The crypto world has almost gotten used to stories of hacking by now. Almost every month, a crypto exchange suffers a security breach that puts user information and funds at risk. Some of the time, the exchange manages to recoup the lost funds, other times, not so much.
Sometimes, some of the incidents involve external parties, while others point to an inside job.
In this piece, we’ve compiled an updated list of some of the major crypto hacks in history.
Mt. Gox
Date: June 2011 (and up to February 2014)
Amount lost: 790, 000+ BTC
In March 2014, Japan-based crypto-exchange Mt. Gox declared bankruptcy citing a loss of funds through hacks and thefts. The compromises had gone on unreported for more than three years, being later tracked down by blockchain analyst Kim Nilsson. Due to the sheer volume it transacted and its market standing, Mt. Gox’s fall caused the Bitcoin market to crash in 2014. This is a highlight of the major attacks:
- On March 1, 2011, hackers made away with 80, 000 BTC from Mt. Gox’s hot wallet after making a copy of the wallet.dat file.
- In May 2011, thieves stole 300, 000 BTC that was temporarily kept in an unsecured off-site wallet kept in a private network drive. But shortly after, the hacker got cold feet and returned the funds, but after keeping 1% of the funds.
- In June 2011, a hacker got into founder Jed McCaleb’s computer admin account and artificially tanked market prices. In the end, they made away with 2,000 BTC.
- In September 2011, someone got read-write access to Mt.Gox’s database. Once there, they created new customer accounts, inflated user balances, and took out 77,500 BTC, after which they deleted much of the evidence of those transactions.
- In October 2011, a bug in Mark Karpele’s new wallet software caused it to send 2,609 BTC to an unspendable null address.
- In 2013, a hacker obtained Mt.Gox’s wallet.dat file and executed the largest theft yet, one of 630,000 BTC.
Bitcomat.pl
Date: July 27, 2011
Amount Lost: Approximately 17,000 BTC
Bitcoin exchange Bitomat.pl lost 17,000 BTC while restarting their Amazon service server that hosted their wallet.
Bitcoin7
Date: October 2011
Amount lost: 1,000 BTC
Eastern Europe and Russian hackers were able to penetrate Bitcoin7’s servers and access the main funds’ depository as well as hot wallets.
Bitcoinica
Date: March 2012 and May 2012
Amount lost: 43,000 BTC (plus another 18,457 BTC)
Bitcoin exchange Bitcoinica was hosted on Linode, a web hosting provider. Hackers attacked Linode’s servers, which granted them access to the exchange’s wallets. The episodes ultimately caused the closure of Bitcoinica.
BitFloor
Date: September 2012
Amount Lost: 24,000 BTC
A hacker managed to get away with 24,000 BTC after getting access to unencrypted backups of Bitfloor’s wallets.
Vicurex
Date: May 2013
Amount Lost: 1, 454 BTC
Vicurex mysteriously froze all accounts and filed for bankruptcy in 2013 after citing loss of funds due to being hacked. The exchange is still embroiled in a lawsuit after they were sued by former customers.
BitCash
Date: November 2013
Amount Lost: 484 BTC
This was an exchange based in Czech Republic. A minor attack via phishing emails granted the hackers access to customer accounts.
Poloniex
Date: March 4, 2014
Amount lost: 97 BTC
Poloniex, a US-based exchange, announced that a hacker had exploded a vulnerable code in the withdrawal software. The exact details of the hack were not released by the company.
Cryptsy
Date: July 2014
Amount lost:13,000 BTC
The loss of 13,000 BTC through hacking and 30,000 LTC thereafter caused Cryptsy to close shop in 2016.
MintPal
Date: October 2014
Amount lost: 3, 700
This is one of the most befuddling ones yet. In October 2014, MintPal announced that it had been hacked, after which it was bought by a company called Moolah. Moolah itself folded shortly after. Ryan Kennedy, one of Moolah’s operators, allegedly siphoned off the accounts, and prosecutors are still piecing together evidence against him. In another twist, Kennedy is also currently serving a jail term for rape.
796 Exchange
Date: January 2015
Amount Lost: 1, 000 BTC
The China-based exchange lost 1000 BTC after a botched customer request which was caused by hackers interfering with areas of the exchange days before.
Bitstamp
Date: January 2015
Amount lost: 19, 000 BTC
After hackers managed to get into the exchange’s hot wallet and made away with funds, Bitstamp made the decision to start storing 98% of funds in cold storage.
BTER
Date: February 2015
Amount Lost: 7, 170 BTC
The exchange lost funds after hackers managed to penetrate its cold storage. However, community members were skeptical of the attack given the relatively safe nature of cold storage.
KipCoin
Date: February 2015
Amount Lost: 3, 000 BTC
The exchange lost the funds after its web host provider, Linode, was hacked.
Gatecoin
Date: May 2016
Amount lost: 256 BTC
Hackers managed to penetrate the exchange’s hot wallets to drain about $2 million worth of Bitcoin and Ether.
BitFinex
Date: August 2016
Amount lost: 120, 000 BTC
BitFinex lost funds after hackers exploited a loophole in the exchange’s multisig wallet software.
Yapizon
Date: April and December 2017
Amount Lost: 3,800 BTC
The exchange had funds drained from its hot wallets after hackers made into the servers. After this incident, the exchange rebranded into Youbit. But that didn’t stop it from being hacked again in December that year.
Coinsecure
Date: April 2018
Amount lost: 438 BTC
The exchange lost about 438 BTC in what was thought to be an inside job.
Zaif
Date: September 2018
Amount lost: 5, 966 BTC
The exchange filed a case with Japanese authorities to solve the attack, but it never provided details into how the attack happened.
MapleChange
Date: October 2018
Amount Lost: 913 BTC
The Canadian-based exchange announced it had been hacked and would be shutting down. However, community members were convinced it was an exit scam.
QuadrigaCX
Date: December 2018
Amount Lost: 26, 350 BTC
The co-founder of the exchange died on December 2018, with him being allegedly the only one with its private keys. However, court proceedings have proven that there was fund mismanagement and fraud inside the company.
Binance
Date: May 7, 2019
Amount Lost: 7,000 BTC
Through a combination of attacks involving malware, phishing, and other techniques, hackers were able to make away with 7,000 BTC from the world’s largest exchange by volume.
BitTrue
Date: June 2019
Amount Lost: XRP and ADA worth $5 million
GateHub
Date: June 2019
Amount lost: $10 million worth of XRP
The Slovenia-based exchange lost millions worth of Ripple by penetrating some of the exchange’s encrypted secret keys.
Bitpoint
Date: July 12, 2019
Amount Lost: 1,225 BTC
Attackers compromised the exchange without its operators being aware until the money was already on the move. However, the exchange was able to recover some of the coins after they ended up on other exchanges.
Upbit
November 2019
Amount Lost: 342,000 ETH
The South Korea-based exchange was compromised after attackers made off with 342,000 worth of ETH, worth $51 million at the time. The attack occurred when the funds were being moved from the exchange’s hot to cold storage, causing some people to believe the attack was an inside job.
VinDAX
Date: November 2019
Amount Lost: $500,000 worth of crypto
Small Vietnam-based crypto exchange suffered a security breach when hackers made off with half a million dollars worth of crypto.
Altsbit
Date: February 2020
Amount Lost: 6, 929 BTC and 23, 210 ETH, and other coins.
The Italy-based crypto exchange had been around for only a few months before it was hacked, losing half the funds it was stored in the process. The exchange has since announced it will be shutting down the exchange in May 2020.
Final Words
Exchanges will always be targets of attacks, but that doesn’t mean they can’t institute robust measures to stop or even mitigate their impact. Any decent exchange should clearly communicate to users any security initiatives in place. Before you sign up for crypto exchange, make sure you’re clear on their security approach and how they plan to compensate customers in the event of theft. More importantly, always do your due diligence before entrusting your funds with any exchange.