Two weeks ago, U.Today reported about the hack of the New Zealand-based Cryptopia exchange. Back then, the platform’s team stated that the hacker had stolen around 13,400 ETH (about $2.44 mln) and nearly 50 mln CENNZ tokens (around $1.18 mln).
The tip of the iceberg
However, the DLT research company Elementus has figured out two weeks later that the real amount of the crypto taken away was much bigger – $16 mln. Elementus also warned that a lot of the exchange’s hot crypto addresses were still vulnerable to hacking.
The CEO of Elementus, Max Galka, mentioned that more than 5,000 Cryptopia wallets are still in danger and could be ‘visited’ by hackers again. Users of the exchange, who were probably unaware of the hack, continued putting funds into those wallets.
The return of the thief
On Monday, Jan. 29, Elementus tracked several other withdrawals in ETH coins. The amount totalled nearly 31,000 ETH, which is around $3.2 mln.
First, the agency thought that it could be Cryptopia itself, taking its funds to a secure cold wallet. However, later it turned out that the address to which the transaction was made was the same as the one that accepted the stolen funds during the first attack.
The curious fact remains – investors kept topping up their Cryptopia wallets as the hacker was sucking ETH from the exchange, despite the loud news reports of the previous attack.
The head of Elementus assumed that these tokens were being sent to the exchange from miners through a ‘direct deposit’ automatically.