An unnamed Christchurch man has recently pleaded guilty to stealing over NZ$250,000 worth of digital currency from digital currency exchange Cryptopia. In its prime, Cryptopia sported over 80 staff, offering its services to over 1.4 million customers globally but following a hack in January 2019 which saw more than NZ$25 million worth of digital currency stolen, representing roughly 15% of customers holdings, the exchange was placed into liquidation.
Sometime during his employment, the employee made unauthorised copies of several private keys which were linked to Cryptopia wallets. The private keys for wallets are used to sign transactions and if copied can be used to transact on those wallets. He later used those copied keys to siphon funds into his own wallet - from his home computer. At the time of the theft, the man stole around NZ$235,000 in bitcoin and NZ$10,000 in other digital currencies.
However, when a customer alerted the liquidator that an accidental deposited of bitcoin had been made into an old Cryptopian wallet, liquidator Grant Thorton started reviewing those old wallets and discovered that 13 bitcoin had been taken from a variety of wallets with no matching company records to identify the withdrawals. Using the open nature of blockchain tracing, Grant Thornton was able to identify that 2 of the bitcoin had been moved though mixing services, which aim to obscure the source of the funds.
Within a week, the former employee contacted Grant Thorton and confessed to his past actions, confirmed he had returned 7 bitcoin and attempted to broker an agreement to return the remaining 6 bitcoin if he would not be pursued. He then sensibly returned those bitcoin and was prosecuted.
While an unusual crime, this once again shows the power of traceability on the bitcoin network. Funds moving through overseas banks or other payment platforms or even cash would become untraceable but in the blockchain environment the liquidator could easily see there was something suspicious occuring.
This case has some important takeaways:
1) Liquidators need to examine all aspects of digital wallets in businesses they are appointed over;
2) Private keys need to be the subject of special security;
3) The traceability of bitcoin and public blockchains make it a terrible place to steal or launder funds.
Comments