It’s official: Normal service has resumed in 2019. The crypto world has experienced its first hack of the year, which hit a mid-sized New Zealand exchange called Cryptopia. Company representatives claimed on January 14 that Cryptopia was undergoing unscheduled maintenance. However, at the time of writing, police are investigating and the exchange is offline.
This is just one of a series of hacker attacks on the crypto market over the past 12 months. According to Ledger’s research, $864 million was stolen in 2018 from exchanges as a result of 10 big hacks. Aside from large-scale attacks, the crypto community also faced a large number of smaller hacks last year.
Cryptopia: First crypto hack or first exit scam of 2019?
On January 14, Cryptopia reported unscheduled maintenance. The exchange’s community expressed concern, as evidenced by numerous comments on the tweet below. Before the final statement about the hack, many were concerned that Cryptopia had pulled off an exit scam.
We are currently experiencing an unscheduled maintenance, we are working to resume services as soon as possible. We will keep you updated.
— Cryptopia Exchange (@Cryptopia_NZ) January 14, 2019
Replying to worried traders on Twitter, Cryptopia said:
Resuming trading is our number one priority and we have a highly experienced and extensive team dedicated to resolving this as quickly as possible.
Could it be an exit scam?
On January 15, Cryptopia released a statement that a hack occurring the previous day had resulted in significant losses. When Cryptopia announced the unscheduled maintenance, they already knew the attack had taken place. This raised suspicion about an exit scam, especially given the exchange waited almost two days before acknowledging the attack. Also, the exchange didn’t specify what constituted a “significant loss” and didn’t say whether users could check if their funds were missing. Cryptopia still hasn’t answered these questions.
Bug-hunting firm Hacken found that during the so-called maintenance, 19,390 ETH was moved out of Cryptopia’s tagged wallet to an unknown address. Ten minutes later, according to Whale Alert, 48 million CENNZ tokens were also moved out of a Cryptopia wallet.
New Zealand Crypto Exchange @Cryptopia_NZ has been hacked. We came to this conclusion after observing an ETH transaction (https://t.co/NqBirTc0jS), of 19,390 ETH being moved out of Cryptopia’s tagged wallet to an unknown address.
Hacken and @CER_Hacken are looking into this case. https://t.co/KGf7g4egrM
— Hacken (@Hacken_io) January 15, 2019
The big transfer of funds, the maintenance, and the hack could theoretically all be separate events. But by delaying its response, Cryptopia has cast doubt on its own story.
No one from the Cryptopia team has commented on the allegations. Instead, they’ve just said:
We cannot comment as this matter is now in the hands of the appropriate authorities. We will update you as soon as we can.
In an updated police report, authorities said they noticed “online speculation” about an exit scam. Despite the exchange’s cooperation with the investigation, police have not ruled out the possibility of an internal attack.
A large number of hacks that targeted both customers’ crypto and their data took place in 2018. Let’s take a look at the big ones.
Bithumb: $30 million hack and refund
South Korean crypto exchange Bithumb fell victim to hackers in June 2018. Hackers stole nearly $30 million in cryptocurrency, which represented 10 percent of the exchange’s total trading volume. Immediately after announcing the hack, Bithumb confirmed it would cover its customers’ losses. Eight days later, the platform revealed it had recovered $14 million worth of the stolen crypto.
This was one of the biggest thefts in 2018, and it caused Bitcoin’s price to fall by around $200. At the time of the attack, Bithumb was the world’s sixth-largest crypto exchange, with a daily trading volume of over $330 million. Its trading volume dropped by 40 percent within three days of the attack.
This is not the first time hackers have stolen money from this exchange. In 2017, thieves used sophisticated methods to access a Bithumb employee’s home computer. During the attack, hackers got hold of personal data belonging to around 30,000 users.
After a gradual recovery, Bithumb’s daily trading volume was about $350 million in September 2018. Surprisingly, by mid-November, the exchange’s daily trading volume reportedly surged to $4.4 billion. Exchange rating service CER accused Bithumb of “wash trading” and faking up to 94 percent of its trade volume.
At the time of writing, Bithumb is the highest-ranked exchange, with a reported daily trade volume of around $1.2 billion according to CoinMarketCap.
Coincheck: “The biggest theft in crypto history”
Last January, one of the biggest heists in history – not just in crypto – took place. The hack affected the altcoin NEM (XEM), with Japanese exchange Coincheck losing nearly $530 million worth of NEM. Hackers stole the crypto using several unauthorized transactions from a hot wallet. It was such a huge loss that it caused a drop in crypto’s popularity around the world.
Despite the exchange’s desire to indemnify all users, the consequences of the hack were visible. When Coincheck unfroze accounts on February 13, users withdrew about $372 million on the same day. The exchange’s reputation took a further hit when it came to light that it was operating without a proper licence. Coincheck had allegedly got a temporary licence from the FSA while it worked on obtaining the proper licence.
A year after the attack, Coincheck got its wish to join the exclusive list of regulated exchanges in Japan. In a statement, Coincheck appeared optimistic about its future:
With the registration as a cryptocurrency exchange agency serving as a milestone, Coincheck strives to continue offering reliable services for our current and prospective customers in a safe and stable manner. Coincheck is also committed to further strengthening security and enhancing usability.
BitGrail: A small exchange, but a huge theft
In February last year, only one month after the Coincheck attack, hackers stole $195 million in Nano coins from BitGrail. As with Cryptopia, there were suspicions that BitGrail was involved in its own hack.
In early January, the exchange stopped all withdrawals and deposits of Nano. BitGrail also announced it would enforce identity verification and potentially block non-European users.
As soon as the hack took place and the BitGrail platform went down, the exchange’s founder – Francesco Firano – and Nano’s lead developer – Mica Busch – blamed each other the hack. Firano claimed bugs in Nano’s software had enabled coins to be “double spent” without the exchange noticing. Busch rejected Firano’s accusation and alleged that the exchange’s own software was deficient.
This January, a year later, two law firms – Silver Miller and Levi & Korsinsky – are suing the Nano team. They allege that Nano directed investors to BitGrail, which they say was an unreliable exchange. The law firms say Nano should compensate victims with a new cryptocurrency through a rescue fork. If they succeed, this would be the first ever court-imposed fork. Such a result would undoubtedly bring new life to the immutability debate.
Crypto exchanges are attractive targets
Over the years, digital intruders have stolen millions of dollars from crypto exchanges. Some of these exchanges managed to recover and refund their users, but others have gone bankrupt.
Many exchanges are reluctant to recognize their weaknesses or admit when they’re at fault. Others could even be behind their own hacks. In any case, exchanges will have to become more trustworthy if crypto is to reach mainstream adoption.