Cryptopia Announces Security Breach, Goes Offline

  • At the time of writing, the website is still in maintenance mode, as the larger community is looking for hints to determine the magnitude of the problem.
  • The most suspicious finds are a $2,500,000 Ethereum transaction and a large CENNZ transaction – at the time of writing the tokens transacted are worth more than 1 million US dollars.
Cryptocurrency Exchange Cryptopia Announces Security Breach, Goes Offline

New Zealand-based exchange Cryptopia has just informed its customers on Twitter that they have suffered a security breach. While no exact figures are given, the tweet claims “significant losses“.

Stolen funds

At the time of writing, the website is still in maintenance mode, as the larger community is looking for hints to determine the magnitude of the problem.

The most suspicious finds are a $2,500,000 Ethereum transaction and a large CENNZ transaction – at the time of writing the tokens transacted are worth more than 1 million US dollars. Both money transfers occurred the day prior to the announcement. Sub-$20,000 amounts of other tokens such as Gnosis and Feed were also withdrawn around that time.

With the limited liquidation options for large sums of Ethereum and the technology’s pseudonymous nature, it is questionable whether the attackers can actually manage to convert the cryptocurrency into fiat currencies. For example, so far, the Bancor hacker has not been able to use any of the money stolen from the ICO-funded liquidity network.

Solvency risks

It is also an open question whether previous profits by Cryptopia can cover the losses so that the exchange can remain solvent. The exchange, similarly to its competitors, made most of its money through listing fees and trading fees.

Trading Fee Profits

Trading fees on Cryptopia are set at 0.2%, which at around $1,250,000 daily volume yielded $76,000 profit from fees during the past month.

However, the daily volume of the exchange once reached a peak of $280,000,000 (potentially yielding more than half a million USD in a single day), so bull market profits should be more than enough to cover the recent theft, if it is limited to the transactions linked above.

Listing Fee Profits

Cryptopia is also transparent about its token listing fee. All prices are in Dotcoin, and throughout the bull market where most listings took place, the price were as follows:

  • 5,000,000 DOT for a token listing
  • 2,500,000 DOT for a NovaExchange orphan listing
  • 100,000 DOT/month to enable Trollbox tipping with your cryptocurrency
  • 100,000 DOT/month to add your cryptocurrency to the Cryptopia Reward System
  • 100,000 DOT/week for a Featured cryptocurrency slot

At the height of ICO listing interest, the 5,000,000 DOT translated into more than 25 bitcoins and more than 270 Ethereum. It’s extremely likely that a large portion of the 835 bitcoin-based trading pairs on the exchange appeared there after a payment of between 2,500,000 and 5,000,000 DOT, at prices ranging between 60 and 270 Ethereum for the amount.

While the data is too limited to perform exact calculations, rough estimates suggest that listing fee profits throughout the past 2 years can cover the losses from the hack, provided that trading fee profits were enough to cover all other expenses.

Cryptopia’s future

The bigger question remains – is Cryptopia going to join “Team Bancor” – the security breach survivors, or is it going the route of MtGox, Cryptsy and Mintpal.

Given Bancor’s hacker’s evident inability to actually make use of the stolen funds, as well as the potentially massive profits that Cryptopia made throughout the bull market days, there’s plenty of reasons to remain optimistic while we’re waiting for further news by the exchange operators.

Discussion
Related Coverage
MetaMask Launches Bridge Aggregator Feature
  • MetaMask Bridges was designed to aggregate multiple blockchain bridges in one place, making it easier and more secure for users to transfer their assets from one network to another.
  • The new feature currently supports the Ethereum, Avalanche, BNB Chain, and Polygon blockchains, as well as the Connext, Hop, Celer cBridge, and Polygon Bridge.
November 9, 2022, 5:11 PM
Hand holding mobile phone with MetaMask app running and MetaMask logo in background

Shutterstock

ETHW Replay Exploit Caused by Omni Contract Vulnerability
  • Over the weekend the Ethereum PoW network fell victim to a replay exploit, with the attacker executing the same transaction on two chains at the same time.
  • The exploit was caused by a contract vulnerability in the Omni cross-chain bridge, and did not affect the ETHW network itself.
The Merge is Finalized, Ethereum Switches to Proof-of-Stake
  • Ethereum’s PoS upgrade, also known as the Merge, was executed at 06:44 AM UTC on 15 September, combining the existing blockchain with the parallel Beacon Chain.
  • The move has reduced Ethereum’s energy consumption by more than 99%, which is equal to 0.2% of the global electricity consumption.