The Largest Cryptocurrency Hacks Of All Time

Cryptocurrency allows us to reclaim control of our funds, basically allowing us to be our own bank. However, because many people rely on third-party wallet providers, their crypto is only as safe as the safeguards and security measures put in place by the provider. Over the years, hackers have attacked weaknesses in these third parties, cryptocurrency hacks have stolen the equivalent of $4 billion. 

However, as we all know, the value of several cryptocurrencies has surged in recent years. This implies that if the hackers had retained all of the cryptos they stole and cashed them in today, they would have amassed a wealth worth more than $90 billion. 

Exchanges are frequently attacked because they have open-source code libraries. Criminals choose to target cryptocurrency exchanges since a single breach might result in the theft of thousands of consumers’ assets. As illegal operations become more complex, more security measures are required.

So, what’s the deal? Have crypto-heists evolved over time? How much money has been stolen? And how many platforms have shut down as a result? 

Crypto criminals, particularly scammers, feast on gullible purchasers in the actual world by reading the tiny print of contracts. 

Bitcoin (BTC) entered the scene following the Global Financial Crisis of 2008-09 in order to protect the globe from future financial catastrophes. However, as proven by several cryptocurrency frauds since their introduction to the globe, cryptocurrencies do not guarantee enough protection for consumers’ assets. 

Because assets are mostly stored online, hackers find it simpler to steal virtual currency than actual cash. Furthermore, large quantities of cryptocurrency may be moved surreptitiously, resulting in significant heists. Have crypto-heists evolved over time? How much money has been stolen? And how many platforms have shut down as a result?

MT GOX

Mt. Gox is still the site of the largest cryptocurrency heist in history, with over 850k Bitcoin stolen between 2011 and 2014. 

It was formerly the largest cryptocurrency exchange in the world, conducting more than 70% of all bitcoin transactions worldwide. The exchange was hacked in 2011, and bitcoin worth $8.75 million was taken. 

Despite promises to enhance its security measures, the exchange was subjected to another hack in 2014. It was done on a considerably grander scale this time.

Approximately 850,000 bitcoins ($615 million) were stolen. They were able to accomplish this by flooding the exchange with a significant quantity of bogus bitcoins. This security breach was one of the first significant ones in the bitcoin industry. 

Mt. Gox alleged that the loss was caused by an underlying issue in Bitcoin known as transaction malleability. Transaction malleability refers to the process of changing a transaction’s unique identifier by changing the digital signature that was used to generate it. 

MtGox’s private keys were hacked in September 2011, and the company did not utilize any auditing measures to detect the incident. Furthermore, because MtGox re-used Bitcoin addresses on a regular basis, the stolen set of keys was routinely utilized to steal new deposits, and by mid-2013, the stolen set of keys had been used to steal new deposits.

By the middle of 2013, about 630k BTC had been removed from the exchange. Surprisingly, WizSec (a group of Bitcoin security experts) says that evidence of continuing theft can be derived from blockchain transactions to support this allegation. 

As demonstrated by Mt. Gox, many organizations employ cold and hot wallets to mitigate huge losses. All coins are sent to the exchange’s cold wallet, where they are manually moved to the hot wallet when needed. If the server of an exchange is hacked, the criminal can only steal money.

KuCoin

The most recent assault was on KuCoin (2020). 

KuCoin is a Singapore-based cryptocurrency exchange. It was established in 2013 and trades in a variety of cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and Ardor. It was attacked in September 2020, and the perpetrators stole about $281 million in coins and tokens. 

Furthermore, hackers obtained the keys to some of the most popular wallets on the market. Despite the fact that KuCoin promptly disabled all transactions on its website, the harm had already been done. This is one of the greatest breaches in the history of crypto assets. 

Following this, the KuCoin management team began an extensive investigation. This quick action achieved excellent consequences, as more than $204 million in money were recovered within weeks.

The exchange also had a significant advance in identifying prospective culprits. 

A North Korean hacking gang, Lazarus Group, has been accused of perpetrating a theft on cryptocurrency exchange KuCoin, resulting in a $275 million loss of cash. The exchange, on the other hand, was able to reclaim around $240 million in payments later. 

The crime is said to have been committed by a hacking gang. This scenario emphasizes the need of moving rapidly and being able to follow transactions in real time. Furthermore, the exchange intends to reimburse all of its users’ losses. 

PancakeBunny 

The flash loan assault, in which hackers stole $200 million from the site, occurred in May 2021 and is one of the more serious occurrences of cryptocurrency swindling To carry out the attack, the hacker borrowed a large amount of Binance Coin (BNB) before manipulating its price and selling it on PancakeBunny’s BUNNY/BNB exchange. 

A flash loan must be taken before repaying the entire amount at once. The hacker received a huge quantity of BUNNY using a flash loan, then sold all of the BUNNY on the market to decrease the price, and then returned the BNB via PancakeSwap. 

Polygonal Network 

In one of the largest cryptocurrency thefts ever, a hacker stole nearly 600 million USD in digital tokens in August 2021. Mr. White Hat, a hacker, exploited a flaw in the network of Poly Network, a DeFi platform. 

The story has become increasingly bizarre as time has passed. the day following the original heist Mr. White Hat not only maintained a public and regular engagement with Poly Network, but they also refunded everything taken a week later, with the exception of $33 million in Tether (USDT) that had been frozen by the issuers. 

Mr. White Hat was allegedly offered a 500,000 USD reward for returning the stolen funds, as well as a job as Poly Network’s senior security officer. 

Cream Finance 

Cream Finance was hacked in October 2021, and the hackers took $130 million. Cream Finance was the victim of its third bitcoin heist of the year, with hackers stealing $37 million in February 2021 and $19 million in August 2021. 

The funds appear to have been received through a flash loan in a high-risk situation in a tremendously intricate transaction involving 68 different assets and costing over 9 ETH in gas The attacker took advantage of the yUSD price oracle computation by using MakerDAO’s DAI to generate a large amount of yUSD tokens. 

As a result, they were able to grab all of Cream Finance’s tokens and assets, totalling $130 million, on the Ethereum network. 

BadgerDAO 

In December 2021, a hacker successfully stole funds from various bitcoin wallets on the DeFi network, BadgerDAO. The phishing issue occurred when a malicious script was inserted into the website’s user interface via Cloudflare. 

To steal $130 million, the hacker used an application programming interface (API) key. The API key was generated without Badger developers’ knowledge or approval.

to frequently insert malicious malware into a subset of its clients However, because the hackers had yet to take assets from Badger’s vaults, around $9 million was recovered. 

Linode 

Linode, a web hosting company, was used by Bitcoin exchanges and community whales to store their hot wallets. Linode was hacked in June 2011, and the virtual services where the hot wallets were housed were attacked. 

Unfortunately, this resulted in the theft of at least 46k BTC, with the exact quantity yet unclear. Bitcoinia, which lost approximately 43k BTC, and Bitcoin.cx, which lost 3k BTC, were also victims, as was Gavin Andresen (Bitcoin creator), who lost 5k BTC. 

BitFloor

While these thefts are less serious, high-impact Bitcoin thefts have continued, with 24k BTC taken from BitFloor in May 2012. In the incident, an attacker obtained access to an unprotected (i.e., unencrypted) backup of wallet keys and stole the virtual currency valued around a quarter-million dollars. As a result, BitFloor’s founder, Roman Shtylman, chose to close the exchange. 

Bitfinex 

As proven by another massive robbery at Bitfinex, which resulted in the loss of 119,756 BTC, the use of multisig (the necessity of several keys to approve a BTC transaction) is not a silver bullet in and of itself. 

Bitfinex had partnered with BitGo to serve as a third-party escrow for customer withdrawals. Bitfinex appears to have likewise opted not to employ cold storage wallets in order to qualify for a legislative exemption under the Commodities and Exchange Act While the use of threshold signatures is tempting, it does not ensure that the ability to allow transactions is distributed. 

Bitfinex is a Hong Kong-based cryptocurrency exchange that was created in 2012. It is controlled by iFinex Inc., the same corporation that created the Tether stablecoin. In 2016, hackers broke into the crypto exchange and stole coins valued more than $60 million. 

Following the incident, Bitfinex was able to trace some money and give refunds to consumers in the form of equity. All damages incurred as a result of the assault were split evenly among the users. 

In 2019, the US government was able to reclaim some of the monies and identify some of the hackers It was discovered that the attack was carried out by two Israeli brothers. Authorities quickly apprehended them and charged them with cybercrime. 

In 2021, it was discovered that the stolen coins had been transferred from one wallet to another. It is thought that some of those participating in the attack are attempting to profit from the high prices of bitcoin.

Bitgrail 

Bitgrail was a tiny Italian exchange that traded in esoteric cryptos such as Nano (XNO), formerly RaiBlocks. Nano was valued as little as 20 cents in November 2017, but as values hovered around $10, the exchange was hacked in February 2018, resulting in a $146 million loss for BitGrail. 

More than 230,000 customers were duped by a Bitcoin cyber heist. Unfortunately, tiny exchanges do not implement basic security measures, such as a cold storage wallet, placing a large amount of money at risk. According to the director of the national center for cyber crimes, Ivano Gabrielli It became clear that the BitGrail CEO, was involved in the BitGrail controversy. 

Coincheck

Coincheck, a Japanese company, had $530 million in NEM (XEM) tokens stolen in January 2018. The identity of the Japanese hackers who breached the security system remains unknown. 

Following the inquiry, Coincheck disclosed that hackers gained access to their system because of a personnel shortage at the time. Because cash were held in hot wallets and insufficient security measures were in place, the hackers were able to successfully compromise the system.

Bitmart 

A compromise of Bitmart’s hot wallet in December 2021 resulted in the loss of around $200 million. Initially, it was assumed that $100 million had been taken via the Ethereum blockchain, but further investigation revealed that another $96 million had been stolen using the Binance Smart Chain blockchain. 

Over 20 tokens were seized, including BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, as well as significant amounts of Moonshot (MOONSHOT), Floki Inu (FLOKI), and BabyDoge (BabyDoge). 

Upbit

This was a hack that only used one transaction. 

Upbit is a cryptocurrency exchange that began operations in 2017. Despite the fact that the exchange is headquartered in South Korea, it has gained popularity in other areas of the world. In reality, in 2018,

In terms of daily transactions, it grew to become the world’s largest crypto exchange. 

However, the exchange was attacked by a significant cyber assault in November 2019. In a single transaction, the crooks were able to breach into the exchange and steal approximately $45 million. 

Within a few days following the attack, the hackers transferred the majority of the cryptocurrency to other wallets, making it more difficult for authorities to track them. After several months, the US Department of Justice was able to identify two Chinese nationals who were involved in the attack. 

It was also found that hackers from North Korea were engaged in the attack. Following that, Upbit attempted to persuade other exchanges to ban the accounts associated with it.

BINANCE

Binance is one of the most well-known names in the industry. The exchange is located in the Cayman Islands and is the largest cryptocurrency exchange in the world (by volume). The exchange supports over 360 different cryptocurrencies and operates in over 1200 marketplaces. 

Furthermore, Binance claims to have created a whole ecosystem of cryptocurrency transactions, research, education, and philanthropy. However, the exchange was rocked by a severe security issue in May 2019. 

Over 7000 bitcoins were taken from the hot wallet by the hackers. The entire cost of the strike was estimated to be around $40 million. The attackers successfully breached the exchange’s security mechanisms, gaining critical information sets such as two-factor codes, APIs, and other data. 

Surprisingly, all of the lost bitcoins have been found and were associated with a single cryptocurrency wallet. The exchange has declared that any losses would be covered by its secure asset fund for users (SAFU).  

We’ve already covered some of the most significant CEX crypto exchange security breaches in history. The extent of these attacks is truly astounding. It is also clear that erecting strong security barriers is insufficient to safeguard against expert cybercriminals. 

Furthermore, the magnitude of some of these assaults emphasizes the necessity for exchanges and other crypto organizations to be particularly watchful in order to detect illegal activity. 

This may be accomplished by collaborating with industry experts who provide solutions such as bitcoin transaction tracking, analytics, and risk assessment. 

All Bitcoin exchange security measures have been proactive in nature, with the goal of preventing a heist. According to the preceding debate, proactive security measures have reduced the impact of robberies, , but they cannot, unfortunately, eliminate a theft. Fundamentally, because to the irreversible nature of the blockchain, there is little an exchange can do to prevent a heist once the relevant private keys have been stolen. 

Any claims made concerning crypto investing should always be scrutinized, especially if they appear to be too good to be true. Also, do not put your confidence in anyone who contacts you directly about investing in Bitcoin or other cryptocurrencies. 

Enable two-factor authentication on your bitcoin wallet and exchange, and never disclose your private key or seed phrase, keeping that information offline in a cold wallet. 

Always check the URLs of websites two or three times.

Please only proceed if you are confident in the validity of the crypto project. Furthermore, any offer that needs an upfront payment, whatever of the amount, should be refused, especially if the price must be paid in cryptocurrency.

Related

en_GBEnglish