Yes - something is up - but not with Cryptopia. Insecure websites like bitcointalk, bitmain, bithumb have all been hacked and disclosed user data. Add to that the adobe hack and several others where email data, passwords and other information was taken.  You can check here if your email has been disclosed in some of the large known hacks  : https://haveibeenpwned.com/

One of my personal emails features in there 4 times.

WITH THAT INFORMATION if the PASSWORD AND EMAIL of the hacked site is the same as used on Cryptopia then the hacker has access to the account on Cryptopia.

WITH THAT INFORMATION if the PASSWORD AND EMAIL of the hacked site is the same as the users email used for Cryptopia then the hacker has access to the "reset password" feature.

If the hacker simply tries to log into the site then they have access using valid credentials. - so no actual hack occurs on Cryptopia - a email informing of a sucessful logon is sent (if enabled by the user in the user settings) .

If the hacker simply tries to log into the site and the password is different - wrong - an attempted logon email is sent.

If 2FA is enabled the hacker fails -  an attempted logon email is sent.

In other words - if I have your email address then I can try to log onto your account - if the password is wrong then an attempted logon email is sent.


Changing the settings to default use of 2FA is an attempt by Cryptopia to further protect users that have left it disabled.

Other exchanges have had login attempts too but don't notify users that an attempt to login has been made.