Update [January 17 10:00]: According to Elvis Lee, product and strategy at Etherscan, the blockchain records do not show the Etherdelta hacker was behind the attack. He told Decrypt the links between the hacker and the stolen funds were owned by ShapeShift meaning that whoever stole the money from Cryptopia had used it as a mixing service, swapping the stolen funds with other people. This is despite ShapeShift having recently introduced KYC measures.

Update [January 16 14:30]: Binance CEO Changpeng Zhao has confirmed some of the stolen funds have been moved to Binance. He said, “We were able to freeze some of the funds,” adding it is a high risk maneuver for hackers to use the exchange.

Update [January 16 10:30]: The New Zealand police have issued a statement confirming an inquiry into the Cryptopia hack. It denied that the police “stormed the headquarters” as Cryptopia were fully cooperative with the investigation team. Police were not able to say how much cryptocurrency had been stolen at this point in the investigation.

New year, new hack. We’re just fifteen days into 2019 and already a crypto exchange has been hacked. New Zealand exchange Cryptopia lost significant funds in a security breach on January 13 (UTC), according to a statement. By examining blockchain records (Cryptopia didn’t disclose how much was stolen), it appears that 20,000 ETH ($2.5 million) has been stolen by none other than the hacker or hackers behind the 2017 Etherdelta attack. Cryptopia told Decrypt it could not comment as the matter was is in the hands of the authorities.

Since the hack, Cryptopia underwent unexpected maintenance–and has yet to resume normal service. The exchange has notified government exchanges including the New Zealand police and the High Tech Crimes Unit. In response, some community members have accused the exchange of running an exit scam. However, there is no evidence this was the case.

In fact, when examining blockchain records, it may have been the same hacker that stole tens of thousands of dollars worth of ETH back in 2017 by lifting private keys from decentralized exchange Etherdelta. Some ETH from the source of funds used for the Etherdelta attack was sent to the same address as a likely recipient of the Cryptopia hack. And it’s a rather suspicious address indeed.

On January 13, 19,390 ETH was sent from a Cryptopia exchange-owned wallet to this address, alongside smaller payments of 1,280, 75 and four ETH. What’s unusual about this recipient’s account is that since that payment, around 75,000 small transactions have been sent to it—all in the last 15 hours. The source of the payments come from other exchanges including Kraken, Binance and Nanopool.

However, one inbound payment caught our eye. If you click on this transaction, and look to the source of its funds, you end up at this address. This was identified as the source of funds for the 2017 Etherdelta attack in this investigation by Hackernoon. Included in the comments on Etherscan, many have left messages asking for funds to be returned as well as one calling for a hit on the hacker. Clearly people are angry but it looks like many haven’t learned their lesson. On January 3, the crypto community were told again and again to take their coins off exchanges as part of a movement led by Tone Vays. Perhaps they were tone deaf instead.

We’ll continue to update the story as we learn more.