According to a blog post by NY’s blockchain firm Elementus on Jan.29, the hacker entitled with draining New Zealand based crypto exchange Cryptopia, of digital assets worth $16 million, is reportedly still in control of Cryptopia’s system.
The company’s administration suspended all services on Jan.15 after a breach in its security systems led to a hack on Jan.14. The exchange stated that it would be undergoing maintenance and would keep its users updated in regard to any further developments.
A week after this incident, Elementus had reported that nearly $16 million worth of tokens including Ethereum and ERC20 tokens had been siphoned off by cyber criminals, in contrast to the $2.5 million figure stated by Cryptopia, which were termed as “significant loses” back then.
On Jan.29, in an article, the New-York based firm said that the cyber entity had resumed their attack, stealing another 1,675 ETH tokens (worth $175,000) from nearly 17k Cryptopia wallets.
Many, at first, thought the exchange was moving remaining funds to a secure address but as the crypto transfers continued to take place, it became common knowledge that the hacker had returned, targeting the exchange once again.
Of the 17,000 wallets drained, it has come to light that around 5,000 of these had already been emptied during the initial hack, but might have been refilled by users.
The money was supposedly transferred to one of the addresses used in the initial breach, reports Elementus, leading to the flagging of two addresses on Etherscan for involvement in movement of money from the hack.
Etherscan has further issued an advisory that crypto users should take a measured and cautious approach when engaging with either of the two addresses.
Max Galka, author of the aforementioned blog post, concludes by stating that Cryptopia seems to be no longer in control of its Ether wallets while the hacker has been in continuous possession of private keys to the exchange’s wallets.