The Cryptopia Nightmare Drags on as Liquidators Struggle to Reimburse Hacked Users

Published at: May 30, 2019

As the cryptocurrency market finds its legs in mid-2019, an unfortunate undercurrent persists vis-à-vis the floundering New Zealand exchange Cryptopia. Its one-time international popularity and solid reputation have already been ruined after the exchange dragged its feet on revealing a January hack, which cost its users somewhere in the region of $16 million in cryptocurrency drained from Cryptopia wallets. However, it was not long before new obstacles emerged in the way of an eventual settlement.

Optimism surrounding the reimbursement of these funds to customers is now dwindling, as appointed auditing and liquidation firm Grant Thornton recently indicated “the process of recovering data and determining how to make distributions to account holders will take some months at least.” With similarly guarded language, Grant Thornton executive David Ruscoe commented via a press release that his firm “will conduct a thorough investigation, working with several different stakeholders including management and shareholders, to find the solution that is in the best interests of customers and stakeholders.”

New information has been uncovered in the last week, however, and it’s now more apparent why the wait has been so interminable.

An international tangle

Despite the fact that the blockchain ledger’s open-book transparency has made it clear which cryptocurrency wallets hold the majority of stolen funds, the identities behind Cryptopia’s hackers are difficult to determine. Sadly, the same goes for the other side of the equation as well. Matching individual customers to the funds owed to them is proving harder than anticipated.

The filing from May 24 to the Bankruptcy Court in the Southern District of New York (SDNY)  clearly illustrates that liquidators don’t yet know who is owed money, nor do they yet have the ability to begin remunerations.

The filing for emergency provisional relief first of all asks the court to recognize the New Zealand liquidation process and furthermore to issue an order preserving a specific SQL database. Held exclusively on Arizona servers, this data contains vital information that can reconcile individual holdings with the currencies held by (and stolen from) Cryptopia.

Grant Thornton itself admits that the recovery of funds will be “impossible” without this data. These facts cater for a messy situation with many moving parts, in which the repayment of international customers of a New Zealand-based cryptocurrency exchange hinges on the willingness of a federal court in the United States to force a domestic data company to comply with data release requests. The chief communications officer for international noncustodial crypto swap platform ChangeNOW, Pauline Shangett, told Cointelegraph:

“The crypto market is still in its adolescence, and the traditional legal system is not sufficient when it comes to enforcing the rules. This problem has two possible solutions. Either the space moves on to being fully decentralized and self-regulated, or it adopts the best practices of regulators. The former might lead to anarchy as cases like Cryptopia's have a chance to happen again, which would hinder mass adoption.”

The chaos that has ensued after Cryptopia’s hack evidences the incapacity of established legal entities to promptly respond to fraud in the cryptocurrency space. Cryptocurrency permeates borders and therefore easily creates problems that have international implications — but cleaning up after a negligent actor requires time and labor, and at a greater magnitude. Given the technology available for exchanges to secure their infrastructure, this would seem a moot point.

Kamil Gorski, CEO of smart contract auditing and blockchain security firm Blockhunters, spoke to Cointelegraph and noted:

“There are numerous tools exchanges could use to prevent these kinds of hacks, but they aren’t legally obligated to use them. These include blockchain analysis tools that track stolen funds, AI-based mechanisms that halt payouts when triggered, and even manual code audits that track bugs in software and address threats and vulnerabilities.”

By Gorski’s estimation, the lesson learned from Cryptopia is that over the long run, “this approach can end up biting them, and more importantly their users, in the a--.”

This blasé attitude toward security features creates a paradoxical situation that stems from the lack of investor protections that could otherwise be provided, for example, by an equity broker. However, centralized exchanges like Cryptopia are liable when their platforms are breached, even if they go to great lengths to avoid responsibility.

U.S. investors take the biggest hit

One notable circumstance that lends a new tint to the liquidation situation is the fact that Cryptopia’s holdings were largely made up of money of American users.

If anything, just because of that, the SDNY could be persuaded to assist Grant Thornton and New Zealand. U.S. account holders made up the largest slice of the Cryptopia userbase and also accounted for the majority of exchange’s revenues. This fact casts light on some often unaddressed issues with how cryptocurrency exchange services are administered worldwide.

Firstly, a New Zealand exchange deriving most of its profits from Americans could be a sign for concern, as this may also be relevant to other exchanges (and regulators) as well. Second, it’s interesting that a white-shoe legal firm is the only safety net for a bevy of international customers participating in the “decentralized revolution,” but this irony is compounded by the third concern: Few have sounded the alarm about Cryptopia’s decision to host what is arguably its most sensitive data with an outside service — which is now asking for $2.6 million to release it. Crypto commentator Stephen Palley posted regarding this:

“A Chapter 15 filing is a way to get US bankruptcy court to give effect to a foreign bk/liquidation proceeding. This gives the company the ability to ask the BK Court to order the company’s AZ based database provider to preserve the data. It’s funny how easily this trustless decentralized narrative ends up in court with a white shoe law firm asking a federal judge to order preservation of a SQL database.”

This is what required the hiring of Grant Thornton in the first place, but it also draws attention to the very real fact that other supposedly safe exchanges may be practicing negligent data custody at the expense of customers.

The Cryptopia saga has pulled back the curtains on many of cryptocurrency’s weak points, especially the centralized model relied upon to build momentum for the bull markets today and in the past, and one that is still used. As the bull marches on, events like these provide a sobering contrast, but it’s now unarguable that investors and enthusiasts should be paying even greater attention to them — just as much as they do the charts.

Tags
Related Posts
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
IT Security Company Partners With Exchanges and Wallets to Block Usage of Stolen Crypto
A Singapore-based IT security company offers a potential blockchain-based solution to help protect individual crypto users and block the use of stolen cryptocurrencies on crypto wallets and exchanges. Sentinel Protocol allows security experts and organizations to collect, share and analyse comprehensive threat intelligence data on its blockchain platform. The information about hacks, scams, and fraud is stored on the decentralized Threat Reputation Database (TRDB). As previously reported by Cointelegraph, hackers have recently stolen $30 million worth of cryptocurrencies from Bithumb, South Korea's leading cryptocurrency exchange. Patrick Kim, the founder of Sentinel Protocol, who previously worked at F5 Networks and Palo …
Blockchain / June 26, 2018
BNB Chain confirms BSC halt due to 'potential exploit'
BNB Chain (BNB) the blockchain of cryptocurrency exchange Binance, was paused on Oct. 6 due to what it states is “irregular activity” on the network with the team having determined a potential exploit. The official Twitter account of the BNB Chain announced the temporary pause, soon after adding it had found a possible exploit. Binance provide an update that the blockchain was “under maintenance” suspending all deposits and withdrawals. To confirm, we have suspended BSC after having determined a potential exploit. All systems are now contained, and we are immediately investigating the potential vulnerability. We know the Community will assist …
Blockchain / Oct. 6, 2022