to create an account on our exchange and make a claim. We will then manually check each claim with Cryptopia, if they agree to cooperate, and grant the new token accordingly if the claim is confirmed as legitimate.

For the time being, those who have been affected are welcome to begin the claim process by filling out this form. Please note that the investigation is still ongoing, and we yet have to discuss the terms of cooperation with Cryptopia — meaning the likely time frame we are looking at for the swap is a few months from now. However, we would like to get to know you right away, and represent your interests as a group.

Mothership is acknowledging the severity of the Cryptopia’s breach and its consequences, but we would like to take the chance to reaffirm that Mothership will not let the event interfere with our plan to launch our own exchange. Our Chief Technical Officer and the Product team will continue as normal and any technical activities for the swap will happen AFTER launch.

As for the time being, we will get to know all the affected persons, establish communication with Cryptopia, assemble data, and map out a more detailed plan. We will of course keep you updated on our efforts of tracking the stolen coins, and for other exchanges we might issue a blacklist ourselves so it is easier for them.

We thank everyone for their support and understanding of our decisions as well as handling in the wake of the event. Any questions or comments regarding the event can be asked directly on the Mothership main Telegram group, or in the chat box on our platform.

FOR THE MENTIONED CLAIM FORM, PLEASE CLICK HERE

* For holders who do not remember the exact amount of MSP they had on Cryptopia — it’s OK — just tell us the approximate amount in the form so we can understand the magnitude of your share. We will be checking every claim with Cryptopia to confirm the precise numbers.
legendary
Activity: 3136
Merit: 3213
You can edit your First post right now .
You are right with that , that i am a part of Cryptopia in form as an volunteer Moderator without any payments and also as Xrtraelv a Customer .
And I am not contracted.
I am not employed by cryptopia!

For this Cristmas day i just posted an update for the maintenance .
All i posted in this thread was and is done  volunteer and posted from myself without any instructions from Cryptopia , i just asked if i can post the things with there approval !


Update :

Thanks for the edit !
sr. member
Activity: 288
Merit: 253
https://chainz.cryptoid.info/vivo/wallet.dws?42143.htm
It's VIVO Cryptopia wallet, possible(not active withdrawals from 14.01.2019)
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
When will cryptopia customers be able too log in and get there coins back

Short answer - given there is a police investigation, could be months if not years for the NZ Police to establish what was taken and by whom.  Firstly there is the theft in January 2019 of Crypto to investigate, then there is the issue of potentially trading while insolvent due to Cryptopia being unable to repay to depositors funds that had been stolen via 51% attacks in the second half of 2018. Then there are the class actions to recover funds by depositors to be considered. In all likely-hood an administrator would be likely be appointed to forensically examine which accounts owned what and seek a determination from a Judge how best to distribute to the masses funds from both hot and cold wallets which is why I am trying to gather together in this thread proof of what crypto was stolen and what hot and cold wallets have been left intact (not to mention any class actions & news articles on the Police's investigation and the NZ Crown's DPP potentially laying charges ( and the time frames those proceedings might take) ).

Get yourself a pen and paper and write down as many details as you can about your own account.

user name, password, email address - any 2FA and any recovery codes. Deposits. Withdrawls. What coins were up for sale (or buy). Even your Karma score.

Given that it could be years - put that sheet of paper in a safe place. Memories, Hard Drives and Mobile phones come and go, a sheet of paper in a safe place can be the key to recovering your funds in a few years time.
full member
Activity: 308
Merit: 112
When will cryptopia customers be able too log in and get there coins back
sr. member
Activity: 288
Merit: 253
DOGECOIN Cryptopia cold wallet
https://dogechain.info/address/DFBZ2U7cErTBNDFqFBfA3cGbGfnxwVXuth
42,450,000.00000000 DOGE

Doge possible are safe

I made depo on Cryptopia hot wallet DHKfajPsVBoTCgQxZJfQcT1CS3FuDPmmVF at end 2018.
Pages:
Jump to: