Cryptopia Users Suffer From Failed Login Attempts via Foreign IP addresses

Cryptocurrency exchanges have always been targeted by hackers and other people with nefarious intentions. While most of these attacks are thwarted, a successful hack occurs every now and then. Phishing campaigns have also been somewhat successful over the past 18 months. It now turns out someone has been trying to breach user accounts of the Cryptopia exchange. Although this platform is only a small fish in the pond, the incident highlights some security concerns.

Cryptopia Users Should be Concerned

One of the more common security practices recommended when signing up for a cryptocurrency exchange is to not use the same email and password combination across multiple platforms. Although using the same (or a simple-to-guess) password is pretty convenient for users, it is a major security risk as well. So much of our information has leaked on the Internet due to lackluster security on the side of the service where we use specific credentials. In most cases, that exposed information gets used to breach accounts across multiple platforms.

One of the biggest cryptocurrency-related data hacks occurred a few years ago. At one point, the entire Bitcointalk database was compromised by an unknown assailant. He or she was able to collect thousands of usernames, email addresses, and hashed passwords. It turns out the email addresses used for Bitcointalk accounts are often linked to cryptocurrency exchanges. This is why we see so many phishing attacks on the community, as they all emanate from the person or people who obtained an email list of cryptocurrency users.

Bitcointalk is not the only service which has suffered such a hack, though. Over the years, many exchanges have been compromised in one way or another. While funds have been stolen in virtually every scenario, it is certainly possible the hackers also took a copy of the user database with them. This would mean even more email addresses were exposed to phishing campaigns or potential brute-forcing attacks through other exchanges and cryptocurrency-related services.

In the case of the Cryptopia attacks, it is unclear how someone was able to partially compromise so many accounts at once. Either someone got a list of email addresses from Cryptopia somehow, or a lot of people use the same email address for different exchanges. We have received numerous reports from people who received emails from the exchange reporting failed login attempts using their accounts. Notably, all of these attempts were made from foreign IP addresses. This does indicate the assailant has some access to user passwords as well.

Anyone who has enabled two-factor authentication security on their Cryptopia account is safe from harm for the time being. The criminals theoretically could have removed 2FA access themselves, but it does not appear they have that degree of control over the exchange’s backend, which is a good sign. Users who do not have 2FA or additional security measures enabled are advised to update their passwords ASAP and move their funds off the exchange for the time being. It may even be worth it to create a whole new account using a fresh email address, unique password, and 2FA, just to err on the side of caution.

Until the company issues an official statement regarding this matter, the situation remains unclear. It is possible Cryptopia has either been compromised in some way, or is affected by an attack from someone with a list of cryptocurrency-related email addresses. Some users have even complained that changing their passwords didn’t stop the failed login attempts by foreign IP addresses, which is pretty worrisome. If you can still access your account, request a withdrawal immediately before it is too late.