Cryptopia

Cryptopia Exchange Hack - January 2019

The Hack

In January 2019, Cryptopia (a New Zealand-based crypto exchange) was the victim of a massive hack that led to the loss of about $16 million in various digital assets. The exchange's funds were drained on January 17, 5:58 AM GMT, after the exchange suspended trading and announced "unscheduled maintenance" on January 14, 6:00 AM GMT.

Technical Details

• The thieves gained access not to one private key, but to thousands of them

• Investigations revealed vulnerabilities in the exchange's wallet system, allowing attackers to access and drain user funds

• Investigators discovered (in August) that Cryptopia had been pooling users' funds in a catch-all wallet, magnifying the impact of the breach

Stolen Assets

The largest amounts stolen were in:

• Ethereum (ETH)

• Dentacoin

• Oyster Pearl

• Lisk ML

• Centrality

• Mothership

• Ormeus

• DAPS

• Zap

• Pillar

Movement of Funds

Stolen cryptocurrencies were spread across fourteen exchange platforms — the largest portion sent to Bibox, second to Binance, and third to Huobi.

Aftermath and Liquidation

• Cryptopia Limited filed for U.S. bankruptcy protection after the breach

• By May 2019 Grant Thornton (liquidators) reported that Cryptopia owed creditors an estimated $4.2 million

• In December 2024 Grant Thornton announced that approximately NZ$400 million (~$225 million) in cryptocurrency had been distributed to more than 10,000 verified account holders

Sources

• Exchange Cryptopia Temporarily Shuts Down Due to Significant Losses From Hack - CoinDesk

• New Zealand Crypto Firm Hacked to Death, Seeks U.S. Bankruptcy - Bloomberg

• Story Behind The Controversial Cryptopia Exchange Hack - Coinpedia

• Cryptopia Hack: Liquidators Distribute $225 Million in Crypto to Victims - Brave New Coin

• Bankrupt Cryptopia exchange distributes $225M to hack victims - Cointelegraph