Elementus, the blockchain data science firm which initially figured out that the Cryptopia hackers had gotten away with about eight times the amount reported, has another bombshell report regarding Cryptopia.

The hackers who originally made off with some $16 million worth of crypto tokens have struck again after a 15-day hiatus. Elementus previously noted that many Cryptopia wallets were still vulnerable to attack.

Elementus CEO Max Galka writes:

Among the wallets affected are the 1,948 at-risk wallets we identified previously, some of which have continued to accrue funds as recently as today. The list also includes over 5,000 wallets that had already been drained in the original hack, but have since been topped up, presumably by unknowing Cryptopia users. […] The funds began moving at 6:59 AM this morning (Monday, 28-Jan) […]

Galka reports that the Cryptopia hacker used Ethereum address 0x3b46c790ff408e987928169bd1904b6d71c00305.

At the end of the day’s haul, the funds moved to address 0xaa923cd02364bb8a4c3d6f894178d2e12231655c, which had a balance of nearly 30,790 Ether by time of writing. That amount of Ether is currently worth roughly over $3.2 million, even with a serious recent downward pressure in the price of Ether.

This address is confirmed as having been used in the previous Cryptopia hack. Galka confirms that they initially considered the idea that the exchange was sweeping funds to secure them, but then the last move happened.

As he writes:

Initially, it looked like [Cryptopia securing their funds] could be the case, but by 9:50 PM this evening, it became obvious this was the same hacker. At that time, the incoming transfers stopped and the funds were moved into the address below, one of the wallets used in the prior series of breaches.

Notable in all this is that funds continued to arrive from the free world. People willingly continued to make deposits on Cryptopia following the massive breach of the New Zealand exchange. Any Cryptopia user who has done so, we would appreciate you writing CCN.com and letting us know your rationale. Remember: not your keys, not your coin. Not really. Cryptocurrency works by a different set of laws.

Elementus’ Galka makes an interesting observation, that could explain the situation:

Most of the funds are coming from mining pools. Presumably, these payments are being sent on behalf of miners who opted to receive their rewards automatically via “direct deposit,” and have since forgotten about it.

The Ethereum community has been rocked by dozens of hacks and ICO scams over the past year, as CCN.com reported on Tuesday.