Grant Thornton NZ, the appointed liquidator for cryptocurrency exchange Cryptopia, today announced the latest developments on their progress in securing the crypto asset holdings for the stakeholders involved.
In January, Cryptopia suffered a $16 million hack, and in May had no choice but to wind up operations and subsequently appointed Grant Thornton, as liquidator.
Below is an outline of the progress the company has made since the last update in July.
Securing Assets
The Grant Thornton team leading the case are now in possession of Cryptopia data that was stored by a third-party data center in the United States, and since the last update has been successful in accessing that data.
This step helps towards determining customer holdings, as the data on the server contained the only records of Cryptopia’s customer holdings and certain crypto-assets.
“As mentioned previously, we are now moving the crypto-assets which we have taken possession of, into a “safe non-hacked environment”. We are doing this as a precaution as the source of the January 2019 hack has not yet been determined. We also continue to work with the New Zealand Police and other authorities internationally in respect of the work they are doing to determine the source of the January hack. We are still determining how we can, or if we can, recover crypto-assets that were hacked in January 2019. This is a complex situation with cooperation needed from third parties.”
– The Grant Thornton Team
The process of moving the assets to a safe environment was commenced by Cryptopia prior to liquidation and is necessary to ensure that the data does not corrupt crypto-assets and other data which were not subject to the hack.
Determining Customer Holdings
As customers patiently wait for recovery, Grant Thornton noted below the two main reasons for the time and complexity of the process:
- Customers did not have individual wallets and it is impossible to determine individual ownership using just the keys in the wallets – While Cryptopia held details of customer holdings and reported these on the exchange, the crypto-assets themselves were pooled (co-mingled) in coin wallets. As a centralized exchange, users’ trades would occur in the exchange’s internal ledger without confirmation on the blockchain.
- No detailed reconciliation process between the customer databases and the crypto-assets held in the wallets has ever been completed – To determine each customer’s holdings Grant Thornton must undertake a manual process to determine what is held in the pooled wallets and then reconcile the information with that held in the customer database. The team is hopeful this process will reveal the holdings of individual account holders. This process is well underway but will still take some time to complete. The team is now working to reconcile the accounts of over 900,000 customers, many holding multiple crypto-assets, millions of transactions and over 400 different crypto-assets). These must be reconciled one-by-one.
Happening Next
While the reconciliation process is progressing well, Grant Thornton still requires a direction from the New Zealand Courts before it can return crypto-assets to customers. The information outlining the legal process included in the last communication is still current and is summarized below:
The Grant Thornton team continues to liaise with legal advisors as to the legal status of crypto-assets, the legal relationship between Cryptopia and its customers and to determine how crypto-assets could be returned to customers.
However, due to the January hack, the process has been complex and time-consuming. For example, an exchange that has been hacked cannot simply be reopened. It has certain legal requirements and obligations both in New Zealand and internationally that liquidators must meet, such as Anti Money Laundering/Know Your Client (AML/KYC) requirements when considering any repayment or return of assets.
The KYC process cannot be avoided, it is a legal requirement in New Zealand, and prior to returning crypto-assets, Grant Thornton will correspond with customers as to how this process will be completed. Further, Grant Thornton notes that customers who have previously completed the KYC process with Cryptopia will still need to go through the process set by them.