Somebody has stolen more than $16 million worth of Ether and various ERC-20 tokens in the security breach of New Zealand-based exchange Cryptopia.
What is striking about the hack, though, is not this 16-million-dollar number, but two other things.
- First, the lack of urgency on the part of the thief
The security breach continued for days after Cryptopia discovered what was happening.
Then, the leisurely hacker stopped withdrawals — to begin again, in 15 days after the initial hack.
When the funds in Ether and its tokens were swept out from the trading platform, the thief chunked them in small pieces and gradually moved to such exchanges as Huobi, Binance and Bittrex.
If he was having fun, at least it was methodical.
- Second, the hack impacted as much as 76K wallets
This is the unprecedented number in terms of private keys that hackers have ever obtained.
What could explain such a large number of wallets accessed is that Cryptopia had their private keys stored in one server.
If the leisurely hacker somehow broke into it, he, most probably, downloaded the private keys and then wiped them from the server.
So, if this is the lesson, then this lesson is old: keep your eggs in as many baskets as possible.
Normally, security breaches in the crypto world follow one of the two scripts.
The vulnerability in a smart contract allows hackers to access several wallets until the breach gets widely known.
But later on, all the wallet owners try to withdraw the money as soon as possible, so, at the end of the day, the ultimate number of the wallets is not as overwhelming as in the Cryptopia case.
The other common way to grab a hold of some money for a hacker is kind of an old-school way.
An employee of the trading venue or someone outside of the company steals the private key and withdraws the funds.
To sum up, the Cryptopia case is tremendously different. But you only appreciate this kind of creativity until it happens to you.
That’s why we advise to keep your coins safely in your own control, preferably, in a cold storage wallet.
At AirdropAlert.com, we adhere to Andreas Antonopoulos’ motto: your keys, your Bitcoin, not your keys, not your Bitcoin.
Did you like the article? Please click the button and keep on reading!
Free due diligence by ICOEthics and AirdropAlert ← P R E V I O U S
N E X T → How to pick a safe crypto airdrop