What’s happening with Cryptopia?
If you follow the news, you may have heard about the ‘‘significant’’ losses of cryptocurrency after a security breach at Christchurchbased exchange Cryptopia.
The online currency trading platform is said to have as many as 1.4 million registered users.
Millions of dollars’ worth of tokens were stolen.
Cryptocurrency can be difficult to understand. So let’s try to use the example of an ordinary bank heist to illustrate what happened.
Let’s say a bank in Christchurch was robbed. Customers first noticed something was wrong when they tried to log in to their online accounts and saw a message saying the site was in ‘‘unscheduled maintenance’’ mode.
The following day, customers still could not log in and police said they were investigating. Those who visited the bank found its windows blacked out and doors locked. Apparently, the heist was still happening. Bank managers, employees and even police could not force entry or stop the funds being stolen.
The robbers weren’t in a hurry. They had got hold of the keys, the master keys, and locked everyone else out. Then, they had changed the locks. So they took their time, stuffing sacks with valuables, smuggling them out through tunnels, shipping them overseas.
Today, almost a month later, the windows are still dark. Customers cannot access their accounts. The investigation is continuing, with few updates.
The combined worth of tokens stolen from Cryptopia’s digital wallets is unclear. It’s estimated that on January 13 more than $5 million was transferred to an unknown digital wallet. The following day, the website was down. On January 15, Cryptopia admitted a ‘‘security breach’’ and said ‘‘appropriate government agencies’’ had been notified.
But New York-based analyst Max Galka, of Elementus, said in his blog that funds continued to be drained until January 17. He estimated the total value of stolen tokens at US$16 million (NZ$24M).
Cryptocurrencies stolen from exchanges and scammed from investors totalled about US$1.7 billion (NZ$2.5B) in 2018, up 400 per cent from the previous year, according to United States cybersecurity firm Ciphertrace.
Internationally speaking, the Cryptopia breach was relatively small – being in the tens rather than hundreds of millions.
But it was different from other high-profile hacks, Galk wrote, because it seemed to go on for several days: ‘‘The lack of urgency on the part of the thieves is striking.’’
Another unusual factor was that funds were taken from more than 76,000 wallets.
A likely explanation for both these things is that the offenders gained access to the server holding the private keys. From there, they could have downloaded and wiped the keys, leaving Cryptopia unable to
If you want to trade cryptocurrencies, you need a private and a public key to prove you are who you say you are. (The public key is like a business card, while the private key unlocks your online identity.) The keys are verified by the worldwide network of computers, and the payment proceeds.
Banks aren’t that secure. If you hack into a bank’s computer system, you can, potentially, get money out. But if you try to get tokens out of a blockchain system, the network will stop you, because it can’t prove you own those funds.
So if someone else gets hold of your private keys, it’s game over. They can transfer money, change the keys, lock you out. And the transactions can’t be reversed, any more than those valuables could have been sucked back up an escape tunnel