A man has pleaded guilty to stealing almost $250,000 worth of cryptocurrencies and customer data from international currency exchange Cryptopia.
The former employee, who has interim name suppression, appeared in the Christchurch District Court on Monday before Judge Gerard Lynch.
Through his lawyer, Allister Davis, he admitted two charges – theft by a person in a special relationship, and theft over $1000. He was convicted and remanded on bail until sentencing on October 20.
Cryptopia Limited is a Christchurch-based cryptocurrency exchange which, at its peak, employed over 80 staff and had over 1.4 million customers worldwide.
* Former employee allegedly stole almost $250k worth of cryptocurrency from Cryptopia
* Controversial businessman recruiting Cryptopia victims for class action
* Cryptopia account holders win battle over assets worth $140m
In January 2019, Cryptopia was hacked and more than $25 million of cryptocurrencies stolen, amounting to 15 per cent of its clients’ digital currency stock, the biggest theft in New Zealand history.
It is unrelated to the former employee’s charges.
In May 2019 the company was placed into liquidation, an ongoing process being managed by accounts Grant Thornton.
According to the summary of facts from Monday’s hearing, the former employee allegedly raised concerns with management around the security of private keys for numerous wallets held by the company.
It described cryptocurrency wallets as being similar to an electronic bank account with an attached Eftpos card. For a person to deposit into a wallet, all that is needed is an account number, known as a “public address”.
For the account owner or administrator to withdraw or transfer funds from that wallet, an additional number is required, a private key – similar to a PIN on an Eftpos card.
Unlike an Eftpos card, the public address and private keys for a crypto wallet are directly linked to each other by a complex mathematical algorithm.
Liquidators have locked down Christchurch-based Cryptopia. (Video first published in May 2019)
At some point during his employment, the employee made an unauthorised copy of private keys from Cryptopia’s numerous wallets and saved it on a USB storage device, taking it home and uploading the information to his own computer.
Having the private keys to Cryptopia’s wallets potentially provided him with access to tens of thousands of digital wallets, and in excess of $100m of numerous types of cryptocurrencies.
In the event of funds being stolen there would have been no way for Cryptopia to retrieve them, unless the employee returned them or provided the private keys to the new wallet into which the funds had been placed.
After the liquidation, all Cryptopia workers had their contracts terminated, but the employee kept his copy of Cryptopia’s private keys.
On September 3, 2020, David Ruscoe at Grant Thornton received an email from a previous Cryptopia client saying he had accidentally deposited some bitcoin into an old Cryptopia deposit wallet and requested the funds be returned.
Grant Thornton subsequently reviewed Cryptopia’s wallets and noticed 13 bitcoin had been unlawfully withdrawn from a variety of wallets in a series of transactions.
Two bitcoin had subsequently been put through a mixing service, designed to launder cryptocurrencies and hide both where the end up and the identity of the person controlling them.
At the time of the transactions the bitcoin was worth about $235,000.
On September 10 the employee emailed David Ruscoe and Tom Aspin of Grant Thornton and admitted stealing the bitcoin, as well as another cryptocurrency worth about $10,000.
He said he had returned some of the stolen currencies and offered to repay the remainder.
The following day he emailed again saying he had returned six of the stolen bitcoin, and sought an assurance that if he returned the remaining bitcoin he would not be charged or accused of wrongdoing.
Later that day he returned the six bitcoin and immediately messaged his partner to tell her he had “given it all back”.
He then sent her and his business partner another message to say he thought he would “be OK”, and that “they said ‘thank you for returning it’”.
Later that month he admitted to police he had copied and removed the keys from Cryptopia’s premises, stolen the bitcoin and other cryptocurrency and put it through a mixing service.
“The defendant admitted that he was frustrated with Cryptopia but also motivated by the belief that he could get away with the theft as he thought nobody would ever check the old deposit wallets,” the summary of facts said.
When informed by an associate that Grant Thornton was reviewing the old deposit he confessed to the liquidators what he had done. He subsequently returned the stolen currency.
Detective Sergeant James Simpson previously said police were keeping an open mind as to who was behind the Cryptopia hack.
He said the “unique, complex investigation” had posed challenges for police, and that they had not dealt with such a crime before.