New Zealand police are investigating the hack of cryptocurrency exchange Cryptopia, which resulted in “significant losses” that some estimate could amount to more than US$3.5 million.
Christchurch company Cryptopia, which has been said to be operating New Zealand’s largest cryptocurrench exchange, shut down its website and exchange services on January 14 citing a security breach.
Police proceeded to a physical scene examination at the company’s headquarters building on January 16 and have commenced a forensic digital investigation of the company after an “alleged unauthorized transaction” of “significant value of cryptocurrency” occurred.
Government agencies, including New Zealand police and the High Tech Crimes Units, are currently investigating the matter as “a major crime.” Police said in a statement On January 15 that they were also liaising with relevant partner agencies overseas.
Tweets from Whale Alert pointed out to 19,391 ether (ETH), worth nearly US$2.44 million, and around 48 million centrality (CENNZ) tokens, worth about US$1.18 million, being transferred from Cryptopia to unknown wallets on January 13.
It is unclear at this time if those funds were effectively moved by the hacker with police stating on January 16 that they were “not yet in position to say how much cryptocurrency is involved, other than it is significant amount,” adding that it was still “too early for us to draw any conclusions and police will keep an open mind on all possibilities while we gather the information we need.”
“We are dealing with a complex situation and we are unable to put a timeframe on how long the investigation may take,” New Zealand police said in a statement on January 16. “A priority for police is to identify and, if possible, recover missing funds for Cryptopia customers, however there are likely to be many challenges to achieving this.”
Police noted that Cryptopia has cooperated fully with the investigation team.
New Zealand’s capital markets regulator the Financial Markets Authority has also been called in. A spokesperson for the authority said Cryptopia reported the breach to the FMA on January 16 morning.
“We will be engaging with the firm and the police,” the spokesperson said, quoted by Stuff.
The FMA had received complaints about Cryptopia in the past which were dealt by a dispute resolution service. The FMA did not regulate Cryptopia or the cryptocurrencies traded on its platform but companies providing a financial services related to cryptocurrencies are required to register on the Financial Services Providers Register.
In the aftermath of the hack, Christchurch lawyer Clive Cousins told Radio NZ he was recently approached by 40 or so people with an eye to launching a joint lawsuit.
Cryptopia had faced issues in the past and called out for dubious behaviors. In November 2018, more than 100 cryptocurrencies disappeared from the exchange and developers were being asked to pay over fees for return. In another case, one Cryptopia user was asked to pay US$1700 for the return of his coins, because he forgot to include a paymentID with his deposit.
The cryptocurrency industry has a history of security breaches. According to research conducted by cryptocurrency hardware wallet manufacturer Ledger, 2018 was a record year for exchange hacks, with over US$856 million worth of crypto stolen from exchanges. Some of last year’s most notable heists include Coincheck’s US$530 million hack, CypheriumChain’s US$10 million hack, and cryptocurrency trading app Taylor’s US$1.5 million hack.
“Hackers are getting more sophisticated every day, and the Cryptopia hack is evidence that this trend will continue into 2019,” said Eric Larchevêque, CEO of Ledger. “Its critical that consumers use these hacks as learning opportunities and proactively protect themselves by taking direct control of their assets.”
Cryptopia was founded three years ago by Rob Dawson and Adam Clark. It now has more than 1.4 million users.