Former Cryptopia Employee Pleads Guilty to Stealing $175,000 Worth of Crypto

  • The man admitted to stealing around $175,000 worth of BTC and other cryptocurrencies from Cryptopia’s old deposit wallets.
  • The funds were subsequently returned and the theft wasn’t connected to the 2019 hack, court documents showed.
Cryptopia cryptocurrency exchange logo

Shutterstock

A man has pleaded guilty to stealing around $175,000 worth of cryptocurrencies and customer data from the Cryptopia exchange, New Zealand news outlet Stuff reported on 5 July. The former employee — whose name was redacted from court documents — appeared before the Christchurch District Court on 4 July, where he was convicted on two charges, theft by a person in a special relationship, and theft of more than $1,000. He will remain in custody until the bail sentencing, scheduled for October.

Following the January 2019 hack, which drained over $20 million worth of cryptocurrencies from the exchange, Cryptopia was placed into liquidation. The process is still ongoing and is managed by accountancy firm Grant Thornton. The documents from Monday’s hearing showed the employee copied private keys from Cryptopia’s numerous wallets and saved them on a USB storage device while working for the exchange. The employee allegedly raised concerns with management around the security of private keys beforehand, and kept them even after having his contract terminated during the liquidation process.

The theft was not connected to the hack, which the police are still investigating, but was discovered by Grant Thornton in September 2020 after a former Cryptopia client requested his funds be returned. An initial investigation showed that 13 BTC was missing from an old deposit wallet, two of which have been put through a mixing service.

Soon after the theft was discovered, the employee contacted Grant Thornton and admitted stealing the bitcoins, as well as another $7,000 worth of cryptocurrencies. The following day, he returned six bitcoins and promised to return the remainder if he wasn’t charged with theft. Later that month he admitted to police he had copied and removed the keys from Cryptopia’s premises, stolen the bitcoin and other cryptocurrency and put it through a mixing service. All of the funds were subsequently returned.

Discussion
Related Coverage
Osmosis Suffers $5M Liquidity Pool Exploit
  • Osmosis’ bug allowed users to add liquidity to any of its liquidity pools, and immediately withdraw 150% of their initial investment.
  • The DEX noted that four individuals were responsible for 95% of the stolen funds, and that two have already volunteered to return $2 million.
June 9, 2022, 1:02 PM
exploit

Shutterstock

Ola Finance Suffers $3.6M Re-Entrancy Attack
  • The attack happened on the Fuse Network, one of the many blockchains Ola operates on, and took advantage of a vulnerability in one of Ola’s smart contracts.
  • The project has paused all activities on Fuse Network, and noted the attack has not affected its services on other blockchains, which remain operational.
Qubit Finance Exploited for $80M
  • The attacker used a deposit option in the QBridge smart contract to create a “huge amount of xETH collateral”, which he used to borrow BNB on the Binance Smart Chain.
  • The Qubit team has contacted the attacker, and offered him the maximum reward it could give if he returns the stolen funds.