TronWeekly

Crypto World News

You are here: Home / Archives for Cryptopia hacks

Cryptopia hacks

The launch of Claims Portal to Help Cryptopia Account Holders Claim Trapped Funds

by

The journey of now-defunct cryptocurrency exchange, Cryptopia’s account holders following the security breach has not been an easy one. However, the aggrieved customers have been handed a boost this morning as the exchange’s liquidator, Grant Thornton revealed that the launch of the Cryptopia claims portal is all set to start the process of returning account holders’ property.

Grant Thornton official website stated,

“Please follow the instructions to register as an account holder. We are asking you to confirm certain details of your Cryptopia account so as to ensure that only verified account holders can register in the claims process. Given the sheer volume of emails sent, these emails will continue to be delivered through this week.”

This news follows the New Zealand branch of accountancy firm’s earlier comments wherein it described that the claims registration process was a “mammoth task,” and had asserted that it would open “by the end of the year”.

During the same time, the liquidators had also revealed that it would reach out to the 960,000 account holders through official channels, and would authenticate claimants’ identities and account information.

The Twitter crypto, however, was far from pleased. Responding to the latest update, a few users in Cryptopia’s original Twitter post alleged that they were unable to submit the verification form while others had issues with their password and username.

One of the users also tweeted,

This could be referred to the bizarre turn that Cryptopia’s liquidation process took earlier in November after which Grant Thornton issued a warning to the exchange’s account holders as the court staff at the Christchurch High Court mistakenly released the exchange’s customer data, which were highly confidential and sensitive, to an unauthorized third party which is called Cryptopia Rescue. Additionally, the Cryptopia Rescue project has made several allegations about Grant Thornton’s competence to conduct the Cryptopia receivership.

A glimpse of what exactly happened more than a year ago: In early 2019, Cryptopia fell victim to a security breach. The hackers managed to steal $11 million worth of digital assets from the platform. Despite attempts to re-open two months later, Cryptopia was forced into liquidation in May of the same year.

Infamous Apple Mac Hack that Won North Korean Spies $7 Million in Cryptocurrency

by

North Korea hackers are using fake software to breach cryptocurrency wallets of  MacOS users. 

The entity responsible for the hacks is the same group believed to have conducted the Sony Pictures system breach. Lazarus Group, as  US intelligence and cybersecurity firms, have come to identify the group as is sponsored by the  North Korean Reconnaissance General Bureau (RGB).

A Chainalysis report revealed how the hackers pose as legitimate Linkedin and Telegram profiles, only to execute clean phishing schemes targeting apple devices. 

It isn’t the first time that intelligence firms are linking the Lazarus Group with a cybercrime incident. Following the 2017 WannaCry ransomware attack, a Google researcher Neel Mehta posted two code samples. 

One from the Lazarus Contopee Cyber Weapon and another one from the WannaCry ransomware.

Additionally, another analysis during that year linked the North Korean team of hackers to the 2014 Sony Pictures hack and the $81 million Bangladesh bank heist. 

The hackers are attempting to penetrate Mac computers using fake cryptocurrency software designed by the front firm. Forbes reported how in 2019, DragonEx lost at least $7 million to the hackers.

This was after the team of cybercriminals created a fake business with a professional website and Linkedin profiles. The fake business dubbed WFC wallet a legitimate version of bitcoin trading software but one infected with malware.

Installed versions of the software would open up backdoors on Apple computers. Hence, creating a loophole for the hackers to potentially siphon private keys of cryptocurrency wallets. Moreover, the alleged software had key-logging features for phishing data such as usernames, passwords, and security questions.

The hackers then went on to contact a DragonEx senior executive officer via Telegram. They asked her whether they could do business and requested that she download the WFCWallet. Nevertheless, the executive showed no interest in the partnership but the hackers kept persisting for weeks.

Meanwhile, an unnamed employee at DragonEx employee downloaded and installed the malicious wallet on a company MacBook.

No one knows the reason for the employee’s action but as it would turn out, the MacBook happened to have private keys for exchange client accounts. This gave the hackers an important piece of data, critical to accomplish their mission.

From hence, they took control of several cryptocurrency wallets and stole Bitcoins, Litecoins and Ripple. The lazarus hackers were so thorough to not leave even a single trace of their attack. 

Well, the use of front companies during crypto campaigns in North Korea was initially spotted back in 2018. However, it is until the DragonEx hack that experts noted juts how effective the companies were in closing phishing attempts. 

DragonEx described the attack as one of the most elaborate phishing campaigns it had witnessed in history. While recruiting Chainalysis to aid them in investigating the hack, the firm said it was one attack “on another level of sophistication.”

Most sources including Forbes believe that the Lazarus Group has been conducting top-notch hacking schemes for at least one decade now. At the beginning of the month, Kaspersky Lab researchers identified a barrel of malware that the group was deploying through telegram.

Meanwhile, it seems that the group was luring telegram users towards direct installations instead of online target diversion.

Data from Chainalysis showing how hackers have been executing crypto exchange attacks over the decade 

Scam Analysis
Chart Credit: chainalysis.com

According to the above Chainalysis report, the amount of cryptocurrency exchange hacks surged in 2019 than in other years. A total of eleven cyber attacks valued approximately $283 million. However, the total amount of funds lost in 2019 did not surpass figures from 2018. This is because of the massive Coincheck breach in 2018 amounted to approximately $534 million. 

US intelligence believes that North Korea will continue stealing money to drive the manufacture of weapons. In fact, the US treasury noted about the Lazarus group that: 

“It was  perpetrating cyberattacks to support illicit weapon and missile programs.” 

Source: Forbes

 

Almost $10 million worth stolen ETH get transferred from Cryptopia hack wallet to an unknown one

by

The never-ending saga of Cryptopia, the New Zealand based hacked cryptocurrency exchange, seems to be doing more harm than ever. Cryptopia entered its liquidation process (in January this year), and within a week, over 55,000 ETH (almost 60k ETH) funds were stolen and transferred to unknown wallets.

Today (20 May 2019) at 06:05 UTC a transfer worth $2 million (10,770 ETH) was done from Cryptopia Hack to an unknown wallet; Whale Alert, a tracker of crypto-related transactions reported over Twitter.

According to the report by Whale Alert, the Cryptopia Hack account emptied and dumped all the funds into the unknown wallet. Meanwhile, the receiving wallet now has a balance of 30,765.719044941925973233 Ether with an Ether value of $7,547,138.54 at the time of press.

Based on the transaction details portrayed by WhaleAlert, the address which transferred the funds d96ba527be241c2c31fd66cbb0a9430702906a2a was titled “Cryptopia Hack” and the receiving address being d4e79226f1e5a7a28abb58f4704e53cd364e8d11 tagged “unknown”. Subsequently, the transaction had this hashrate: wa09f1b4f96f1e394ab4634cac768c097c1c4123c39a334dd959e56bd60266c575. However, the whole transaction scenario hasn’t been verified by Cryptopia at the press time.

Another significant funds move occurred today at 01:43:57 UTC and it involved 30,790 ETH, valued at $7.74 million at the time of writing. Whale Alert tweeted:

So, the hackers have moved almost $10 million in two transactions out of the hacked Cryptopia ETH funds so far. It is likely that the hacker(s) is moving cash into different “unknown” wallets, including two Huobi accounts, according to the analysis by CoinFirm. Kystiana Duda, a crypto-analyst at CoinFirm stated,

“The Cryptopia hacker moved 30,790 ETH (~$7.67M) from the last read address to the yellow one which is a new address of the hacker as of May 20, 2019, at 01:43:57 AM +UTC. The yellow address still has got 29,770 ETH.”

About two crypto-addresses – this and this one – both received 1010 ETH funds, and another amount (10 ETH) was deposited to Huobi address  and then got transferred again to a Huobi hot wallet

It should be noted that on the 15th of May, 2019, Cryptopia emphasized that customers should stop making deposits on the platform.

“Despite the efforts of management to reduce cost and return the business to profitability, it was decided the appointment of liquidators was, in the best interests of customers, staff and other stakeholders. …Given the complexities involved, we expect the investigation to take months rather than weeks”

Cryptopia also added (in all caps):

“PLEASE DO NOT SEND ANY DEPOSITS TO CRYPTOPIA.”

 

A few days back after many customers complained of the sudden maintenance routine without any prior notice, Cryptopia stated that it would be undergoing a liquidation phase, performed by Grant Thornton. The operators of the site announced that the period could take months.

Cryptopia is a notable platform, but its setback all began at the beginning of this year (Jan. 2019) when the platform experienced a massive hack. The hack was the first one, and it involved tokens worth $16 million in ETH. Weeks passed, and another hack surfaced, and this time only about $180,000 in Ether was lost. The platform suffered massively due to significant losses. Still, the exchange later resumed its activities in March.

Right after resuming its activities in March, some ETH funds (30,789 ETH) at that moment were transacted from a Cryptopia Hack account with this address: 923cd02364bb8a4c3d6f894178d2e12231655c, to an unknown account crypto wallet address: 3fbaa73a433daa0f6c43d1c732c3f97a86f3a427.

Consequently, it is evident that the hackers are in a hurry to move (and perhaps dump) the stolen funds as quickly as they can.

Disclaimer: The presented information is subjected to market condition and may include the very own opinion of the author. Please do your ‘very own’ market research before making any investment in cryptocurrencies. Neither the writer nor the publication (TronWeekly.com) holds any responsibility for your financial loss.