Cryptopia Announces Security Breach, Goes Offline

New Zealand-based exchange Cryptopia has just informed its customers on Twitter that they have suffered a security breach. While no exact figures are given, the tweet claims “significant losses“.

pic.twitter.com/0ZwqFfwwHi

— Cryptopia Exchange (@Cryptopia_NZ) January 15, 2019

Stolen funds

At the time of writing, the website is still in maintenance mode, as the larger community is looking for hints to determine the magnitude of the problem.

The most suspicious finds are a $2,500,000 Ethereum transaction and a large CENNZ transaction – at the time of writing the tokens transacted are worth more than 1 million US dollars. Both money transfers occurred the day prior to the announcement. Sub-$20,000 amounts of other tokens such as Gnosis and Feed were also withdrawn around that time.

With the limited liquidation options for large sums of Ethereum and the technology’s pseudonymous nature, it is questionable whether the attackers can actually manage to convert the cryptocurrency into fiat currencies. For example, so far, the Bancor hacker has not been able to use any of the money stolen from the ICO-funded liquidity network.

Solvency risks

It is also an open question whether previous profits by Cryptopia can cover the losses so that the exchange can remain solvent. The exchange, similarly to its competitors, made most of its money through listing fees and trading fees.

Trading Fee Profits

Trading fees on Cryptopia are set at 0.2%, which at around $1,250,000 daily volume yielded $76,000 profit from fees during the past month.

However, the daily volume of the exchange once reached a peak of $280,000,000 (potentially yielding more than half a million USD in a single day), so bull market profits should be more than enough to cover the recent theft, if it is limited to the transactions linked above.

Listing Fee Profits

Cryptopia is also transparent about its token listing fee. All prices are in Dotcoin, and throughout the bull market where most listings took place, the price were as follows:

• 5,000,000 DOT for a token listing
• 2,500,000 DOT for a NovaExchange orphan listing
• 100,000 DOT/month to enable Trollbox tipping with your cryptocurrency
• 100,000 DOT/month to add your cryptocurrency to the Cryptopia Reward System
• 100,000 DOT/week for a Featured cryptocurrency slot

At the height of ICO listing interest, the 5,000,000 DOT translated into more than 25 bitcoins and more than 270 Ethereum. It’s extremely likely that a large portion of the 835 bitcoin-based trading pairs on the exchange appeared there after a payment of between 2,500,000 and 5,000,000 DOT, at prices ranging between 60 and 270 Ethereum for the amount.

While the data is too limited to perform exact calculations, rough estimates suggest that listing fee profits throughout the past 2 years can cover the losses from the hack, provided that trading fee profits were enough to cover all other expenses.

Cryptopia’s future

The bigger question remains – is Cryptopia going to join “Team Bancor” – the security breach survivors, or is it going the route of MtGox, Cryptsy and Mintpal.

Given Bancor’s hacker’s evident inability to actually make use of the stolen funds, as well as the potentially massive profits that Cryptopia made throughout the bull market days, there’s plenty of reasons to remain optimistic while we’re waiting for further news by the exchange operators.