As much as USD 23 million worth of cryptocurrency may have been stolen during the recent security breach at Cryptopia, new expert analysis suggests.
According to calculations from Elementus, a New York based blockchain specialist firm, the total value of the stolen crypto-currency which includes ether and various tokens - at current market prices stands at approximately USD 23 million.
The figure significantly surpasses early media speculation, which reported losses ranging from USD 2.5 million to as much as USD 11 million, despite a lack of official confirmation.
“This number includes only what's on the Ethereum blockchain (ether and ERC20 tokens),” said Max Galka, co-founder and CEO of Elementus. “We have not examined the Bitcoin blockchain or other blockchains to see if funds were stolen there as well.
“For the last few days, the hackers have been shuffling the funds around in small pieces and gradually moving them into exchanges to cash out.”
Galka said the graphic and table below highlights how much has been sent to each exchange.
At this stage, Galka said the hackers have attempted to cash out around USD 1.2 million at exchanges, with the vast majority remaining in two wallets controlled by the thieves.
“The funds were taken from more than 76k different wallets, none of which were smart contracts,” Galka observed. “The thieves must have gained access to not one private key, but thousands of them.”
In assessing the activity before and during the breach, Galka said the lack of urgency on the part of the hackers is “striking”.
“Rather than withdrawing the funds as fast as possible, as is the case in most crypto hacks, they took their time extracting the assets over the course of nearly five days,” Galka explained.
“After Cryptopia discovered the hack, they watched the funds continue to flow out of their wallets for four more days, seemingly powerless to stop it.
“As these wallets were not smart contracts, there should have been no technical complications preventing Cryptopia from securing the funds. The only plausible explanation for Cryptopia's inaction is that they no longer had access to their own wallets.”
At this stage, Galka said 1,948 Ethereum wallets and USD 46k in Ether still remain at risk.
“We count about 2,000 remaining Cryptopia wallets holding a combined balance of ~380 ETH (about $46k),” he said. “Most of these funds were deposited by Cryptopia users after the initial hack took place, apparently unaware of the security breach.
“Assuming the thieves have access to these wallets, and Cryptopia does not, recovering the funds is a lost cause.
“However, if Cryptopia knows the identities of these users, hopefully they've had the foresight to contact them and let them know not to send any more funds.”
Meanwhile, as the aftermath enters day 10 and the Cryptopia website remains closed, police in New Zealand claim to be “making progress” in the case.
“Good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent,” a statement read. “The assistance of the crypto currency community is being sought as the investigation progresses.
“This is a very complex investigation, involving expert digital forensic investigators from within New Zealand and in various overseas jurisdictions, as well as overseas authorities.”
Police said members of the investigation team met with Cryptopia management and staff on Monday and Tuesday this week to outline progress in the investigation.
“Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation,” a statement added.
“The investigation is expected to take some to time complete, and the digital forensic team will be on-site at Cryptopia’s premises for some days to come.”
Established in 2014 by founders Rob Dawson and Adam Clark, the crypto-currency exchange has over two million global users, facilitating deposits, trading and withdrawals of major coins.
Cryptopia also claims to have access to “dynamic charts, live coin information, world class service and the world's largest range of coins”, according to the company’s website.