Comprehensive Tracker of Crypto Hacks: Major Security Breaches and Incidents
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
Crypto is a popular type of digital currency, and it’s continuously evolving. There are 429.9 million crypto users worldwide, which is set to reach 994.30 million users in 2027. However promising that is, the mainstream adoption of digital currency like crypto is frequently stopped by upsetting hacks.
In 2022, the crypto industry has seen back-to-back hacks on several exchanges and in numerous currencies due to system vulnerabilities and user errors. Although some exploits involve high-profile thefts, others speculate on inside involvement.
Millions, and sometimes billions, worth of crypto are stolen each year. Some get returned to the users, while others become totally out of sight. Read below to learn about all the crypto hacks since their emergence and how the industry handled them.
🔑 Key Takeaways: Mt. Gox, the most prominent crypto exchange platform of its time, experienced the biggest-ever hack of Bitcoins on February 7, 2014. The Axie Infinity hack drew the largest stolen funds during press time, with $620 million worth of crypto assets. Bitcoin is the most stolen crypto coin ever. Hackers have taken a cumulative of over 1.6 million Bitcoins since 2011. Due to the DAO hack, developers needed to facilitate a hard fork on Ethereum, from which Ethereum (ETH) and Ethereum Classic (ETC) were created. |
A Timeline of the Top Crypto Hacks of All Time
Bitcoin was the first-ever cryptocurrency and has been the top-traded and valued coin ever since. It was developed in 2009 by Satoshi Nakamoto, a pseudonym for an anonymous identity or group.
From then on, hackers have targeted the growing crypto industry with over 20,000 types of cryptocurrencies. As time goes by, the stolen worth of crypto keeps increasing. Continue reading to discover every crypto hack from 2011 to the present.
Total Crypto Hacks Reported in 2011: $14.4 billion
The crypto industry was still up-and-coming in 2011 but was not free from hacks. Discover how these exploits started small, and as you go on with the article, the amount of crypto stolen gets bigger.
Mt. Gox 400,000 BTC
Mt. Gox was one of the largest Bitcoin exchanges at the beginning of the crypto industry. It saw a long downfall after hackers compromised its system on late June 19, 2011. A hacker used stolen credentials to grab 400,000 Bitcoins from user accounts, or 6% of all the coins in circulation at that time.
After the hack, Mt. Gox lost an undisclosed amount of Bitcoins due to constant network protocol deficiencies. Due to this persisting issue, Mt. Gox became more vulnerable to bad actors. It will later on suffer a more damaging cyberattack.
After further investigation, Mt. Gox admins found an SQLi vulnerability in their database. This vulnerability is similar to the weakness that LulsZec exploited when they invaded several adult websites. However, LulzSec denies their involvement in the hack.
MyBitcoin Undisclosed amount
MyBitcoin was a popular wallet for Bitcoin. Its website suddenly went offline in July 2011. It resurfaced after one week to announce “an unfortunate incident” about the loss of “a large amount of Bitcoin.” Until now, the exact amount remains undisclosed, and user funds stay unreturned.
Post-hack: MyBitcoin’s initial announcement took over the closed website, indicating the platform had gone into receivership due to a security breach.
Bitcoin7 Undisclosed amount
This hack is less discussed today as Bitcoin 7 was a small Bitcoin exchange website based in Sofia, Bulgaria. On October 5, 2011, Bitcoin7 created a stir when it shut down without notice. Users could no longer access the website and their Bitcoin funds.
Today, Bitcoin7.com remains a registered domain. However, it has privacy enabled, so people have no idea how it is running now.nge this description.
Total Crypto Hacks Reported in 2012: $4.89 billion
💡 Did You Know? The first Bitcoin halving took place In 2012 and has occurred every 4 years since then. During Bitcoin halving, the reward for mining the crypto coin gets cut in half every 210,000 blocks. This event intends to raise Bitcoin demand in the market. |
2012 was a year for crypto development. As mentioned, it saw Bitcoin’s first halving, letting users gain it for half its worth. The industry remains a target for hacks this year. Read further to learn more about them.
Bitcoinica (First hack) 43,554 BTC
The first Bitcoinica hack occurred in March 2012. It’s also known as the Linode Hack, where the thief gained customer support privileges. This hack resulted in the loss of over 43,554 BTC and compromised the platform’s database.
Bitcoinica (Second hack) 18,547 BTC
It’s a tough year for Bitcoinica as it experienced another hack 2 months after the initial one. This time, the hacker took 18,547 BTC. Bitcoinica usernames, passwords, email addresses, and account histories were also compromised.
The platform’s founder, Zhou Tong, later announced its insolvency due to financial stress from the back-to-back hacks. Tong assured users that they could receive all their money back. However, less than 2% of Bitcoinica customers received compensation in 2014.
Bitcoinica’s young CEO, Zhou Tong, announced his “retirement” from Bitcoin after the back-to-back hacks.
Zhou Tong, who was 17 years old when he founded Bitcoinica, left the industry completely after these incidents. He released a statement on Bitcoin Magazine, entitled ‘Bitcoinica: An Obituary’ for his retirement:
“I failed at one thing though,” he writes, “that is generating value for the society. Bitcoinica did create a place for people to trade more efficiently and provide liquidity to the market. However, speculation is a zero-sum game (or negative-sum, strictly saying). I know there can be many justifications for Bitcoinica’s value, but all of them are against my intuition and values. With the confidence and the innate intuition to build wonderful things for a better world, I decided to move on.”
Bitfloor 24,000 BTC
On September 4, 2012, a hacker accessed Bitfloor’s unencrypted data, which they used to transfer 24,000 BTC from the platform.
This exploit led to the loss of almost all the coins in the exchange, pushing Bitfloor to shut down.
Bitfloor’s founder, Roman Shtylman, assured customers will be paid back with the company’s “long-term” plan
Roman Shtylman, the founder of Bitfloor, announced the hack in a Bitcoin forum. He clarified that recovering the coins and paying back customers would be a “long-term” plan.
Silk Road 50,000 BTC
Silk Road was Bitcoin’s largest e-commerce platform. It was an illicit bazaar with illegal items like drugs and pirated digital goods. It’s only accessible through the Tor browser, a private browser for surfing the dark web.
In September 2012, 50,000 Bitcoins were stolen from the platform via a mysterious wireless fraud.
2013 Update: Ross Ulbricht, Silk Road’s founder, was arrested for several cybercrime charges, including conspiracy to hack his own platform.
The next year after the hack, Silk Road’s founder, Ross Ulbricht, was arrested and sentenced to a lifetime in prison for several crimes. The authorities found him guilty of seven charges, including conspiracy to commit computer hacking, conspiracy to launder money, and conspiracy to traffic narcotics through the Internet. He was also given the so-called “kingpin charge” for continuing a criminal enterprise.
April 12, 2023 Update: Authorities finally pinned down the Silk Road hacker, James Zhong, roughly a decade after the hack.
The IRS finally arrested the Silk Road hacker, James Zhong, in April 2023 and recovered 50,000 BTC from his apartment. After years of monitoring Zhong’s movements, the authorities secured a warrant to search his place and found the coins in a circuit board hidden under a popcorn tin.
The coins were worth $600,000 during the hack, but as of writing, the 50,000 BTC are valued at over $3.3 billion, tallying the biggest collection of any currency by the IRS.
Total Crypto Hacks Reported in 2013: $0.42 billion
The community’s trust in crypto began to take serious knocks as more hacks took place in 2013. Discover them in the following sections.
Vircurex
1,454 BTC, 225,263 TRC, and 234,000 LTC
Vircurex was an obscure crypto exchange platform with an equitable user base. In 2014, Vircurex reported its near insolvency due to undisclosed hacks.
The exchange suffered two major hacks, allegedly starting May 10, 2013. The hacker gained login credentials to Vircurex and took 1,454 BTC, 225,263 TRC, and 234,000 LTC.
Upon announcing the year-old cyberattack, Vircurex froze its digital currency withdrawals as it had insufficient reserves to carry out any requests.
Post-hack: Speculations of the Vircurex hacks first emerged in the popular forum Bitcointalk, which was confirmed by Vircurex.
Vircurex user first experienced a website blackout, worrying they couldn’t access their crypto funds.
(Image source)
As it turned out, the platform had been compromised and hackers took a significant amount of crypto. Vircurex froze several crypto assets, such as Bitcoin, Litecoin, Feathercoin, and Terracoin in the platform, which alarmed its user base.
The exchange assured its users that Vircurex won’t be shutting down. Moreover, it will set up a new balance type called “Frozen Funds,” which would cover frozen balances as the company “gradually pays back” losses.
Moreover, it will set up a new balance type called “Frozen Funds,” which would cover frozen balances as the company “gradually pays back” losses.
PicoStocks (First hack) 1,300 BTC
Picostocks was an obscure platform for crypto and stock exchange. It was sketchy from the beginning as an unregulated stock market that mostly traded in Bitcoin. It also disregarded federal security regulations to operate in itself.
When it was roughly seven months old, 1,300 Bitcoins were stolen from its user accounts. The exchange’s founder admitted he has been using the same password for multiple accounts (a bad password habit that 65% of people are guilty of), which resulted in the Bitcoin heist. He called it “just extremely stupid” and took accountability by saying it was “clearly our fault.”
Blockchain.info 50 BTC
Blockchain.info is a notable crypto exchange in its time. That’s why users were shocked that it lost 50 BTC due to a cyberattack. The hackers in this exploit exploited a bug in the exchange’s RNG among Android users.
Post-hack: Ben Reeves, the founder of Blockchain.info, confirmed the hack via a BitcoinTalk reply and assured customers they would provide refunds.
A worried Blockchain.info user lost 1.8 BTC and shared their concern through a post on Bitcointalk.
This post brought attention to the hack, and Blockchain.info founder Ben Reeves responded:
(Image source)
Inputs.io 4,100 BTC
Users deem Inputs.io as a high-security web wallet for Bitcoin and other cryptocurrencies on the rise. Despite its reputation, the platform was unsafe from hackers and lost 4,100 BTC on October 23, 2013.
Post-hack: After the massive attack on the exchange, Inputs.io shut down and could not pay affected users.
The hack left Inputs.io insolvent and all that’s left is its final announcement reposted on Reddit:
Users were instructed to reach out to a given email address. Moreover, based on Inputs.io’s developer, Tradefortress, the company would refund “as much as 100%. For Inputs it is solely based on the amount. 1 BTC at the current sliding scale would be 74%, 2 BTC 65%… This figure is not final, and if we have leftover coins we’ll be able to refund more.”
PicoStocks (Second hack) 5,896 BTC
Five months after the first PicoStocks hack, the platform was robbed again. This time, the stolen amount was 5,896 BTC in total. That amount was missing from the platform’s “hot” and “cold” wallets, which created a stir, as cold wallets are inaccessible online. That raised speculations that the hack was an inside job.
Post-hack: Most of PicoStocks users discovered the hack from Reddit.
PicoStocks announced that the exploit was a “serious loss for the company.” Not long after, PicoStocks shut down its operations.
Total Crypto Hacks Reported in 2014: $31.13 billion
Crypto was most turbulent in 2014. For instance, Bitcoin hit $1,000 in January but plummeted to $111.60 on February 21, 2014 — more than a 90% decline in under 2 months. This year, crypto was vulnerable to hacks, only adding to the industry’s volatility. Learn more about them below.
Mt. Gox 650,000 to 850,000 BTC
Users suddenly lost confidence in Bitcoin when the high-profile exchange platform from Japan, Mt. Gox, was hacked again. The recent hack was more significant as the attackers took 650,000 BTC worth $463 million (that amount of Bitcoin is worth around $24 million to $32 million.
This hack caused Bitcoin’s massive plummet in February 2014 and Mt. Gox’s fatal bankruptcy. The lost funds from this exploit remain unaccounted for until today.
Post-hack: The Mt. Gox hack is the biggest Bitcoin heist ever.
In 2011, Mt. Gox faced its first hack and lost $7 million worth of Bitcoin. Since then, the prominent platform has experienced consecutive security issues.
Before the recent hack in February 2014, Mt. Gox customers reported difficulties withdrawing funds. Then, the platform suddenly suspended all withdrawals after discovering suspicious activity in its digital wallets.
After this series of events, CEO Mark Karpeles apologized on Japanese national TV and announced the company’s bankruptcy.
A month later, Mt. Gox revealed it had “found” 200,000 Bitcoins in the old format. This amount was used to reimburse some of the creditors affected by the hacks.
Speculations around the Mt. Gox hacks are ongoing, with some users still asking for their money back. To this day, around 15% to 20% of the BTC held in the exchange are still waiting to be released to some Mt. Gox creditors.
June 9, 2023 Update: The US DOJ identified and indicted two Russian hackers responsible for the 2014 Mt. Gox.
The US Department of Justice announced the indictment of two Russian nationals, Alexey Bilyuchenko and Aleksandr Verner, for the 2014 Mt. Gox hack.
According to the US DOJ’s press release, the hackers “gained unauthorized access to a server used by Mt. Gox to house cryptocurrency wallets.” Then, Verner and Bilyuchenko used their illegal access to siphon massive amounts of Bitcoin.
Flexcoin 896 BTC
Not long after Mt. Gox’s shutdown, Flexcoin was robbed of 896 BTC, which amounted to all the bitcoins stored in the platform’s hot wallet. Meanwhile, Bitcoins stored in the exchange’s cold wallets were safe.
Flexcoin had insufficient resources to make up for the loss it obtained, forcing its closure immediately after the hack.
Post-hack: Flexcoin was called out on Twitter for making a statement regarding Mt. Gox’s fate, only to face the same issue shortly after.
A few days after Mt. Gox announced its closure, Flexcoin released a brief statement on Twitter to sympathize with its fellow Bitcoin exchange.
When Flexcoin was hacked a few weeks after that post, Twitter users came back to it. They mocked the platform for making a premature statement.
Two days after the Flexcoin exploit, the company tweeted a short announcement regarding its cessation.
Poloniex Undisclosed amount
Thousands of websites experience cyberattack daily due to software vulnerabilities. One fatal example of a cyberattack due to software vulnerability is the Poloniex hack.
The exchange had a weakness in its system’s withdrawal code, letting users simultaneously withdraw funds. The hacker found this exposure and used it to place multiple withdrawals at the same time.
Poloniex’s security feature caught the unusual withdrawals and immediately froze BTC on the platform. The hacker took 12.3% of the platform’s BTC reserves.
Post-hack: Poloniex owner, Tristan D’Agosta, announced the hack in detail by posting on BitcoinTalk.
To survive this hack, Tristan D’Agosta announced that 12.3% of all the Bitcoin in the platform would be deducted temporarily from user accounts and paid in some form in the “indefinite” future.
More importantly, the system will eliminate the vulnerable code and be updated to allow queued withdrawals.
(Images source)
In July of the same year, D’Agosta claimed to have repaid 100% of the affected customers, and several of these users came forward to confirm they had received the compensation.
Poloniex is still operational as one of the major Bitcoin web exchange platforms.
CryptoRush 950 BTC and 2,500 LTC
Before the hack, CryptoRush’s credibility was constantly questioned by some customers and onlookers. In March 2014, one of its founders announced in Bitcointalk that the platform’s BlackCoins were compromised. User wallets were inflated to 22 million coins due to a stake bug, and the hacker took 950 Bitcoins and 2500 Litecoins.
The founder emphasized this incident was because of the Blackcoin developer’s oversight. The developer admitted to this error but refused to provide any real solutions.
CryptoRush closed its market after discovering this issue and remains so until today.
Post-hack: CryptoRush co-founder, who went as “linkandzelda” on the Bitcointalk forum, described the hack in detail and announced the site’s “temporary” suspension of trading.
CryptoRush co-founder’s detailed announcement in Bitcointalk covered all the important points of the hack and the company’s plan to overcome the incident.
This announcement caused a stir among Bitcoin traders, questioning why CryptoRush fell victim to such a simple hack and pointing their fingers at the developers.
Some speculate the hack was a scam, especially since the company was shady.
(Images source)
MintPal 8 million VRC
Hackers spotted a vulnerability in MintPal’s withdrawal system, which they used to circumvent its internal controls. The hackers authorized a huge withdrawal request of 30% of all the Vericoins at that time, or roughly 8 million VRC. Sensitive customer information and passwords connected to the hacked Vericoin wallets were also affected.
MintPal revealed that hackers also tried to steal Bitcoins and Litecoins from the platform. However, those coins were stored in MintPal’s cold wallets, which are inaccessible to the Internet.
Post-hack: The Vericoin development team pushed for a controversial solution: hard forking the coin’s blockchain to reverse the hacker’s transactions.
The response to the MintPal hack stirred controversy as Vericoin developers opted to hard fork the coin’s blockchain.
Hard forking in crypto creates two similar branches of the blockchain ledger. The duplicated chain creates a whole new cryptocurrency.
Applying that to Vericoin’s situation, hard forking would prevent MintPal’s loss of over $2 million in investor funds. The platform proceeded with this contingency plan hours after the hack and deactivated the site’s Vericoin market.
A day after the exploit, July 14, MintPal conducted another hard fork. These procedures created a transaction that moved the stolen Vericoins to a new wallet. On the other hand, blocks that include the hacked transactions were unaccepted by the system’s network.
Cryptsy 13,000 BTC and 30,000 LTC
Thirteen thousand Bitcoins and 300,000 Litecoins were stolen from Cryptsy on July 29, 2014. This exploit was kept secret to the public for two years. Cryptsy only revealed the incident when it was near bankruptcy in 2016.
Post-hack: Cryptsy faced insolvency in 2016, which included its revelation of the July 2014 hack.
Before announcing its bankruptcy in 2016, Cryptsy suspended trade several times in a row. Users also experienced technical problems when withdrawing their funds.
When the company finally disclosed its near-insolvency, Cryptsy talked about multiple incidents and reasons that sent mixed messages about its situation.
For one, the site’s trading volumes have been declining. It also experienced two consecutive phishing attacks that compromised user email addresses and passwords.
“This of course was a critical event for Cryptsy, however at the time the website was earning more than it was spending and we still have some reserves of those cryptocurrencies on hand. The decision was made to pull from our profits to fill these wallets back up over time, thus attempting to avert complete closure of the website at that time.”
Cryptsy also called out a “libelous” article that was published about the company. The post revealed that an ongoing investigation on Cryptsy was underway, led by the US authorities, stating:
“It wasn’t until an article from Coin Fire came out that contained many false accusations that things began to crumble. The article basically caused a bank-run, and since we only had so much in reserves for those currencies problems began.”
Not long after it announced bankruptcy, Cryptsy’s domain went offline and stopped all operations.
January 26, 2022 Update: Cryptsy CEO gets indicted eight years after the 2014 hack
In 2022, the Department of Justice (DOJ) indicted Cryptsy’s CEO, Paul Vernon, for several charges revolving around the 2014 Cryptsy hack and its closure in 2016.
Vernon allegedly stole over $1 million from Cryptsy customers’ wallets and deposited them into his bank account. This heist falls under the same timeline as the 2014 Cryptsy hack, which Vernon kept secret from the public until his platform’s closure in 2016.
Apart from his wire fraud and money laundering charges, Vernon was indicted for tax evasion. Reports from the DOJ state Vernon filed “false and fraudulent” federal income tax reports that allowed him to pay less than he needed.
BTER (First hack) 51.67 million NXT
BTER is a China-based crypto exchange platform. Its hosting servers were attacked in August 2014, resulting in the loss of over 50 million NXT.
The company revealed little detail about the hack, but its developers exhibited transparency in resolving the incident. Several posts on crypto forums and Twitter were posted by BTER developers to update their user base and stimulate open discussions on what to do next.
Post-hack: BTER’s official statement also asked customers to help the company decide its next steps after the heist.
The hack was revealed through a Bitcointalk forum post by one of BTER’s NXT developers. He also asked for the public’s opinion on whether the company would keep forging the existing branch or remove the blocks and forge a new one. The former would mean keeping the 50+ million NXT that then belonged to the thief.
(Image source)
Payback plan: BTER established its intentions to recover the stolen funds from the hacker
Within the same day of the hack, BTER announced through Twitter that the company would look for the hacker and recover the 50+ million NXT coins back.
Total Crypto Hacks Reported in 2015: $0.45 million
Bitcoin triumphed as the best-performing cryptocurrency in 2015. It had a 40% net gain, which is double the amount of the second-best currency at that time. Bitcoin was so popular that it was also the most-targeted currency in the crypto industry.
Bitstamp 19,000 BTC
Bitstamp is one of the longest-running crypto exchange platforms. Despite its acclaim, the exchange is still liable to cyberattacks.
On January 4, 2015, one of Bitstamp’s employees fell victim to phishing, a cyberattack that manifests in billions of emails daily. The employee accidentally downloaded a file that led to a data breach on Bitstamp, letting the hacker take 19,000 BTC from the platform.
This heist was the first and biggest hack in the crypto industry in 2015.
Post-hack: Bitstamp revealed that a phishing attack victimized six of its employees, which gave way to the hack
Bitstamp customers learned about the hack through an unconfirmed incident report by a single-use account in Reddit. It stated that phishing attempts originally targeted six employees, but only one fell victim.
The report and post are now deleted on all platforms, as requested by Bitstamp Ltd. Regardless, Bitstamp is still operational today and is one of the most trusted crypto exchange platforms.
796 1,000 BTC
The 796 Bitcoin hack is a lesser-known exploit because the recent Bitstamp hack overshadowed it. Moreover, the affected platform was a small exchange based in China.
It didn’t create much of a stir when 1,000 Bitcoins were stolen from the 796 exchange. Hackers got into 796’s system through a withdrawal anomaly and tampered with a customer’s withdrawal address.
Post-hack: 796’s official announcement revealed the hacker tampered with a customer’s withdrawal process
Explanation about the theft last night
January 28, 2015 12:16 Read 3836
At 2221 last night, a user applied for 1000BTC withdrawal on the 796 exchange. Our staff called at 2226 to confirm that it was my operation, because the logged-in IP had different regions and distributed an email confirmation at 22:38. After confirmation, the customer service manager issued the withdrawal at 22:50. At about 3:50 a.m., I received a phone call from the user saying that the withdrawal had not arrived, and immediately called the relevant person in charge of the company to study the problem. After detailed analysis of various logs and audit records, we found that a sub-module updated the system a few days ago had a loophole that was exploited by hackers, resulting in the user’s withdrawal address being tampered with. In addition, the hackers deliberately used an address similar to the original withdrawal address to confuse users and our company’s manual audit. At present, this problem has been fixed, and encryption and monitoring functions have been added. Although the cryptocurrency exchange is often exposed to such risks, after nearly two years of operation, the 796 exchange has also strengthened our risk prevention in this area at the same time, and will continue to strengthen the security monitoring of user account funds in the later stage.
This theft was a problem on the 796 exchange and was used by hackers. The 796 exchange will accrued the undistributed profits of the company’s major shareholders to bear this loss, which has been reissued. In such a high-risk industry, problems are inevitable, which is why 796 major shareholders have not made dividends. Before we get the venture capital, we will do our best to ensure the safety of customers’ assets first. The future is long. 796 will continue to maintain the principle of openness and fairness, integrity-oriented and only service. Thank you for your support and thank you for your support!
(This text is translated from Chinese. See the original post here.)
BTER (Second hack) 7,170 BTC
A year after the BTER hack in February 2014, the site fell victim to another heist. This time, the hacker took 7,170 BTC from the BTER’s cold wallets this time, making it the second biggest crypto hack in 2015.
Before announcing the hack, BTER informed its customers that a “security check” was ongoing. All exchanges were temporarily suspended during this check.
Post-hack: BTER’s official statement revealed plans to track down the hacker with the help of authorities and a 720-BTC bounty:
BTER posted a post-mortem of the hack on a popular Chinese social media platform. It read:
Explanation on the theft of Biter BTC
February 15, 2015 22:10 Reading 16082
After preliminary inspection, it was determined that on February 14, 2015, the hacker used us to fill the hot wallet from the cold wallet and stole all the BTC from the cold wallet of the Biter trading platform, with a total of 7170 BTC, and the transfer record was as:
https://blockchain.info/tx/f5b0363f03e1ed8bb812c135361ea93590c831ce9f13a3750be1b93575baccc6
We have reported the case to the local police station on the morning of February 15, 2015 and was accepted. We will actively cooperate with the police to investigate and deal with it and recover the stolen bitcoins. At the same time, we offer a reward of 720BTC to recover the stolen 7170 bitcoins.
In order to ensure the safety of other funds, we have taken technical measures to stop trading and close all virtual currency online wallets for further inspection. At the same time, we plan to arrange the withdrawal of CNY and other virtual coins as soon as possible to reduce users’ worries. We apologize for the losses caused to users.
By now, Bit has been in operation for nearly two years. I accompanied everyone through the ups and downs of Bitcoin. Accompany everyone to see the decline and rise of multiple currencies. Please rest assured that we will not run away, and we will take responsibility to recover the stolen bitcoins for users.
(This text is translated from Chinese. See the original post here.)
Payback plan: BTER partnered with security firm Jua.com to help return hacked funds to customers
BTER has insufficient funds to repay the affected customers. The website was closed for a month. When it reopened, BTER posted an outline of its payback plan where it will use future profits and a 1-000 BTC loan from Jua.com to repay customers in batches.
CBE Kipcoin 3,000 BTC
Kipcoin, also known as CBE Kipcoin, was the third China-based crypto exchange to get hacked in 2015. On the day of the Chinese Lunar New Year’s Eve, Kipcoin revealed its wallets had been compromised by a hacker who took 3,000 BTC.
Post-hack: Kipcoin’s now-deleted announcement said it would temporarily suspend all services and seek the authorities’ help tracing the hacker’s address.
The company released a statement on the Chinese social media platform, Weibo, which stated all services are temporarily suspended due to a hack.
The hackers accidentally left some trails and Kipcoin publicized their address, from which they believe the stolen Bitcoins were being kept.
1Chg6NxMeTcZ3DQvYA9gocjU4RQwH1LtKD
18zf9CWe4uBy8BesHU3BWqjpibDRRBoPLD
1MYkHXvnWuZ5FaMJkNv4uCLoVC2Ztp2DXK
152BSsbpcGMdj9WBGHq3wXHgJVuqQCs4aJ
16j131w3cvkdAc13sg5nREMiiJj3zoRw5n
16qHXy4RDeek56mNDN84d2F6niE96taQso
175L5Sx81dZZBureP8RtLUyUXoruVdAj1E
17ZJ1sqDRxq7oRVrnNLxoyrvHrtrjtPRfp
17amdMD8JJPcipWqUEwzEtsAuYu1FzkVtg
181qVdiaCcJmzGJV9PEobeYYnkC25PyJdT
18ncsALSWGWRG3JK6yio4PXoiWBbvxAxng
1XgAzaQEe9iDEohWCmdNXSH8XZ74uLBnd
In the same post, Kipcoin assured its customers that no Chinese Yuan was stolen from the platform. Moreover, users will eventually be paid back in Bitcoin. However, the customers would need to wait for the website’s relaunch and the payback.
November 2023 Update: Kipcoin is no longer operational, and its domain is now for sale.
The official statement of Kipcoin has been deleted from Weibo and the Internet. If you access Kipcoin.com today, you will see that the domain is for sale.
Bitfinex (First hack) Undisclosed amount
Bitfinex was still a startup in 2015, the same year it experienced its first hack. Bitfinex’s hot wallets were compromised on May 22, 2015, as the hacker took 0.05% of the company’s Bitcoin holdings.
Onlookers of the incident carried out their own investigation and found that Bitfinex was short of 1,459 Bitcoins after the hack.
Post-hack: Bitfinex users learned how much was 0.05% of Bitcoin worth by looking into a string of transactions in its hot wallets.
Bitfinex didn’t disclose how many Bitcoins were stolen by the hacker. All it revealed was that the amount totaled 0.05% of its Bitcoin reserves.
A curious Bitfinex user looked into the site’s transactions and holdings to determine how many Bitcoins were stolen. According to the breakdown they posted on Reddit, the hack should amount to 1,459 BTC. However, that amount would be equal to a 0.635% loss.
Payback Plan: Bitfinex will absorb any losses experienced by its users, but the timeline of reimbursement remained indefinite.
Users received assurance from Bitfinex that the company would take up any losses experienced by its customers. However, it did not provide any definite time for the payback. Its mode of reimbursement remains unknown as well.
What’s sure was Bitfinex’s dedication to creating a new hot wallet to recover from the loss.
Total Crypto Hacks Reported in 2016: $12.94 billion
In 2016, cryptocurrencies toppled over fiat currencies. One Bitcoin was worth over $400 on January 1, 2016’s closing. Bitcoin was on top of the game throughout the year, boasting a 54% annual gain.
As crypto was gaining hype, banks and other major financial institutions were investing in blockchain tech. With this development comes frustration over struggles with crypto’s mass adoption. Moreover, crypto hacks were prevalent, and the losses were bigger than ever.
ShapeShift 504 BTC, 5,800 ETH, and 1,900 LTC
ShapeShift is a unique crypto exchange platform that doesn’t require user registration. It’s a convenient site that allows customers to exchange cryptocurrencies directly. That means the platform does not hold any user funds.
The exchange is safe by design as it has built-in customer protection, earning its label as the “safest asset exchange on Earth.” It was a shock when customers were met by an offline website one day in April 2015.
Not long after the blackout, ShapeShift CEO, Erik Voorhees, announced on Reddit that the site had experienced a security breach. More details ensued, disclosing the company lost 350 BTC from the latest breach.
The next information made sense to the customers wondering why such a safely built platform got hacked. Voorhees exposed that the hack was due to an insider threat, a problem that 74% of organizations experience more frequently than external threats. According to Voorhees, ShapeShift’s head of IT was behind the heist who took various coins, i.e., 504 BTC, 5,800 ETH, and 1,900 LTC.
Post-hack: ShapeShift CEO officially announces the April security breach that compromised the platform’s hot wallets.
Erik Voorhees discussed the details of the hack in a Reddit post. He mentioned that hacks are inevitable in the industry; they can only learn from this experience and build a more reliable infrastructure.
Update: A few days after the April hack, Erik Voorhees publishes a detailed post in Bitcoin.com, revealing they experienced not just one, but three attacks within four weeks.
The ShapeShift CEO himself disclosed everything that happened before, during, and after the April hack in a Bitcointalk.com article. He called it a story of “sabotage” and “betrayal” since the hack originated within their own team. Shockingly, the story began in March when 350 BTC were stolen.
He introduced the March hacker as their own IT director but did not reveal his real identity as “a final, tenuous courtesy.” He called the saboteur “Bob” throughout the article:
“In the first quarter of this year, as the market discovered what we already knew – that our world will be one of many blockchain assets each needing liquidity with the other – exchange volumes surged at ShapeShift. Ethereum was on the rise, specifically. Our infrastructure was not ready for the pace of growth. It was like riding a bicycle upon which jet engines suddenly appear full-thrust
Unfortunately, Bob did little to be helpful. He puttered around aimlessly while the team worked long hours to keep the ship together.
Scratch that, actually, Bob was not aimless.
He was preparing to steal from us.”
The company never heard from Bob again as he fled to Florida with criminal cases proceeding behind him.
Voorhees’s story pointed out the March hack cost 350 BTC or $130,000 at press time.
After a fruitless pursuit of the stolen money by Bob, Voorhees also needed to tend to his tainted company. In hopes of coming back resiliently from this attack, he arranged a new server infrastructure. In his shock, the new infrastructure’s hot wallets were compromised and Ethereum, Litecoins, and Bitcoins were lost. He emailed the hacker using a leftover address, complimenting them for the premature hack. The email read:
“Nice job on the hack. How did you do it? -Erik”
The hacker briefly responded a few days after:
“One word: Bob”
Following lots of back-and-forths with the new hacker and strenuous speculations around the novel incident, the whole situation finally came together for Voorhees:
Bob sold information on the production servers, access to ShapeShift’s internal network, part of ShapeShift’s source code, and access to an RDP client he had installed on a coworker’s computer, to Rovion, for 50 Bitcoin. The IP and internal router info checked out.
By the end of the article, Voorhees reflected on the silver linings he gained from this taxing experience. He also looked forward to the future of a stronger and better ShapeShift.
Gatecoin 250 BTC and 185,000 ETH
Gatecoin was a Hong Kong-based crypto exchange site that mainly traded in Ethereum.
In May 2019, the company discovered its hot wallets had been compromised. Gatecoin believed the hack started on May 9 and continued for three days, letting the attacker harvest 185,000 ETH and 250 BTC or 15% of Gatecoin’s total assets.
Gatecoin did not immediately reveal the hack to its users. Instead, its website displayed an offline notice for “maintenance” purposes.
Initially, Gatecoin’s website showed a notice that the platform was performing maintenance. Unbeknownst to its customers, Gatecoin was actually looking into the details of the hack.
Payback plan: Gatecoin reached out to investors willing to loan them funds for customer compensation in exchange for equity.
Not long after its website temporarily shut down, Gatecoin released a brief and official statement through its website.
A few days after the announcement, Gatecoin CEO, Aurélien Menant, discussed the hack on Reddit and answered FAQs he received. He also assured customers that no client data were compromised. Moreover, Menant discussed their plan to compensate for customer losses, which includes fund-raising.
The post read:
March 2019 Update: Three years after the hack, Gatecoin announced its liquidation due to failure of payments.
It’s challenging for a startup like Gatecoin to come back stronger from such a huge cyberattack. The exchange struggled to stay afloat, as it constantly experienced trouble with banking services.
In the now-deleted public statement, Gatecoin discussed the company’s dispute with its initial payment service provider (PSP). That issue led to banking services freezing Gatecoin’s accounts in September 2018.
A month after that, Gatecoin found new PSPs based in Europe. However, these new providers failed to process payments on time, causing more losses for Gatecoin.
In March 2019, Gatecoin received a winding-up order, marking the end of the exchange platform.
(Image source)
July 2023 Update: Most Gatecoin creditors are still yet to receive their compensation from the company, bringing forward their concerns regarding their asset values.
Gatecoin creditors consist of customers with leftover funds from the website and those affected by the 2016 hack. These customers are concerned with whether they will acquire funds for the same worth or follow today’s asset values.
To give you an insight, the 2016 hack that saw the loss of 185,000 ETH was worth $2 million then. Today, that amount of Ethereum is valued at over $300 million. That staggering amount of money has been sitting in the hacker’s crypto wallet until today.
Bitcurex 2,300 BTC
The Bitcurex website went offline without any explanation on October 13, 2016. A few days later, Bitcurex finally resurfaced but only with a brief announcement saying the shutdown was due to issues with an update. The site recommended its customers halt transferring funds to the platform.
Bitcurex released another statement a few days later. This time, it mentioned the reason for its downtime was because of damages inflicted by “external interference.”
For customers, this new announcement is still inadequate. Until one Bitcurex user started digging and found that the “interference” referred to the 2,300 BTC transferred out from the site within seconds.
Looking back: Bitcurex has had a history of being a cyberattack target.
In 2014, Bitcurex was almost a victim of a 19,000 BTC theft. The company immediately spotted this transaction and blocked it in no time. It did not result in any losses.
Post-hack: Bitcurex’s post-hack statements briefly discussed the reason behind its website’s shutdown.
Bitcurex customers were left in the dark when the website was suddenly inaccessible. Only after a few days, the site released a short notice regarding the matter. It read:
Ladies and Gentlemen,
In connection with the update of the Bitcoin client, problems appeared on our website. Therefore, we have decided to temporarily suspend the operation of the Bitcurex website.
PLEASE DO NOT MAKE TRANSFERS TO YOUR EXISTING BTC ADDRESSES FOR BITCUREX
We will keep you informed about the progress of work on restoring the website at www.bitcurex.com
We kindly inform you that the support system will not work during modernization works.
Please check the current information on our website.
Sincerely,
Bitcurex team
(Translated from the archive)
Bitcurex released another statement, which the customers found to be as vague as the first one. There were no mentions of a hack or a breach, only issues due to “external interference.”
“On October 13, 2016, as a result of the actions of third parties, the IT systems of the www.bitcurex.com / www.bitcurex.com website were damaged by external interference in the automatic collection and processing of IT data. The consequence of these actions is the loss of part of the assets managed by bitcurex.com / www.dashcurex.com
The owner of the services has concluded appropriate agreements with specialized companies in order to audit security, implement the corrective procedure and, above all, monitor the lost funds.”
(Translated from source)
The inadequacy of these statements pushed one Bitcurex customer to investigate. They uncovered that 2,300 BTC were stolen from Bitcurex within two seconds.
As the news about the theft spread, Bitcurex finally stepped forward and admitted the company’s loss of 2,300 BTC in a lengthy announcement. The exchange also advised its users to report the incident and file complaints to help recover their funds.
February 2017 Update: The Bitcurex website disappeared without any notice.
The final statement that disclosed the hack included a promise that the website would be up by November 2016. Bitcurex held their word and resumed trading in the said timeframe. However, in February 2017, the Bitcurex website suddenly disappeared without explanation.
Looking back at how it vanished, some signs indicated the platform’s inactivity before its disappearance. For instance, its last Twitter and Facebook posts were published on September 16, 2016.
Users were also promised their money back from the 2016 Bitcurex cyberattack. That remains an unfulfilled promise by Bitcurex until today.
The DAO 3.6 million ETH
The DAO hack altered the whole crypto industry, especially the Ethereum you may know today.
An attacker exploited a loophole in the DAO’s code a few weeks after its token sale. The hacker drained 3.6 million ETH from the DAO in just a few hours.
Ethereum founders and other crypto developers raced for a solution. The DAO and its people cannot lose that much money. Vitalik Buterin, Ethereum’s co-founder, suggested a fork to prevent the stolen funds from being moved. However, this suggestion sparked more tension in the community. Forking that much Ethereum would be a huge technological challenge. Most of all, that method raises questions on blockchain’s moral and philosophical foundation.
After careful deliberation, the DAO attempted a soft fork, but this method still opened a bug in the update code. A hard fork was the only way to go, which was eventually performed after a long heated debate.
The DAO hack did not result in any Ethereum loss. However, this method resulted in the creation of a pre-forked version of ETH called Ethereum Classic.
Looking back: The DAO was one of the earliest crowdfunding efforts in the blockchain industry, gathering 12.7 million ETH in its opening.
The DAO, or decentralized autonomous organization, was launched in 2016 as a venture capital firm for Ethereum. It’s an autonomous and self-sustainable organization with no centralized authorities like a CEO. This arrangement reduced costs and gave investors more control.
Instead of authority figures, the DAO was run through smart contracts, and its coding framework was an open source built by Slock.It. Anyone in the Ethereum community was authorized to send Ether in a unique wallet exchange for DAO tokens. These tokens can be used to vote on the organization’s plans and gain profits from the platform.
The token sale, or the Genesis DAO, as the community calls it, gathered 12.7 million Ether in its opening. That figure made it one of the biggest crowdfunds ever. This event went on for 28 days.
During this revolutionizing event, some observers raised concerns regarding the DAO’s code. Computer scientists pointed out a bug in the smart contracts that could allow someone to siphon funds from the organization. DAO programmers set out to fix this bug, but an attacker made it on time and drained one-third of the DAO’s Ethereum, or roughly 3.6 million ETH.
July 25, 2017: The DAO tokens were determined as investment contracts by the US Securities and Exchange Commission (SEC).
After the DAO hack, the organization went under multiple scrutinizations. One department that looked into the platform was the US Securities and Exchange Commission (SEC). According to the SEC, the DAO’s virtual tokens were considered “securities.” Thus, they must be subject to federal securities laws.
Stephanie Avakian, the co-director of the SEC’s Enforcement Division, spoke about the matter:
“The innovative technology behind these virtual transactions does not exempt securities offerings and trading platforms from the regulatory framework designed to protect investors and the integrity of the markets.”
(Quote from SEC July 2017 Press Release)
The agency had decided not to press charges on the DAO. However, its statement implies caution to everyone in the market.
February 2022 Update: Alleged DAO hacker identified as the TenX CEO and founder, Toby Hoenisch.
Laura Shin is the author of The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze and a crypto-journalist. While writing the book, Shin stumbled upon evidence that Toby Hoenisch was behind the DAO hack. She used a secret forensics tool from the crypto tracing firm Chainalysis. After following a trail of withdrawals and wallet addresses, Shin and her team discovered Hoenisch as the alleged person behind the DAO hack.
Hoenisch’s possible motive likely stems from him being one of the people who pointed out the DAO’s vulnerabilities in its code. Since his warnings were just shrugged off, he may have decided to prove people wrong and did what the faulty code called him to do.
Shin contacted Hoenisch by sending him the documents indicating he was the hacker and whether he had comments. Hoenisch briefly replied, saying Shin’s conclusion is “factually inaccurate.” Shin repeatedly contacted Hoenisch to elaborate on his short statement but never got back to her.
Bitfinex 119,756 BTC
Bitfinex, the biggest crypto exchange operating in USD, experienced one of the largest Bitcoin heists on August 2, 2016. Bitfinex announced they lost 119,756 Bitcoins from a security breach. Right after the news broke, Bitcoin’s value plummeted by 20%.
Bitfinex spread the losses across clients and the company’s assets to alleviate the damage.
Post-hack: Bitfinex announced the incident as a security breach resulting in the loss of some user Bitcoins.
The site’s announcement explained the sudden halt in trading was due to a security breach. Bitfinex also disclosed the company was working with the authorities and will look into compensation options for any customer losses after the investigation.
(Image source)
Payback Plan: The Bitfinex team discussed strategic options to repay customers, including looking into investors and giving away BFX tokens.
Four days after the cyberattack, Bitfinex released its statement saying its ready to relaunch within 24 to 48 hours in limited functionality.
Users received assurance from Bitfinex that the company was looking into possible options for compensation. However, these discussions were only beginning, so the reimbursement process will take time.
In the meantime, customers will be given BFX tokens to record their losses. One BFX token is worth every dollar stolen from the customer. These tokens will remain outstanding unless the creditor redeems them or turns them into shares of iFinex Inc.
Read the whole update here.
February 2019 Update: Bitfinex retrieved 0.023% of the Bitcoins stolen.
Since the hack, Bitfinex has been working with international law enforcement agencies to track down the bad actors and the lost funds. In November 2018, Bitfinex was alerted by the US Government that they had obtained Bitcoins believed to be from the 2016 hack.
The total fund retrieved was 27.66270285 BTC, roughly 0.023% of the amount stolen in 2016. The recovered Bitcoins were converted to USD and were used to pay the remaining customers with RRTs (Recovery Right Token).
June 2019 Update: Two Israeli brothers were arrested for alleged involvement in the 2016 Bitfinex hack.
Authorities have not stopped monitoring the stolen Bitcoins from Bitfinex. After three years of dormancy, the swiped funds were moved in June 2019. This activity gave the police a new lead to trace that led them to Israeli brothers Eli and Assaf Gigi.
The Gigi brothers not only participated in the Bitfinex hack but they were also involved in several phishing scams. They lured investors through Telegram or Reddit and collected their login and wallet information.
April 2021 Update: More movements of the stolen Bitcoins were recorded.
People behind the Bitfinex hack were finally moving the stolen funds. First, in 2019, which led to the arrest of the Gigi Brothers.
The next movement was discovered on November 30, 2020, where 5% of the missing Bitcoins (5,000 BTC) were transferred from an unknown address to another. Authorities failed to trace this activity.
New leads emerged in April 2021 when the Twitter account Whale Alert announced that 10% of the missing Bitcoins were transferred to a new address. This movement is in time with Coinbase’s direct listing on Nasdaq. For the authorities, the activity happening at the crypto milestone event was not a coincidence.
February 8, 2022 Update: The US Department of Justice press release revealed a New York couple were allegedly behind the Bitfinex hack.
For six years, law enforcement authorities involved in the 2016 Bitfinex hack diligently followed the money. One day in February of 2022, the US DOJ traced the stolen funds to Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31.
(Image from Heather Morgan’s Instagram @heatherreyhan)
According to the report, the husband-wife duo breached Bitfinex’s system and initiated 2,000 transactions that sent the Bitcoins to Lichtenstein. In the last five years, these hackers had spent 25,000 BTC (20.8%) of the coins they stole through numerous complicated withdrawal processes, making it hard for authorities to find the money.
To move the investigation, the court finally authorized the US DOJ online warrants to look into the couple’s account. They discovered the remaining 94,000 Bitcoins and the private keys directly receiving the funds.
In a statement by Chief Jim Lee of IRS-Criminal Investigation, he summed up the couple’s intention to launder the stolen Bitcoins:
“In a methodical and calculated scheme, the defendants allegedly laundered and disguised their vast fortune,” said Chief Jim Lee of IRS-Criminal Investigation (IRS-CI). “IRS-CI Cyber Crimes Unit special agents have once again unraveled a sophisticated laundering technique, enabling them to trace, access and seize the stolen funds, which has amounted to the largest cryptocurrency seizure to date, valued at more than $3.6 billion.”
(Statement from the US DOJ Press Release)
The $3.6 billion worth of assets recovered is the biggest financial seizure in the history of the US Department of Justice.
July 2023 Update: Liechtenstein and Morgan plead guilty to the Bitfinex hack.
Ilya “Dutch” Lichtenstein admitted to being the hacker behind the Bitfinex hack. However, it’s important to note that the couple was not charged for hacking Bitfinex. Instead, Liechtenstein might face 20 years in prison for one count of conspiracy to commit money laundering.
Heather Morgan, on the other hand, faces a maximum sentence of 5 years in prison for two charges, namely:
Money laundering conspiracy
Conspiracy to defraud the United States government
(Image from Alexandria Adult Detention Center)
Amidst all the pursuit and the tensions that this hack had caused over the years, Bitfinex is still standing today as one of the largest crypto exchanges.
Total Crypto Hacks Reported in 2017: $0.46 billion
The hacks from the previous year made some alterations in the crypto industry forever. As blockchain enters another year of growth, it’s still not free from cyberattacks, especially the South Korean cryptocurrency exchange industry which suffered the most from hacks this year.
Yapizon 3,831 BTC
Yapizon was a crypto exchange platform based in South Korea. It suffered a hack on April 22, 2017, where they lost over 3,800 BTC. Yapizon users only learned about the cyberattack 10 days after it hit.
The platform will suffer another hack as it rebranded to YouBit later in the year.
Post-hack: Yapizon turned its home page to a notice that addressed the hack, including its plan to compensate customers for the lost funds.
The exchange posted a detailed statement on its homepage, revealing the company fell victim to a hack. The bad actor took over 3,800 Bitcoins, and no customer data was compromised.
(Image source)
Payback plan: Yapizon, inspired by Bitfinex, will provide “Fei” tokens for its affected customers.
Copying Bitfinex’s payback strategy, Yapizon distributed the 37% total loss of assets across its customers. To assure its customers, the exchange announced its compensation program. Yapizon provided its customers “Fei” tokens equivalent to the amount they lost.
Bithumb (first hack) Undisclosed amount
Bithumb was the fourth largest crypto exchange platform worldwide when it faced its first cyberattack. No one knew about the hack until Bithumb customers realized someone or something had been draining their funds.
After several days of constantly receiving complaints, Bithumb finally admitted that a breach was behind the anomaly. There were no details besides that.
When pressured by the local media, Bithumb released more information regarding the breach. According to the site’s statement, the attacker hacked a Bithumb employee’s computer. From there, they stole the information of 31,800 Bithumb users.
Bithumb did not disclose how much the customers and company lost. Some users report losing up to 10 million Won ($8,700). Others from the media estimate the loss was around billions of Wons, but Bithumb never confirmed any amount.
The South Korean exchange platform will suffer more significant cyberattacks in the following years.
Payback Plan: Bithumb will initially reimburse a maximum of 100,000 Won ($897) per affected user.
In a now-deleted blog post, Bithumb updated its customers that they are looking into the total loss of the breach. While they do, the exchange was pressured to provide compensation.
It plans to reimburse up to 100,000 won ($897) per customer. This offer is only available until midnight of July 5, 2016. Note that the blog post was posted on Monday, July 3, 2016, roughly giving users 2 days to accept this offer.
YouBit 4,000 BTC
Following the exchange’s rebranding from Yapizon to YouBit, the platform suffered another cyberattack. YouBit ended up losing 17% of its assets, which cost the exchange 4,000 BTC.
In a defeated statement, YouBit apologized for the inconvenience this incident had caused and assured users they would receive partial compensation.
Unable to return from significant back-to-back heists, YouBit also declared bankruptcy and informed its customers about the site’s shutdown.
Payback Plan: Due to inadequate funds, YouBit will only partially refund its customers.
Based on the farewell statement that YouBit has published (it’s now deleted along with its domain), customers would only receive 75% of their crypto on the platform. No further explanation was provided.
EtherDelta 308 ETH
An open-source code is usually the culprit for decentralized exchanges or organizations, but the EtherDelta hack differed.
The EtherDelta hacker sent malicious links that looked legit on the site’s unofficial Discord and Slack channels. The link contains a code that would read the user’s wallet private keys and send them to a PHP script for the hacker to harvest. After that, the attacker can transfer funds out of the user’s wallets.
Based on the Ethereum Blockchain’s data, the hacker successfully stole 308 ETH from the exchange. However, neither the authorities nor the EtherDelta team confirm this amount.
Looking back: EtherDelta was founded in 2016 as one of the first and most popular decentralized exchanges (DEX).
Zachary Coburn founded EtherDelta in 2016. It’s a cleverly built exchange that did not require any authority or third-party control. Instead, it lets customers trade through smart contracts.
Post-hack: EtherDelta announced on Twitter that a hack had targeted the platform’s DNS server.
The exchange advised users not to use the site during the hack’s ongoing investigation.
(Image source)
EtherDelta customers who did not import their private keys in the malicious links “should be safe.” Meanwhile, customers who ran the exchange under MetaMask or a hardware wallet should be “completely safe.” Regardless, EtherDelta still suggested all customers move their funds to a new wallet as a security measure.
November 8, 2018 Update: The Securities and Exchange Commission announced pressing charges against EtherDelta founder Zachary Coburn, leading to him selling the exchange.
The Security and Exchange Commission (SEC) delivered a press release about settling charges to EtherDelta founder Zachary Coburn for “operating an unregistered exchange.”
This announcement followed the SEC’s July statement regarding the DAO’s tokens. Similarly, the tokens in EtherDelta are considered securities. Therefore, EtherDelta must be a registered exchange exchange, which Coburn failed to do.
Neither admitting nor denying SEC’s findings, Coburn paid $300,000 in disgorgement, $13,000 in prejudgement interest, and a $75,000 penalty. This enforcement led to Coburn selling the exchange to an unknown party for an undisclosed amount. It eventually shut down in the same year.
September 2019 Update: US authorities indicted two suspects for the EtherDelta hack.
The Northern District of California Attorney’s Office indicted EtherDelta hackers Elliot Gunton and Anthony Tyler Nashatka for the 2017 EtherDelta hack.
According to the findings, Gunton and Nashatka had indeed modified the exchange’s DNS settings by accessing an EtherDelta employee’s phone number, which they used to open the employee’s email address; the rest was history.
February 2023 Update: EtherDelta still holds customer funds amounting to over $42 million.
Coinbase Director, Conor Grogan, revealed in a Twitter post that EtherDelta still holds ETH assets. Although it’s phased out, EtherDelta allegedly holds over $42 million worth of customer funds, over half of which are Ethereum.
NiceHash 4,736 BTC
Near the end of 2017, S lovenia-based platform, NiceHash encountered a cyberattack. At first, customers had no idea why the crypto-mining platform had emptied their wallets. Later on, they were told it was due to ongoing maintenance.
Once information about the hack was out, the NiceHash team did not disclose the amount taken, but a user followed a wallet address that allegedly belonged to the hacker, and it held 4,736.42 BTC.
This hack became the largest theft in the history of Slovenia.
Post-hack: NiceHash addressed the cyberattack on its website and its plan to halt operations for one day.
Users learned about the hack through NiceHash’s now-deleted post. It briefly read:
“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.”
December 2020 Update: NiceHash completely refunded its affected users three years after the hack.
In a letter released on the site’s blog page, NiceHash CEO Martin Skorjanc revealed the company has been waiving its profits to repay its customers.
“We started to reimburse the damage gradually. We transferred every amount we didn’t need for bare survival to our users’ accounts. In the last three year s, we have regularly waived profits. But we do not regret it, as it heralds the beginning of a new era of growth and development for us. We don’t owe anyone anything anymore. We have fully settled all tax liabilities, and 4,640 bitcoins are again in our users’ accounts.”
Finally, in December 2020, Skorjanc fully reimbursed user wallets affected by the cyberattack.
June 2021 Update: US prosecutors unravel three North Korean hackers were behind the 2017 NiceHash breach.
The NiceHash team was pleased to inform its users that US prosecutors have indicted hackers behind the 2017 incident.
Members of the military intelligence agency of the Democratic People’s Republic of Korea (DPRK) were indicted for several “destructive cyberattacks.” Chang Hyok, Kim Il, and Park Jin Hyok are members of several hacking units, including the famous Lazarus Group. They are behind the theft of $1.3 billion worth of money and cryptocurrency, $75 million of which were from the NiceHash hack.
Total Crypto Hacks Reported in 2018: $0.9 billion
The crypto industry hit a low in 2018. Bitcoin had its worst year ever recorded in 2018, as its price closed 70% lower than the previous year. Major cryptocurrency exchange platforms also endured destructive cyberattacks in 2018. More details about them lie below.
CoinCheck $560 million worth of crypto assets
XEM coins recorded their highest closing value at $1.87 in January 2018. That amount must have enticed attackers so much, leading to the exploit of CoinCheck XEM coins, one of the largest single hacks in history.
On January 26, 2018, CoinCheck lost $560 million worth of assets, most of which were XEM tokens. Reports by the company claimed this incident was due to a shortage of employees and inadequate security measures, which made it easier for the hackers to infiltrate CoinCheck’s system.
Post-hack: CoinCheck reimbursed the loss of 260,000 customers using its capital days after the hack.
After realizing the exchange was hacked, CoinCheck froze its services as soon as possible. CoinCheck also paid 260,000 of the affected customers using Japanese Yen right away.
January 2021 Update: At least 30 people were charged for allegedly stealing from CoinCheck in 2018.
Japan’s Mainichi reported in January 2021 that 30 people allegedly traded $100 million worth of assets stolen from CoinCheck.
These suspects reportedly exchanged the XEM coins for other cryptocurrencies in the darknet. Then, they traded the digital currencies for fiat currencies in various legal exchanges for larger profits.
Bitgrail 17 million NANO (XRB)
Some might think that exchanges as small as Bitgrail are spared from hacks. However, traders flock to smaller platforms and pick up minor coins before they become mainstream.
On February 9, 2018, the site announced that that hackers stole 17 million NANO (formerly RailBlocks). Bitgrail temporarily suspended its operations to investigate and bounce back from the exploit.
February 10, 2018 Update: Nano developers respond to Firano’s controversial request for Bitgrail solvency.
Francesco Firano, founder of Bitgrail, had a $170-million problem after the hack. The whole company was racing to resolve this setback.
On February 10, 2018, the Nano Core team stated Firano’s methods and Bitgrail’s insolvency. About Firano’s plan to regain the lost funds, the Nano Core team revealed:
“Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue.”
The Nano team considered Firano’s methods misleading, leading to the statement:
“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”
(Quotes from Medium)
Nano plummeted by 20% across all exchanges. No further updates regarding the matter were released, except Bitgrail’s latest post on Twitter.
January 21, 2019 Update: The Italian Court ruled Bitgrail and Francesco Firano as bankrupt, urging the latter to return stolen funds to customers.
The Bitgrail Victims Advocacy Group released documents revealing Francesco Firano was behind the $170 million hack in 2018. The former CEO was also allegedly knowledgeable of several missing coins in the platform. He failed to disclose those incidents to the public or solve them.
A part of the document discussing that read:
“In its decision, made public on January 21, 2019, the Court found that the NANO reported lost by Mr. Firano on February 9, 2018, had actually been removed from the exchange months earlier, between July 2017 and December 2017.
The Court criticized Mr. Firano for not immediately taking steps to account for the losses. By waiting to make the shortfall public, Mr. Firano caused the public to suffer substantially larger losses. In July 2017, 2.5 million NANO was valued at approximately $250,000 (1/100th of the value it had in February 2018 when Mr. Firano went public).”
(Quote from document)
In light of these findings, the Italian Court also ordered the seizure of Firano’s personal assets to pay the customers affected by the hack.
CoinSecure 438.318 BTC
Coinsecure is a top Indian crypto exchange platform. It went through a hack while extracting BTG meant for customer distribution, losing 438.318 BTC.
Its team pointed fingers at its CSO, Dr. Amitabh Saxena, who was in charge of the BTG extraction at that time and discovered the so-called hack.
Post-hack: The Coinsecure team speculated that the hack was an inside job.
Coinsecure released a notice on its website announcing that many of its Bitcoin funds were transferred to an unknown address.
The platform claimed its system is rigid and has never been compromised, leading to its accusations of an inside job by Coinsecure CSO Dr. Amitabh Saxena, who had full access to the exchange’s private keys.
The statement read:
Payback Plan: Coinsecure ensured its customers some form of compensation for the loss will be distributed.
The first option that Coinsecure looked into is to track down the lost funds and fully return them to customers. However, that poses a challenge since incidents as such can never be solved overnight.
The other option was to apply lock-in rates immediately, reimbursing 10% of the Coin Holding Balance in BTC, while the remaining 90% will be reimbursed in INR.
Coinrail $40 million worth of crypto assets
Coinrail went offline following a “cyber intrusion” that saw the loss of several coins and tokens. It failed to specify the amount lost, but data shows it suffered $40 million of damage in its assets.
The small crypto exchange based in South Korea informed the public about moving its remaining assets to a cold wallet for safety. However, there were no mentions of how it intends to pay affected customers.
Post-hack: After discovering the hack, Coinrail shut its website down and informed its customers about a “cyber intrusion.”
On Twitter, Coinrail announced it discovered a cyber intrusion in its system that took various coins.
After a few days, CoinRail CEO Nam Kyung-sik issued a public apology in Twitter, including the company’s plans to move forward. However, it doesn’t include any methods to compensate for the loss of affected customers.
(Translation by Google)
Bithumb (second hack) $35 million worth of crypto assets
Bithumb was first hacked in July 2017 and was targeted again by attackers roughly a year later. This time, the hack was more significant as it resulted in a $35 million loss, mostly from stolen XRP coins.
Post-hack: Existing security issues on Bithumb gave way to the hacker’s exploit.
Based on Bithumb’s investigation, security issues manifested days before the attackers charged the exchange. These weak points in Bithumb’s security must have enticed hackers to steal from the platform easily.
When Bithumb’s IT team spotted the breach, they posted a notice of the suspension of select services on the platform.
Bithumb also announced it will be moving some assets to coin wallets for extra security.
Payback Plan: Bithumb confirmed its plans to reimburse affected customers using the company’s reserves.
Affected Bithumb customers will receive compensation from the company’s reserves right away. After learning about that information, experts in the crypto industry praised the company for its transparency and urgency for accountability.
Bancor 24,984 ETH, 229 million NPXS, 3.2 million BNT
Following a decentralized system, Bancor uses a mechanism of smart contracts to function. This quality made customers flock to the platform, but it was also a huge motivator in the hack it faced on July 9, 2018.
According to Bancor, “a wallet used to upgrade some smart contracts was compromised.” The wallet allowed the attacker to drain $12.5 million of Ethereum and $1 million of Pundi X’s NPXS token. The hacker also took $10 million BNT, but Bancor was able to recover it after several day.
Post-hack: Bancor disclosed vital information regarding the hack in full transparency via Twitter.
Zaif $60 million worth of crypto assets
Zaif, a crypto exchange platform based in Japan, had its hot wallets infiltrated by hackers and lost $60 million worth of various crypto coins.
When Zaif announced this incident, only 5,966 BTC were confirmed to have been stolen, while MONA and BTC values remained under investigation. In the end, Zaif estimated the casualty to amount to ¥6.7 billion ($60 million).
Post-hack: Zaif announced to its users that a hack was behind the platform’s temporary shutdown.
In their transparent and detailed announcement, Zaif revealed the hack on its hot wallets started on September 14, 2023, was detected on the 17th and confirmed by the 18th.
The Zaif team took immediate measures by notifying the Financial Services Agency and authorities. As for their plans to bounce back, the comprehensive statement revealed:
“After this case was discovered, we immediately made the following request for support and have already concluded a contract for support. The contents of the support include (1) providing assets equivalent to the assets entrusted by the lost customers, (2) providing technology and personnel to improve security, (3) capital alliances to improve the management foundation, and dispatching management teams.”
(Statement from source; translated by Google)
Total Crypto Hacks Reported in 2019: $1.13 billion
Ten hacks occurred in 2019, and their accumulative damages amount less than the Mt. Gox hack, crypto’s biggest hack ever. Check out one of the longest lists of crypto hacks below.
Cryptopia (First hack) $30 million
Cryptopia was a New Zealand-based crypto exchange that went defunct after a $30 million heist, which was equivalent to 15% of all its customers’ funds.
The platform tried its best to return to its normal operations. However, it could not bounce back from the hack and was subject to liquidation five months after the attack.
Post-hack: Cryptopia announced the security breach via Twitter and has been working with appropriate authorities to investigate the incident.
A day after the site’s unscheduled maintenance, Cryptopia finally revealed it suffered a security breach. The platform was put under supervision, and trading was halted while Cryptopia assessed the damages.
The New Zealand Police led the investigation on the Cryptopia hack, who commented on the speculations surrounding the hack’s nature.
“We are also aware of speculation in the online community about what might have occurred. It is too early for us to draw any conclusions and Police will keep an open mind on all possibilities while we gather the information we need.”
(Quote from New Zealand Police Media Centre)
May 2019 update: Unable to restart its trading services, Cryptopia was forced to enter liquidation.
While under investigation by the New Zealand Police, Cryptopia’s site was inactive indefinitely. Two months after the hack, Cryptopia launched a read-only website stating that it struggled to return to its full operation.
Cryptopia kept updating its users via Twitter about its website rebuilding progress. However, before Cryptopia returned to full-service mode, it entered liquidation due to its financial inability to bounce back from the hack.
LocalBitcoins 7.9 BTC
LocalBitcoins was a popular peer-to-peer Bitcoin exchange platform. It saw its downfall when hackers exploited its customers, who were redirected to an identical site to LocalBitcoins’s discussion forum login page. Once the customers entered their login details, the hacker intercepted 2FA one-time codes and harvested user information and funds.
The site temporarily disabled access to its discussion forums after learning about unauthorized transactions in six user accounts. The loss from this incident amounted to 7.9 Bitcoins.
Post-hack: The LocalBitcoins team announced a breach that affected six user accounts, losing 7.9 Bitcoins.In a single-used Reddit account, LocalBitcoin stated the hack was discovered on January 26, 2019. The company disabled outgoing transactions right away and investigated the matter. Later on, LocalBitcoin narrowed the source from the website’s discussion forum and disabled user access to it. This quick action stopped the hack, with six affected users and almost eight Bitcoins taken.February 9, 2023 Update: LocalBitcoins declared its closure due to declining trading volume and market share.LocalBitcoins was as novel as Bitcoin itself when the site launched. It also offered a unique service that allowed peer-to-peer exchange where users could meet in person and facilitate more private exchange. After the hack, the platform struggled to maintain its footing in the industry as its trading volume and market shares. On February 9, 2023, the valued exchange announced that its site would close. It also included advice on how users must proceed with their funds on the platform.
DragonEx (First hack) $7 million worth of crypto assets
The Lazarus Group struck again, not sparing DragonEx from a damaging cyberattack. These notorious hackers created a legit-looking fake business and website called WFCWallet, which contained infected software.
When installed, WFCWallet would open a backdoor on an infected Apple Mac. That then gave the hackers the ability to uncover individual private keys of users.
To get into DragonEx, attackers contacted one of its senior executives about the software. After persistently contacting the executive about it, the DragonEx employee downloaded the software onto their Mac. Unfortunately, their compromised computer contained private keys for customer accounts, which the hackers gained access to.
This hack left DragonEx with a $7 million loss in various cryptocurrencies, such as Bitcoin, Litecoin, and Ripple.
Post-hack: DragonEx immediately spotted the anomalies from the hack and implemented a proper response.
Upon discovering the cyberattack, DragonEx took its platform offline, announcing it was due to a sudden system upgrade. After a while, it issued a statement across its social media platforms that revealed the hack.
DragonEx assured its customers that necessary steps would be taken to reimburse losses and improve its system’s security.
In a different Telegram announcement, the DragonEx team released the addresses where the stolen funds were transferred by the hacker.
(Image source)
April 19, 2019 Update: Uppsala Security Operations Team researchers tracked the 20 hacker wallet addresses and found them stored in several crypto exchanges.
The Sentinel Protocol Team revealed the process of tracking the stolen crypto funds in a blog post. The tracking process was led by researchers on the Uppsala Security Operations Team using the Crypto Analysis Transaction Virtualization (CATV) tool.
The procedure was only a case study, but it bore the locations of several of the hacker’s wallets, which are distributed across different crypto exchange platforms.
(Image source)
CoinBene 109 ERC-20 tokens
CoinBene was a top cryptocurrency exchange in its time. The platform began its downhill descent after suddenly closing its site for “maintenance” on March 26, 2019.
Its customers and some experts did not buy that reason. Some onlookers spearheaded their own investigation, like Nick Saponaro, CIO of blockchain startup Diviproject. He posted on Twitter that there were huge outgoing transactions in CoinBene for Ethereum and Etherscan during the alleged maintenance.
CoinBene remained silent regarding these allegations and has not issued any statement. Meanwhile, more experts looked into the platform, which has lost 109 ERC-20 tokens while under maintenance.
March 28, 2019 update: Data scientists from Elementus released details of recent transactions in CoinBene, showing $105 million worth of crypto siphoned out of the platform.
A day after CoinBene’s first maintenance notice, the company assured its users the site was going through the said procedure. However, the findings of data scientists at Elementus prove otherwise.
According to Elementus, there was $105 million worth of cryptocurrency moved out from CoinBene’s hot wallets. This information could be a direct indication that CoinBene suffered a hack. Elementus clarified it was not trying “to refute what CoinBene is claiming.” Nonetheless, Elementus’s observation “is consistent with how exchange hacks commonly play out.”
November 3, 2021 update: CoinBene closed due to “operational requirements of cryptocurrency laws and regulations in various regions.”
Roughly two years after the unverified CoinBene hack, the platform announced its systems closure starting November 31, 2021. According to CoinBene’s official statement, the platform must close “to meet the requirements for cryptocurrency laws and regulations in various regions.”
(Image source)
Bithumb (third hack) 3 million EOS
Bithumb suffered hacks back in 2017 and 2018, and still remained operational. However, attackers were not one with it yet as another unknown group of cyberthieves hit the site on March 29, 2019.
According to Bithumb’s official statement, its team spotted an “abnormal withdrawal” from its system and immediately investigated the situation. The company also stated the hack was an “accident involving insiders,” speculating it was an inside job.
Post-hack: Bithumb assured users that the stolen funds were company property and no customer assets were affected.
Some key information from Bithumb’s statement includes the nature of the hack, which was allegedly an inside job. Meanwhile, Bithumb assured its customers that all stolen crypto was company property.
(Statement source)
Bithumb did not disclose how much crypto was taken by the attackers. Instead, insiders tracked the transactions made by the hacker and deduced around 3 million EOS were siphoned from Bithumb.