It is “very unlikely” that the people behind the Cryptopia hack will be caught, according to a leader in blockchain security.
Michael Ou, the CEO of Taiwan-based CoolBitX, says that even if the hackers are apprehended, returning the stolen funds could become a prohibitively expensive and complicated process.
In an email, Ou added that despite the combined efforts of other exchanges in freezing funds, the Cryptopia thieves are likely to keep most of the stolen cryptocurrency.
“Despite the efforts of major exchanges to identify and freeze the stolen funds as fast as possible, it is very unlikely that these criminals will ever be caught,” Ou wrote.
“And even if the criminals are caught, or the funds effectively frozen and obtained by legitimate actors, the process of returning the Ether to its original owners is likely to be a long and challenging process for all parties.”
Binance Freezes Assets
Cryptopia detected what it described as a “significant security breach” in the early hours of Monday morning. The New Zealand-based exchange, which had a daily trading volume of around $2M prior to the hack, then alerted users on Tuesday morning. Current estimates suggest hackers stole as much as $3.4M worth of Ether (ETH) and Centrality (CENNZ), as well as other tokens.
Cryptopia has raised questions in the past. In early November, gold-backed cryptocurrency AurumCoin (AU) alleged that the exchange was complicit in a 51% attack. 16M AU tokens – then worth approximately $500,000 – were successfully sold on Cryptopia’s trading platform.
Some users on Twitter accused the exchange of orchestrating the security breach themselves, as cover for an “exit scam.” The investigating New Zealand police have not ruled out the possibility of an inside job.
The stolen assets were sent to Binance wallets yesterday, prompting the exchange to freeze the funds after being alerted by users on social media.
News outlets were split on this development. Some highlighted it as proof that the sector can effectively police itself; others wondered why the world’s largest exchange had to rely on Twitter users, rather than their own surveillance systems, to detect the stolen funds.
This raises some big questions. ?
How is that possible with modern blockchain analysis? ?
— Sir Bitlord ❇️ (@Crypto_Bitlord) January 16, 2019
Cryptopia hack shows the sector is still unprepared
Since the CoinCheck hack in 2018, the largest on record, exchanges have started taking security more seriously. Most custodial exchanges hold users’ assets in cold wallets, which cannot be easily accessed. Smaller sites, like Cryptopia, may not be able to afford the same protection, making them targets for hackers.
But even the larger ones, like Binance, are still not monitoring the assets going through their servers. There may be better protections to prevent digital thefts, but the sector is still under-prepared to deal with the situation after the event. CoinCheck, for example, had to reimburse users out of their own pockets.
If history is any guide, Ou is probably correct: the Cryptopia hackers are unlikely to be caught, and victims should not expect to see their funds again. In the meantime, the exchange now has the dubious honor of the first hack in 2019. Binance’s actions in freezing the stolen funds is laudable, but hardly enough to deter future hackers.
Cryptopia may have had it coming, but that’s small comfort to the victims of this week’s hack – or to the future victims of the next one.
The author is invested in digital assets, including ETH which is mentioned in this article.