If you didn’t know already the latest news is that more coins have been taken from Cryptopia. On the 1st February 2021, Grant Thornton, the liquidator of Cryptopia was notified of the unauthorized transfer of coins from a cold wallet in their possession.
This latest hack raises a long list of questions that the liquidator needs to answer to, some of the key ones are:
1. This cold wallet was in the possession of the liquidator, so was this an inside job? The liquidator employed about 4 staff from Cryptopia when he was appointed, was it one of those people? Was it the same hacker that started the demise of the company. The liquidator has spent over $1.5 million so far on IT specialists, is he going to claw any of those payments back? Who is going to take responsibility and pay?
2. If this wasn’t an inside job, then that most likely means someone on the outside has had a copy of the cold wallet or wallets. Which probably means the liquidator failed to secure the assets when he was appointed. We know that Cryptopia always had at least 3 copies of the cold wallets, the drive in the server, the back up on site and a back up off site. The most out of date any one would be was 24 hours as these were rotated daily. So it is reasonable for the liquidator to confirm he has secured all the assets.
3. Media reports say U.S. firm Stakenet notified the liquidator when they were made aware of a movement in XSN cryptocurrency. The concern here is, was this then the only attempt or have the hackers had access to the cold wallets all this time and been transferring coins without being detected for the past 18 months?
4. What systems has the liquidator had in place to ensure the security of the cold wallets. Information provided to the High Court in New Zealand, by the liquidator indicated 75% of all coins were in cold wallets, is that the case or have these been emptied?
5. The liquidator has notified the New Zealand Police, to be fair the NZ Police haven’t been able to solve the initial hack and so it is hard to be confident in their ability to sort this one out. The statement we need to hear from the liquidator is that he has notified his Professional Indemnity Insurance company, because now someone needs to get the cheque book out.
We have discussions scheduled with the Cryptopia Rescue lawyers this week regarding strategy going forward now. Certainly this recent hack is a set back in the return of coins, but on the bright side the liquidator will not realistically be able to defend any claim of negligence. We have already been gathering interest in a negligence claim after he failed to secure all account holders data and this really adds icing on the cake.
The perfect world would be the liquidator puts his pride away in the cupboard and communicates in an open and honest way, whether that happens or not time will tell. Watch this space and be ready to join the negligence legal group action claim.