I am on the
SexCoin CORE team which was one of the altcoins affected, so I have been aware of Cryptopia's failing security system and their position of shifting the blame for the hack onto the the Dev Team's of the coins affected instead of admitting that they had repeatedly failed to notice large sums of coins going missing from their hot wallets until it was far too late.
I agree that 10 days is too long. But 51% attacks are hard to detect on an exchange wallet. This is due to the large amounts of wallets. User deposit addresses, hot wallets, cold wallets etc.
Any information of a 51% attack deficit (the correct balance) has to be obtained from the blockchain -
which was 51% attacked. Such balance is only available a substantial time after the attack has occurred.
For instance bitcoin monitors orphans.
https://www.blockchain.com/btc/orphaned-blocksWhat puzzles me is why a coin network hasn't detected the 51% attack for over 10 days. After all - they only have one network to monitor rather than close to 500. The trust of the entire network relies on the ability to fairly process immutable transactions.
A 51% attack by definition is a blockchain based attack and it would be relatively obvious that there are a massive amount of orphans.
What you are saying - the blockchain send a fake statement (node confirmations) . But the blockchain has since deleted those (orphaned them) and after that is showing a different balance an the exchange didn't notice that for 10 days (but also wasn't allerted by the blockchain devs).
The blockchain allowed transactions occur and confirmed them initially as being true. But the attacker of the blockchain has replaced them with other fake transactions and we are holding them as true and correct. Sorry but the fake transaction are now considered the real transactions and the exchange has the problem The reality is that after a 51% attack the blockchain balance has been altered by the 51% attacker. So it is neither immutable or a fair representation of what occurred.
Effectively with a 51% attack and double spend fraudulent transactions get processed as real by the blockchain.
After a successfull 51% attack a blockchain no longer is , immutable, fair, reliable or representative of what should have occurred.
How does a double spend 51% attack work ? Explanation and examples.EDIT:
This attack on Cryptopia is a sad event. Many coins are listed on there and many are reliant on Cryptopia as their only exchange.
I'm sure there is much more to this because only ETH and ERC tokens appear to be involved from the visible blockchain data.
https://cryptonewsreview.com/breaking-binance-freezes-funds-stolen-in-cryptopia-hack/