Yesterday 2018.03.16 and today, more and more people on Facebook and in some Twitter posts have been complaining about receiving a warning from the Cryptopia online trading platform about a failed login attempt.

This is chilling when you know you weren't even near a computer, and if you're aware of your own IP address or the range it's usually assigned from, the following message is surprising:

A failed logon attempt was detected from the following IP address: 210.222.49.158

Let me tell you two interesting things to consider! I have two accounts. One that I actively use and another that I don't use at all, it's just linked to a random email address with an extra strong password printed on A4 paper — so no computer storage or anything similar. Both email addresses received this warning!

So what's going on exactly? THERE'S A VERY BIG PROBLEM!

It's fine that someone somehow gets my trading email address — that's not a problem in itself, maybe my email happened to be in some gigantic package of addresses and through trial and error they eventually get a result. BUT! An email address that's practically a random combination of 64 numbers and letters — how is that possible?

On the official site's Forum (https://www.cryptopia.co.nz/Forum/Thread/2400) several people have also indicated that something is wrong! Some people's coins have disappeared, despite having 2FA authentication enabled, something happened. The official pages, Facebook (https://www.facebook.com/cryptopiaexchange), Twitter (https://twitter.com/Cryptopia_NZ) make no mention of having been hit by any hacker attack. Moreover, their official announcements page (https://www.cryptopia.co.nz/news) doesn't contain anything either.

What can be done now? You MUST immediately set up 2FA authentication, and if possible immediately transfer your coins elsewhere from the account! Pay close attention to the exact address! Don't search for it in Google and click the first result because the first result is a phishing site! Antivirus and some special new password setup everywhere — email, Cryptopia, 2FA > Google, etc...

But phishing site or not, can someone please explain to me — if I have such a backup/verification email address for almost every similar site registration, and I didn't accidentally go to the WS domain ending, then there's a bigger problem here than just someone randomly trying a few million email addresses... In my opinion, this system has been hacked and it's only a matter of minutes-hours-days before something happens. Will every coin there completely disappear, or will everything be locked and there'll be some official response?

What's additionally certain! This morning I wrote a letter to Support to find out what this login attempt was about when I wasn't even near a computer... That was about 18 hours ago and still no response. Others on the forum also wrote that there's no response from Cryptopia's side... Anyone who has an account with them and has a non-zero balance on any coin should monitor the official channels! That's all I can do either...

Update1 – 2018.03.18 – 05:00: https://twitter.com/Cryptopia_NZ/status/975262664367554560

Update2 – 2018.03.18 – 05:00: https://help.cryptopia.co.nz/en/p/failed-log-in-attempts-faq