As much as $16 million worth of Ethereum (ETH) and ERC20 tokens were stolen in the recent hack of New Zealand exchange Cryptopia, according to an analysis from blockchain infrastructure firm Elementus, Jan. 20.

Elementus’ findings and analysis were published under a week after Cryptopia first publicly announced its detection of the breach. As reported, the exchange had initially informed the public that the platform was undergoing unscheduled maintenance, before avowing that a hack incurring “significant”— but unspecified — losses had occurred.

According to Elementus, data on the Ethereum public blockchain indicates that funds began to be siphoned from Cryptopia’s two core wallets — one holding ETH, the other tokens — on the morning of Jan. 13.

That same afternoon, once both core wallets had been emptied, funds reportedly began to be transferred out of Cryptopia’s 76,000+ secondary wallets, a process that would continue until the early hours of Jan. 17. At the same time, Cryptopia had informed the public about the incident and alerted law enforcement by Jan. 15.

Elementus indicates that just under $3.6 million in ETH was stolen, with ~$2.4 million in Dentacoin, and almost $2 million in Oyster Pearl, as well ~$3 million in unspecified other tokens.

Value of crypto assets stolen from Cryptopia as of Jan. 19. Source: Elementus

According to Elementus’ investigations, the hackers have thus far cashed out ~$880,000 of the stolen crypto via exchanges, which reportedly include major platforms such as Binance, Huobi and HitBTC. The remaining ~$15 million reportedly remains in two wallets identified as being under control of the perpetrators.

Elementus deems the incident to be unusual in that it differs from two common profiles of exchange hacks: these being either the exploitation of vulnerabilities in a wallet’s smart contract code, or unauthorized access to private key credentials, which typically involves the breach of a single wallet.

In Cryptopia’s case, the thieves’ gained access to as many as over 76,000 wallets, and moreover apparently displayed a lack of urgency in siphoning the funds over time. Elementus moreover suggests that Cryptopia’s inaction — for several days after the incident was detected — may imply the exchange had lost access to its own wallets.

As previously reported, until now estimations of the lost funds ranged between $3-13 million. Up to 40 Cryptopia users are reported to have sought legal representation in the incident’s aftermath.

On Jan. 17, Binance’s CEO reported that the exchange had frozen tokens sent to its wallet by the entity who allegedly hacked Cryptopia.