Categories
Crypto Daily Topic

The Major Crypto hacks in history.

The crypto world has almost gotten used to stories of hacking by now. Almost every month, a crypto exchange suffers a security breach that puts user information and funds at risk. Some of the time, the exchange manages to recoup the lost funds, other times, not so much. 

Sometimes, some of the incidents involve external parties, while others point to an inside job. 

In this piece, we’ve compiled an updated list of some of the major crypto hacks in history.

Mt. Gox

Date: June 2011 (and up to February 2014)

Amount lost: 790, 000+ BTC

In March 2014, Japan-based crypto-exchange Mt. Gox declared bankruptcy citing a loss of funds through hacks and thefts. The compromises had gone on unreported for more than three years, being later tracked down by blockchain analyst Kim Nilsson. Due to the sheer volume it transacted and its market standing, Mt. Gox’s fall caused the Bitcoin market to crash in 2014. This is a highlight of the major attacks: 

  • On March 1, 2011, hackers made away with 80, 000 BTC from Mt. Gox’s hot wallet after making a copy of the wallet.dat file. 
  • In May 2011, thieves stole 300, 000 BTC that was temporarily kept in an unsecured off-site wallet kept in a private network drive. But shortly after, the hacker got cold feet and returned the funds, but after keeping 1% of the funds. 
  • In June 2011, a hacker got into founder Jed McCaleb’s computer admin account and artificially tanked market prices. In the end, they made away with 2,000 BTC. 
  • In  September 2011, someone got read-write access to Mt.Gox’s database. Once there, they created new customer accounts, inflated user balances, and took out 77,500 BTC, after which they deleted much of the evidence of those transactions.
  • In October 2011, a bug in Mark Karpele’s new wallet software caused it to send 2,609 BTC to an unspendable null address.
  • In 2013, a hacker obtained Mt.Gox’s wallet.dat file and executed the largest theft yet, one of 630,000 BTC.

Bitcomat.pl

Date: July 27, 2011

Amount Lost: Approximately 17,000 BTC

Bitcoin exchange Bitomat.pl lost 17,000 BTC while restarting their Amazon service server that hosted their wallet.

Bitcoin7

Date: October 2011

Amount lost: 1,000 BTC

Eastern Europe and Russian hackers were able to penetrate Bitcoin7’s servers and access the main funds’ depository as well as hot wallets.

Bitcoinica

Date: March 2012 and May 2012

Amount lost: 43,000 BTC (plus another 18,457 BTC)

Bitcoin exchange Bitcoinica was hosted on Linode, a web hosting provider. Hackers attacked Linode’s servers, which granted them access to the exchange’s wallets. The episodes ultimately caused the closure of Bitcoinica.

BitFloor

Date: September 2012

Amount Lost: 24,000 BTC

A hacker managed to get away with 24,000 BTC after getting access to unencrypted backups of Bitfloor’s wallets.

Vicurex

Date: May 2013

Amount Lost: 1, 454 BTC

Vicurex mysteriously froze all accounts and filed for bankruptcy in 2013 after citing loss of funds due to being hacked. The exchange is still embroiled in a lawsuit after they were sued by former customers. 

BitCash

Date: November 2013

Amount Lost: 484 BTC

This was an exchange based in Czech Republic. A minor attack via phishing emails granted the hackers access to customer accounts.

Poloniex

Date: March 4, 2014

Amount lost: 97 BTC

Poloniex, a US-based exchange, announced that a hacker had exploded  a vulnerable code in the withdrawal software. The exact details of the hack were not released by the company. 

Cryptsy

Date: July 2014

Amount lost:13,000 BTC

The loss of 13,000 BTC through hacking and 30,000 LTC thereafter caused Cryptsy to close shop in 2016. 

MintPal

Date: October 2014

Amount lost: 3, 700

This is one of the most befuddling ones yet. In October 2014, MintPal announced that it had been hacked, after which it was bought by a company called Moolah. Moolah itself folded shortly after. Ryan Kennedy, one of Moolah’s operators, allegedly siphoned off the accounts, and prosecutors are still piecing together evidence against him. In another twist, Kennedy is also currently serving a jail term for rape. 

796 Exchange 

Date: January 2015

Amount Lost: 1, 000 BTC

The China-based exchange lost 1000 BTC after a botched customer request which was caused by hackers interfering with areas of the exchange days before.

Bitstamp 

Date: January 2015 

Amount lost: 19, 000 BTC

After hackers managed to get into the exchange’s hot wallet and made away with funds, Bitstamp made the decision to start storing 98% of funds in cold storage. 

BTER

Date: February 2015

Amount Lost: 7, 170 BTC

The exchange lost funds after hackers managed to penetrate its cold storage. However, community members were skeptical of the attack given the relatively safe nature of cold storage. 

KipCoin

Date: February 2015

Amount Lost: 3, 000 BTC

The exchange lost the funds after its web host provider, Linode, was hacked. 

Gatecoin

Date: May 2016

Amount lost: 256 BTC

Hackers managed to penetrate the exchange’s hot wallets to drain about $2 million worth of Bitcoin and Ether. 

BitFinex

Date: August 2016

Amount lost: 120, 000 BTC

BitFinex lost funds after hackers exploited a loophole in the exchange’s multisig wallet software.

Yapizon 

Date: April and December 2017

Amount Lost: 3,800 BTC

The exchange had funds drained from its hot wallets after hackers made into the servers. After this incident, the exchange rebranded into Youbit. But that didn’t stop it from being hacked again in December that year. 

Coinsecure

Date:  April 2018

Amount lost: 438 BTC

The exchange lost about 438 BTC in what was thought to be an inside job. 

Zaif

Date: September 2018

Amount lost: 5, 966 BTC

The exchange filed a case with Japanese authorities to solve the attack, but it never provided details into how the attack happened. 

MapleChange

Date: October 2018

Amount Lost: 913 BTC

The Canadian-based exchange announced it had been hacked and would be shutting down. However, community members were convinced it was an exit scam.

QuadrigaCX

Date: December 2018

Amount Lost: 26, 350 BTC

The co-founder of the exchange died on December 2018, with him being allegedly the only one with its private keys. However, court proceedings have proven that there was fund mismanagement and fraud inside the company. 

Binance

Date: May 7, 2019

Amount Lost: 7,000 BTC

Through a combination of attacks involving malware, phishing, and other techniques, hackers were able to make away with 7,000 BTC from the world’s largest exchange by volume. 

BitTrue

Date: June 2019

Amount Lost: XRP and ADA worth $5 million

GateHub

Date: June 2019

Amount lost: $10 million worth of XRP

The Slovenia-based exchange lost millions worth of Ripple by penetrating some of the exchange’s encrypted secret keys. 

Bitpoint

Date: July 12, 2019

Amount Lost: 1,225 BTC

Attackers compromised the exchange without its operators being aware until the money was already on the move. However, the exchange was able to recover some of the coins after they ended up on other exchanges. 

Upbit

November 2019

Amount Lost: 342,000 ETH

The South Korea-based exchange was compromised after attackers made off with 342,000 worth of ETH, worth $51 million at the time. The attack occurred when the funds were being moved from the exchange’s hot to cold storage, causing some people to believe the attack was an inside job.  

VinDAX

Date: November 2019

Amount Lost: $500,000 worth of crypto

Small Vietnam-based crypto exchange suffered a security breach when hackers made off with half a million dollars worth of crypto. 

Altsbit

Date: February 2020

Amount Lost: 6, 929 BTC and 23, 210 ETH, and other coins.

The Italy-based crypto exchange had been around for only a few months before it was hacked, losing half the funds it was stored in the process. The exchange has since announced it will be shutting down the exchange in May 2020. 

Final Words

Exchanges will always be targets of attacks, but that doesn’t mean they can’t institute robust measures to stop or even mitigate their impact. Any decent exchange should clearly communicate to users any security initiatives in place. Before you sign up for crypto exchange, make sure you’re clear on their security approach and how they plan to compensate customers in the event of theft. More importantly, always do your due diligence before entrusting your funds with any exchange.