Former Cryptopia Exchange employee admits stealing $ 170,000 in crypto from a customer who accidentally sent it

A man pleaded guilty to stealing nearly $ 172,000 worth of crypto and customer data from the discontinued Cryptopia exchange.

The former employee, who was not known to the public, appeared in front of Judge Gerard Lynch on Monday in the Christchurch District Court in New Zealand, the local news agency said. Stuff.

Through his attorney, Allister Davis, he has pleaded guilty to two counts – theft from someone with a special relationship and theft in excess of NZD 1,000 (NZD). He was found guilty and was released on bail pending sentencing on October 20.

Cryptopia is a cryptocurrency exchange based in Christchurch, New Zealand that in its heyday employed over 80 people with 1.4 million customers worldwide.

In January 2019, Cryptopia was hacked and over $ 25 million of crypto was stolen, making it the biggest hack in New Zealand history.

This former employee was not involved in the above hack.

In May 2019, the company was put into liquidation, which is managed by the accounting firm Grant Thornton.

According to a fact-finding summary from Monday’s hearing, the former employee raised management concerns about the security of the exchange’s private keys.

It describes a crypto wallet similar to an electronic bank account with an Eftpos card attached. All that is required for a person to deposit money into a wallet is an account number known as the “public wallet address”.

In order for an account holder or administrator to be able to withdraw or transfer money from this wallet, an additional number, a private key, is required – similar to the PIN on an eftpos card.

In contrast to Eftpos tokens, the public address and the private key of a cryptocurrency wallet are directly linked by a complex algorithm.

At some point in the course of his work, this employee illegally copied private keys from many wallets of the exchange and saved them on a USB stick, brought it home and uploaded the information to a PC.

The private key gives him access to tens of thousands of digital wallets with cryptocurrencies worth over 100 million US dollars on the exchange.

In the event funds are stolen, Cryptopia has no way of getting them back unless the employee returns or provides the private key of the new wallet the funds were transferred to.

After being put into liquidation due to the hack, all employment contracts of the Cryptopia employees were terminated, but the former employee still kept a copy of the exchange’s private keys that he had previously stolen.

On September 3, 2020, the liquidator David Ruscoe of the Grant Thornton company received an email from a Cryptopia customer in which he announced that he had accidentally deposited some bitcoins into the exchange’s old wallet and requested a refund.

Grant Thornton then checked Cryptopia’s wallets and found that 13 bitcoins were illegally withdrawn from multiple wallets in a series of transactions.

2 Bitcoins of these were put in a crypto mixer to disguise the origin of the funds.

On September 10, after being informed by a colleague that Grant Thornton was reviewing old deposits, the former employee emailed David Ruscoe and Tom Aspin of Grant Thornton to admit he made a mistake: Bitcoin and another coin worth approximately $ 10,000 was stolen.

He said that he had returned some of the stolen coins and offered to continue returning the missing coins.

The next day, the former employee continued to email him saying he had returned 6 bitcoins and asked the company to make sure that if he returned the remaining bitcoins in full, he would not be prosecuted.

Later that day, he automatically transferred another 6 bitcoins and immediately texted the accounting firm to say he had paid all the money back in the hopes that he would be “okay” and escape jail.

But it seems that things didn’t go well for him when this person had to return all of the stolen money and still had to face the crime of theft.

At the end of September, the former employee admitted to the police that he had copied and deleted the private key from the Cryptopia database, stole the bitcoins and passed them on through a mixed service.

“The defendant admitted that he was frustrated with Cryptopia, but was also motivated by the belief that he could get away with the theft because he thought no one would check the old deposit wallets,” the summary of the events of the said Court.

Bao Cong

For stuff

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page