Comprehensive Tracker of Crypto Hacks: Major Security Breaches and Incidents
DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.
Crypto is a popular type of digital currency, and it’s continuously evolving. There are 429.9 million crypto users worldwide, which is set to reach 994.30 million users in 2027. However promising that is, the mainstream adoption of digital currency like crypto is frequently stopped by upsetting hacks.
In 2022, the crypto industry has seen back-to-back hacks on several exchanges and in numerous currencies due to system vulnerabilities and user errors. Although some exploits involve high-profile thefts, others speculate on inside involvement.
Millions, and sometimes billions, worth of crypto are stolen each year. Some get returned to the users, while others become totally out of sight. Read below to learn about all the crypto hacks since their emergence and how the industry handled them.
| 🔑 Key Takeaways: Mt. Gox, the most prominent crypto exchange platform of its time, experienced the biggest-ever hack of Bitcoins on February 7, 2014. The Axie Infinity hack drew the largest stolen funds during press time, with $620 million worth of crypto assets. Bitcoin is the most stolen crypto coin ever. Hackers have taken a cumulative of over 1.6 million Bitcoins since 2011. Due to the DAO hack, developers needed to facilitate a hard fork on Ethereum, from which Ethereum (ETH) and Ethereum Classic (ETC) were created. |
A Timeline of the Top Crypto Hacks of All Time
Bitcoin was the first-ever cryptocurrency and has been the top-traded and valued coin ever since. It was developed in 2009 by Satoshi Nakamoto, a pseudonym for an anonymous identity or group.
From then on, hackers have targeted the growing crypto industry with over 20,000 types of cryptocurrencies. As time goes by, the stolen worth of crypto keeps increasing. Continue reading to discover every crypto hack from 2011 to the present.
Total Crypto Hacks Reported in 2011: $14.4 billion
The crypto industry was still up-and-coming in 2011 but was not free from hacks. Discover how these exploits started small, and as you go on with the article, the amount of crypto stolen gets bigger.
Mt. Gox 400,000 BTC
Mt. Gox was one of the largest Bitcoin exchanges at the beginning of the crypto industry. It saw a long downfall after hackers compromised its system on late June 19, 2011. A hacker used stolen credentials to grab 400,000 Bitcoins from user accounts, or 6% of all the coins in circulation at that time.
After the hack, Mt. Gox lost an undisclosed amount of Bitcoins due to constant network protocol deficiencies. Due to this persisting issue, Mt. Gox became more vulnerable to bad actors. It will later on suffer a more damaging cyberattack.
After further investigation, Mt. Gox admins found an SQLi vulnerability in their database. This vulnerability is similar to the weakness that LulsZec exploited when they invaded several adult websites. However, LulzSec denies their involvement in the hack.
MyBitcoin Undisclosed amount
MyBitcoin was a popular wallet for Bitcoin. Its website suddenly went offline in July 2011. It resurfaced after one week to announce “an unfortunate incident” about the loss of “a large amount of Bitcoin.” Until now, the exact amount remains undisclosed, and user funds stay unreturned.
Post-hack: MyBitcoin’s initial announcement took over the closed website, indicating the platform had gone into receivership due to a security breach.
Bitcoin7 Undisclosed amount
This hack is less discussed today as Bitcoin 7 was a small Bitcoin exchange website based in Sofia, Bulgaria. On October 5, 2011, Bitcoin7 created a stir when it shut down without notice. Users could no longer access the website and their Bitcoin funds.
Today, Bitcoin7.com remains a registered domain. However, it has privacy enabled, so people have no idea how it is running now.nge this description.
Total Crypto Hacks Reported in 2012: $4.89 billion
| 💡 Did You Know? The first Bitcoin halving took place In 2012 and has occurred every 4 years since then. During Bitcoin halving, the reward for mining the crypto coin gets cut in half every 210,000 blocks. This event intends to raise Bitcoin demand in the market. |
2012 was a year for crypto development. As mentioned, it saw Bitcoin’s first halving, letting users gain it for half its worth. The industry remains a target for hacks this year. Read further to learn more about them.
Bitcoinica (First hack) 43,554 BTC
The first Bitcoinica hack occurred in March 2012. It’s also known as the Linode Hack, where the thief gained customer support privileges. This hack resulted in the loss of over 43,554 BTC and compromised the platform’s database.
Bitcoinica (Second hack) 18,547 BTC
It’s a tough year for Bitcoinica as it experienced another hack 2 months after the initial one. This time, the hacker took 18,547 BTC. Bitcoinica usernames, passwords, email addresses, and account histories were also compromised.
The platform’s founder, Zhou Tong, later announced its insolvency due to financial stress from the back-to-back hacks. Tong assured users that they could receive all their money back. However, less than 2% of Bitcoinica customers received compensation in 2014.
Bitcoinica’s young CEO, Zhou Tong, announced his “retirement” from Bitcoin after the back-to-back hacks.
Zhou Tong, who was 17 years old when he founded Bitcoinica, left the industry completely after these incidents. He released a statement on Bitcoin Magazine, entitled ‘Bitcoinica: An Obituary’ for his retirement:
“I failed at one thing though,” he writes, “that is generating value for the society. Bitcoinica did create a place for people to trade more efficiently and provide liquidity to the market. However, speculation is a zero-sum game (or negative-sum, strictly saying). I know there can be many justifications for Bitcoinica’s value, but all of them are against my intuition and values. With the confidence and the innate intuition to build wonderful things for a better world, I decided to move on.”
Bitfloor 24,000 BTC
On September 4, 2012, a hacker accessed Bitfloor’s unencrypted data, which they used to transfer 24,000 BTC from the platform.
This exploit led to the loss of almost all the coins in the exchange, pushing Bitfloor to shut down.
Bitfloor’s founder, Roman Shtylman, assured customers will be paid back with the company’s “long-term” plan
Roman Shtylman, the founder of Bitfloor, announced the hack in a Bitcoin forum. He clarified that recovering the coins and paying back customers would be a “long-term” plan.
Silk Road 50,000 BTC
Silk Road was Bitcoin’s largest e-commerce platform. It was an illicit bazaar with illegal items like drugs and pirated digital goods. It’s only accessible through the Tor browser, a private browser for surfing the dark web.
In September 2012, 50,000 Bitcoins were stolen from the platform via a mysterious wireless fraud.
2013 Update: Ross Ulbricht, Silk Road’s founder, was arrested for several cybercrime charges, including conspiracy to hack his own platform.
The next year after the hack, Silk Road’s founder, Ross Ulbricht, was arrested and sentenced to a lifetime in prison for several crimes. The authorities found him guilty of seven charges, including conspiracy to commit computer hacking, conspiracy to launder money, and conspiracy to traffic narcotics through the Internet. He was also given the so-called “kingpin charge” for continuing a criminal enterprise.
April 12, 2023 Update: Authorities finally pinned down the Silk Road hacker, James Zhong, roughly a decade after the hack.
The IRS finally arrested the Silk Road hacker, James Zhong, in April 2023 and recovered 50,000 BTC from his apartment. After years of monitoring Zhong’s movements, the authorities secured a warrant to search his place and found the coins in a circuit board hidden under a popcorn tin.
The coins were worth $600,000 during the hack, but as of writing, the 50,000 BTC are valued at over $3.3 billion, tallying the biggest collection of any currency by the IRS.
Total Crypto Hacks Reported in 2013: $0.42 billion
The community’s trust in crypto began to take serious knocks as more hacks took place in 2013. Discover them in the following sections.
Vircurex
1,454 BTC, 225,263 TRC, and 234,000 LTC
Vircurex was an obscure crypto exchange platform with an equitable user base. In 2014, Vircurex reported its near insolvency due to undisclosed hacks.
The exchange suffered two major hacks, allegedly starting May 10, 2013. The hacker gained login credentials to Vircurex and took 1,454 BTC, 225,263 TRC, and 234,000 LTC.
Upon announcing the year-old cyberattack, Vircurex froze its digital currency withdrawals as it had insufficient reserves to carry out any requests.
Post-hack: Speculations of the Vircurex hacks first emerged in the popular forum Bitcointalk, which was confirmed by Vircurex.
Vircurex user first experienced a website blackout, worrying they couldn’t access their crypto funds.
(Image source)
As it turned out, the platform had been compromised and hackers took a significant amount of crypto. Vircurex froze several crypto assets, such as Bitcoin, Litecoin, Feathercoin, and Terracoin in the platform, which alarmed its user base.
The exchange assured its users that Vircurex won’t be shutting down. Moreover, it will set up a new balance type called “Frozen Funds,” which would cover frozen balances as the company “gradually pays back” losses.
Moreover, it will set up a new balance type called “Frozen Funds,” which would cover frozen balances as the company “gradually pays back” losses.
PicoStocks (First hack) 1,300 BTC
Picostocks was an obscure platform for crypto and stock exchange. It was sketchy from the beginning as an unregulated stock market that mostly traded in Bitcoin. It also disregarded federal security regulations to operate in itself.
When it was roughly seven months old, 1,300 Bitcoins were stolen from its user accounts. The exchange’s founder admitted he has been using the same password for multiple accounts (a bad password habit that 65% of people are guilty of), which resulted in the Bitcoin heist. He called it “just extremely stupid” and took accountability by saying it was “clearly our fault.”
Blockchain.info 50 BTC
Blockchain.info is a notable crypto exchange in its time. That’s why users were shocked that it lost 50 BTC due to a cyberattack. The hackers in this exploit exploited a bug in the exchange’s RNG among Android users.
Post-hack: Ben Reeves, the founder of Blockchain.info, confirmed the hack via a BitcoinTalk reply and assured customers they would provide refunds.
A worried Blockchain.info user lost 1.8 BTC and shared their concern through a post on Bitcointalk.
This post brought attention to the hack, and Blockchain.info founder Ben Reeves responded:
Inputs.io 4,100 BTC
Users deem Inputs.io as a high-security web wallet for Bitcoin and other cryptocurrencies on the rise. Despite its reputation, the platform was unsafe from hackers and lost 4,100 BTC on October 23, 2013.
Post-hack: After the massive attack on the exchange, Inputs.io shut down and could not pay affected users.
The hack left Inputs.io insolvent and all that’s left is its final announcement reposted on Reddit:
Users were instructed to reach out to a given email address. Moreover, based on Inputs.io’s developer, Tradefortress, the company would refund “as much as 100%. For Inputs it is solely based on the amount. 1 BTC at the current sliding scale would be 74%, 2 BTC 65%… This figure is not final, and if we have leftover coins we’ll be able to refund more.”
PicoStocks (Second hack) 5,896 BTC
Five months after the first PicoStocks hack, the platform was robbed again. This time, the stolen amount was 5,896 BTC in total. That amount was missing from the platform’s “hot” and “cold” wallets, which created a stir, as cold wallets are inaccessible online. That raised speculations that the hack was an inside job.
Post-hack: Most of PicoStocks users discovered the hack from Reddit.
PicoStocks announced that the exploit was a “serious loss for the company.” Not long after, PicoStocks shut down its operations.
Total Crypto Hacks Reported in 2014: $31.13 billion
Crypto was most turbulent in 2014. For instance, Bitcoin hit $1,000 in January but plummeted to $111.60 on February 21, 2014 — more than a 90% decline in under 2 months. This year, crypto was vulnerable to hacks, only adding to the industry’s volatility. Learn more about them below.
Mt. Gox 650,000 to 850,000 BTC
Users suddenly lost confidence in Bitcoin when the high-profile exchange platform from Japan, Mt. Gox, was hacked again. The recent hack was more significant as the attackers took 650,000 BTC worth $463 million (that amount of Bitcoin is worth around $24 million to $32 million.
This hack caused Bitcoin’s massive plummet in February 2014 and Mt. Gox’s fatal bankruptcy. The lost funds from this exploit remain unaccounted for until today.
Post-hack: The Mt. Gox hack is the biggest Bitcoin heist ever.
In 2011, Mt. Gox faced its first hack and lost $7 million worth of Bitcoin. Since then, the prominent platform has experienced consecutive security issues.
Before the recent hack in February 2014, Mt. Gox customers reported difficulties withdrawing funds. Then, the platform suddenly suspended all withdrawals after discovering suspicious activity in its digital wallets.
After this series of events, CEO Mark Karpeles apologized on Japanese national TV and announced the company’s bankruptcy.
A month later, Mt. Gox revealed it had “found” 200,000 Bitcoins in the old format. This amount was used to reimburse some of the creditors affected by the hacks.
Speculations around the Mt. Gox hacks are ongoing, with some users still asking for their money back. To this day, around 15% to 20% of the BTC held in the exchange are still waiting to be released to some Mt. Gox creditors.
June 9, 2023 Update: The US DOJ identified and indicted two Russian hackers responsible for the 2014 Mt. Gox.
The US Department of Justice announced the indictment of two Russian nationals, Alexey Bilyuchenko and Aleksandr Verner, for the 2014 Mt. Gox hack.
According to the US DOJ’s press release, the hackers “gained unauthorized access to a server used by Mt. Gox to house cryptocurrency wallets.” Then, Verner and Bilyuchenko used their illegal access to siphon massive amounts of Bitcoin.
Flexcoin 896 BTC
Not long after Mt. Gox’s shutdown, Flexcoin was robbed of 896 BTC, which amounted to all the bitcoins stored in the platform’s hot wallet. Meanwhile, Bitcoins stored in the exchange’s cold wallets were safe.
Flexcoin had insufficient resources to make up for the loss it obtained, forcing its closure immediately after the hack.
Post-hack: Flexcoin was called out on Twitter for making a statement regarding Mt. Gox’s fate, only to face the same issue shortly after.
A few days after Mt. Gox announced its closure, Flexcoin released a brief statement on Twitter to sympathize with its fellow Bitcoin exchange.
When Flexcoin was hacked a few weeks after that post, Twitter users came back to it. They mocked the platform for making a premature statement.
Two days after the Flexcoin exploit, the company tweeted a short announcement regarding its cessation.
Poloniex Undisclosed amount
Thousands of websites experience cyberattack daily due to software vulnerabilities. One fatal example of a cyberattack due to software vulnerability is the Poloniex hack.
The exchange had a weakness in its system’s withdrawal code, letting users simultaneously withdraw funds. The hacker found this exposure and used it to place multiple withdrawals at the same time.
Poloniex’s security feature caught the unusual withdrawals and immediately froze BTC on the platform. The hacker took 12.3% of the platform’s BTC reserves.
Post-hack: Poloniex owner, Tristan D’Agosta, announced the hack in detail by posting on BitcoinTalk.
To survive this hack, Tristan D’Agosta announced that 12.3% of all the Bitcoin in the platform would be deducted temporarily from user accounts and paid in some form in the “indefinite” future.
More importantly, the system will eliminate the vulnerable code and be updated to allow queued withdrawals.
(Images source)
In July of the same year, D’Agosta claimed to have repaid 100% of the affected customers, and several of these users came forward to confirm they had received the compensation.
Poloniex is still operational as one of the major Bitcoin web exchange platforms.
CryptoRush 950 BTC and 2,500 LTC
Before the hack, CryptoRush’s credibility was constantly questioned by some customers and onlookers. In March 2014, one of its founders announced in Bitcointalk that the platform’s BlackCoins were compromised. User wallets were inflated to 22 million coins due to a stake bug, and the hacker took 950 Bitcoins and 2500 Litecoins.
The founder emphasized this incident was because of the Blackcoin developer’s oversight. The developer admitted to this error but refused to provide any real solutions.
CryptoRush closed its market after discovering this issue and remains so until today.
Post-hack: CryptoRush co-founder, who went as “linkandzelda” on the Bitcointalk forum, described the hack in detail and announced the site’s “temporary” suspension of trading.
CryptoRush co-founder’s detailed announcement in Bitcointalk covered all the important points of the hack and the company’s plan to overcome the incident.
This announcement caused a stir among Bitcoin traders, questioning why CryptoRush fell victim to such a simple hack and pointing their fingers at the developers.
Some speculate the hack was a scam, especially since the company was shady.
MintPal 8 million VRC
Hackers spotted a vulnerability in MintPal’s withdrawal system, which they used to circumvent its internal controls. The hackers authorized a huge withdrawal request of 30% of all the Vericoins at that time, or roughly 8 million VRC. Sensitive customer information and passwords connected to the hacked Vericoin wallets were also affected.
MintPal revealed that hackers also tried to steal Bitcoins and Litecoins from the platform. However, those coins were stored in MintPal’s cold wallets, which are inaccessible to the Internet.
Post-hack: The Vericoin development team pushed for a controversial solution: hard forking the coin’s blockchain to reverse the hacker’s transactions.
The response to the MintPal hack stirred controversy as Vericoin developers opted to hard fork the coin’s blockchain.
Hard forking in crypto creates two similar branches of the blockchain ledger. The duplicated chain creates a whole new cryptocurrency.
Applying that to Vericoin’s situation, hard forking would prevent MintPal’s loss of over $2 million in investor funds. The platform proceeded with this contingency plan hours after the hack and deactivated the site’s Vericoin market.
A day after the exploit, July 14, MintPal conducted another hard fork. These procedures created a transaction that moved the stolen Vericoins to a new wallet. On the other hand, blocks that include the hacked transactions were unaccepted by the system’s network.
Cryptsy 13,000 BTC and 30,000 LTC
Thirteen thousand Bitcoins and 300,000 Litecoins were stolen from Cryptsy on July 29, 2014. This exploit was kept secret to the public for two years. Cryptsy only revealed the incident when it was near bankruptcy in 2016.
Post-hack: Cryptsy faced insolvency in 2016, which included its revelation of the July 2014 hack.
Before announcing its bankruptcy in 2016, Cryptsy suspended trade several times in a row. Users also experienced technical problems when withdrawing their funds.
When the company finally disclosed its near-insolvency, Cryptsy talked about multiple incidents and reasons that sent mixed messages about its situation.
For one, the site’s trading volumes have been declining. It also experienced two consecutive phishing attacks that compromised user email addresses and passwords.
“This of course was a critical event for Cryptsy, however at the time the website was earning more than it was spending and we still have some reserves of those cryptocurrencies on hand. The decision was made to pull from our profits to fill these wallets back up over time, thus attempting to avert complete closure of the website at that time.”
Cryptsy also called out a “libelous” article that was published about the company. The post revealed that an ongoing investigation on Cryptsy was underway, led by the US authorities, stating:
“It wasn’t until an article from Coin Fire came out that contained many false accusations that things began to crumble. The article basically caused a bank-run, and since we only had so much in reserves for those currencies problems began.”
Not long after it announced bankruptcy, Cryptsy’s domain went offline and stopped all operations.
January 26, 2022 Update: Cryptsy CEO gets indicted eight years after the 2014 hack
In 2022, the Department of Justice (DOJ) indicted Cryptsy’s CEO, Paul Vernon, for several charges revolving around the 2014 Cryptsy hack and its closure in 2016.
Vernon allegedly stole over $1 million from Cryptsy customers’ wallets and deposited them into his bank account. This heist falls under the same timeline as the 2014 Cryptsy hack, which Vernon kept secret from the public until his platform’s closure in 2016.
Apart from his wire fraud and money laundering charges, Vernon was indicted for tax evasion. Reports from the DOJ state Vernon filed “false and fraudulent” federal income tax reports that allowed him to pay less than he needed.
BTER (First hack) 51.67 million NXT
BTER is a China-based crypto exchange platform. Its hosting servers were attacked in August 2014, resulting in the loss of over 50 million NXT.
The company revealed little detail about the hack, but its developers exhibited transparency in resolving the incident. Several posts on crypto forums and Twitter were posted by BTER developers to update their user base and stimulate open discussions on what to do next.
Post-hack: BTER’s official statement also asked customers to help the company decide its next steps after the heist.
The hack was revealed through a Bitcointalk forum post by one of BTER’s NXT developers. He also asked for the public’s opinion on whether the company would keep forging the existing branch or remove the blocks and forge a new one. The former would mean keeping the 50+ million NXT that then belonged to the thief.
(Image source)
Payback plan: BTER established its intentions to recover the stolen funds from the hacker
Within the same day of the hack, BTER announced through Twitter that the company would look for the hacker and recover the 50+ million NXT coins back.
Total Crypto Hacks Reported in 2015: $0.45 million
Bitcoin triumphed as the best-performing cryptocurrency in 2015. It had a 40% net gain, which is double the amount of the second-best currency at that time. Bitcoin was so popular that it was also the most-targeted currency in the crypto industry.
Bitstamp 19,000 BTC
Bitstamp is one of the longest-running crypto exchange platforms. Despite its acclaim, the exchange is still liable to cyberattacks.
On January 4, 2015, one of Bitstamp’s employees fell victim to phishing, a cyberattack that manifests in billions of emails daily. The employee accidentally downloaded a file that led to a data breach on Bitstamp, letting the hacker take 19,000 BTC from the platform.
This heist was the first and biggest hack in the crypto industry in 2015.
Post-hack: Bitstamp revealed that a phishing attack victimized six of its employees, which gave way to the hack
Bitstamp customers learned about the hack through an unconfirmed incident report by a single-use account in Reddit. It stated that phishing attempts originally targeted six employees, but only one fell victim.
The report and post are now deleted on all platforms, as requested by Bitstamp Ltd. Regardless, Bitstamp is still operational today and is one of the most trusted crypto exchange platforms.
796 1,000 BTC
The 796 Bitcoin hack is a lesser-known exploit because the recent Bitstamp hack overshadowed it. Moreover, the affected platform was a small exchange based in China.
It didn’t create much of a stir when 1,000 Bitcoins were stolen from the 796 exchange. Hackers got into 796’s system through a withdrawal anomaly and tampered with a customer’s withdrawal address.
Post-hack: 796’s official announcement revealed the hacker tampered with a customer’s withdrawal process
Explanation about the theft last night
January 28, 2015 12:16 Read 3836
At 2221 last night, a user applied for 1000BTC withdrawal on the 796 exchange. Our staff called at 2226 to confirm that it was my operation, because the logged-in IP had different regions and distributed an email confirmation at 22:38. After confirmation, the customer service manager issued the withdrawal at 22:50. At about 3:50 a.m., I received a phone call from the user saying that the withdrawal had not arrived, and immediately called the relevant person in charge of the company to study the problem. After detailed analysis of various logs and audit records, we found that a sub-module updated the system a few days ago had a loophole that was exploited by hackers, resulting in the user’s withdrawal address being tampered with. In addition, the hackers deliberately used an address similar to the original withdrawal address to confuse users and our company’s manual audit. At present, this problem has been fixed, and encryption and monitoring functions have been added. Although the cryptocurrency exchange is often exposed to such risks, after nearly two years of operation, the 796 exchange has also strengthened our risk prevention in this area at the same time, and will continue to strengthen the security monitoring of user account funds in the later stage.
This theft was a problem on the 796 exchange and was used by hackers. The 796 exchange will accrued the undistributed profits of the company’s major shareholders to bear this loss, which has been reissued. In such a high-risk industry, problems are inevitable, which is why 796 major shareholders have not made dividends. Before we get the venture capital, we will do our best to ensure the safety of customers’ assets first. The future is long. 796 will continue to maintain the principle of openness and fairness, integrity-oriented and only service. Thank you for your support and thank you for your support!
(This text is translated from Chinese. See the original post here.)
BTER (Second hack) 7,170 BTC
A year after the BTER hack in February 2014, the site fell victim to another heist. This time, the hacker took 7,170 BTC from the BTER’s cold wallets this time, making it the second biggest crypto hack in 2015.
Before announcing the hack, BTER informed its customers that a “security check” was ongoing. All exchanges were temporarily suspended during this check.
Post-hack: BTER’s official statement revealed plans to track down the hacker with the help of authorities and a 720-BTC bounty:
BTER posted a post-mortem of the hack on a popular Chinese social media platform. It read:
Explanation on the theft of Biter BTC
February 15, 2015 22:10 Reading 16082
After preliminary inspection, it was determined that on February 14, 2015, the hacker used us to fill the hot wallet from the cold wallet and stole all the BTC from the cold wallet of the Biter trading platform, with a total of 7170 BTC, and the transfer record was as:
https://blockchain.info/tx/f5b0363f03e1ed8bb812c135361ea93590c831ce9f13a3750be1b93575baccc6
We have reported the case to the local police station on the morning of February 15, 2015 and was accepted. We will actively cooperate with the police to investigate and deal with it and recover the stolen bitcoins. At the same time, we offer a reward of 720BTC to recover the stolen 7170 bitcoins.
In order to ensure the safety of other funds, we have taken technical measures to stop trading and close all virtual currency online wallets for further inspection. At the same time, we plan to arrange the withdrawal of CNY and other virtual coins as soon as possible to reduce users’ worries. We apologize for the losses caused to users.
By now, Bit has been in operation for nearly two years. I accompanied everyone through the ups and downs of Bitcoin. Accompany everyone to see the decline and rise of multiple currencies. Please rest assured that we will not run away, and we will take responsibility to recover the stolen bitcoins for users.
(This text is translated from Chinese. See the original post here.)
Payback plan: BTER partnered with security firm Jua.com to help return hacked funds to customers
BTER has insufficient funds to repay the affected customers. The website was closed for a month. When it reopened, BTER posted an outline of its payback plan where it will use future profits and a 1-000 BTC loan from Jua.com to repay customers in batches.
CBE Kipcoin 3,000 BTC
Kipcoin, also known as CBE Kipcoin, was the third China-based crypto exchange to get hacked in 2015. On the day of the Chinese Lunar New Year’s Eve, Kipcoin revealed its wallets had been compromised by a hacker who took 3,000 BTC.
Post-hack: Kipcoin’s now-deleted announcement said it would temporarily suspend all services and seek the authorities’ help tracing the hacker’s address.
The company released a statement on the Chinese social media platform, Weibo, which stated all services are temporarily suspended due to a hack.
The hackers accidentally left some trails and Kipcoin publicized their address, from which they believe the stolen Bitcoins were being kept.
1Chg6NxMeTcZ3DQvYA9gocjU4RQwH1LtKD
18zf9CWe4uBy8BesHU3BWqjpibDRRBoPLD
1MYkHXvnWuZ5FaMJkNv4uCLoVC2Ztp2DXK
152BSsbpcGMdj9WBGHq3wXHgJVuqQCs4aJ
16j131w3cvkdAc13sg5nREMiiJj3zoRw5n
16qHXy4RDeek56mNDN84d2F6niE96taQso
175L5Sx81dZZBureP8RtLUyUXoruVdAj1E
17ZJ1sqDRxq7oRVrnNLxoyrvHrtrjtPRfp
17amdMD8JJPcipWqUEwzEtsAuYu1FzkVtg
181qVdiaCcJmzGJV9PEobeYYnkC25PyJdT
18ncsALSWGWRG3JK6yio4PXoiWBbvxAxng
1XgAzaQEe9iDEohWCmdNXSH8XZ74uLBnd
In the same post, Kipcoin assured its customers that no Chinese Yuan was stolen from the platform. Moreover, users will eventually be paid back in Bitcoin. However, the customers would need to wait for the website’s relaunch and the payback.
November 2023 Update: Kipcoin is no longer operational, and its domain is now for sale.
The official statement of Kipcoin has been deleted from Weibo and the Internet. If you access Kipcoin.com today, you will see that the domain is for sale.
Bitfinex (First hack) Undisclosed amount
Bitfinex was still a startup in 2015, the same year it experienced its first hack. Bitfinex’s hot wallets were compromised on May 22, 2015, as the hacker took 0.05% of the company’s Bitcoin holdings.
Onlookers of the incident carried out their own investigation and found that Bitfinex was short of 1,459 Bitcoins after the hack.
Post-hack: Bitfinex users learned how much was 0.05% of Bitcoin worth by looking into a string of transactions in its hot wallets.
Bitfinex didn’t disclose how many Bitcoins were stolen by the hacker. All it revealed was that the amount totaled 0.05% of its Bitcoin reserves.
A curious Bitfinex user looked into the site’s transactions and holdings to determine how many Bitcoins were stolen. According to the breakdown they posted on Reddit, the hack should amount to 1,459 BTC. However, that amount would be equal to a 0.635% loss.
Payback Plan: Bitfinex will absorb any losses experienced by its users, but the timeline of reimbursement remained indefinite.
Users received assurance from Bitfinex that the company would take up any losses experienced by its customers. However, it did not provide any definite time for the payback. Its mode of reimbursement remains unknown as well.
What’s sure was Bitfinex’s dedication to creating a new hot wallet to recover from the loss.
Total Crypto Hacks Reported in 2016: $12.94 billion
In 2016, cryptocurrencies toppled over fiat currencies. One Bitcoin was worth over $400 on January 1, 2016’s closing. Bitcoin was on top of the game throughout the year, boasting a 54% annual gain.
As crypto was gaining hype, banks and other major financial institutions were investing in blockchain tech. With this development comes frustration over struggles with crypto’s mass adoption. Moreover, crypto hacks were prevalent, and the losses were bigger than ever.
ShapeShift 504 BTC, 5,800 ETH, and 1,900 LTC
ShapeShift is a unique crypto exchange platform that doesn’t require user registration. It’s a convenient site that allows customers to exchange cryptocurrencies directly. That means the platform does not hold any user funds.
The exchange is safe by design as it has built-in customer protection, earning its label as the “safest asset exchange on Earth.” It was a shock when customers were met by an offline website one day in April 2015.
Not long after the blackout, ShapeShift CEO, Erik Voorhees, announced on Reddit that the site had experienced a security breach. More details ensued, disclosing the company lost 350 BTC from the latest breach.
The next information made sense to the customers wondering why such a safely built platform got hacked. Voorhees exposed that the hack was due to an insider threat, a problem that 74% of organizations experience more frequently than external threats. According to Voorhees, ShapeShift’s head of IT was behind the heist who took various coins, i.e., 504 BTC, 5,800 ETH, and 1,900 LTC.
Post-hack: ShapeShift CEO officially announces the April security breach that compromised the platform’s hot wallets.
Erik Voorhees discussed the details of the hack in a Reddit post. He mentioned that hacks are inevitable in the industry; they can only learn from this experience and build a more reliable infrastructure.
Update: A few days after the April hack, Erik Voorhees publishes a detailed post in Bitcoin.com, revealing they experienced not just one, but three attacks within four weeks.
The ShapeShift CEO himself disclosed everything that happened before, during, and after the April hack in a Bitcointalk.com article. He called it a story of “sabotage” and “betrayal” since the hack originated within their own team. Shockingly, the story began in March when 350 BTC were stolen.
He introduced the March hacker as their own IT director but did not reveal his real identity as “a final, tenuous courtesy.” He called the saboteur “Bob” throughout the article:
“In the first quarter of this year, as the market discovered what we already knew – that our world will be one of many blockchain assets each needing liquidity with the other – exchange volumes surged at ShapeShift. Ethereum was on the rise, specifically. Our infrastructure was not ready for the pace of growth. It was like riding a bicycle upon which jet engines suddenly appear full-thrust
Unfortunately, Bob did little to be helpful. He puttered around aimlessly while the team worked long hours to keep the ship together.
Scratch that, actually, Bob was not aimless.
He was preparing to steal from us.”
The company never heard from Bob again as he fled to Florida with criminal cases proceeding behind him.
Voorhees’s story pointed out the March hack cost 350 BTC or $130,000 at press time.
After a fruitless pursuit of the stolen money by Bob, Voorhees also needed to tend to his tainted company. In hopes of coming back resiliently from this attack, he arranged a new server infrastructure. In his shock, the new infrastructure’s hot wallets were compromised and Ethereum, Litecoins, and Bitcoins were lost. He emailed the hacker using a leftover address, complimenting them for the premature hack. The email read:
“Nice job on the hack. How did you do it? -Erik”
The hacker briefly responded a few days after:
“One word: Bob”
Following lots of back-and-forths with the new hacker and strenuous speculations around the novel incident, the whole situation finally came together for Voorhees:
Bob sold information on the production servers, access to ShapeShift’s internal network, part of ShapeShift’s source code, and access to an RDP client he had installed on a coworker’s computer, to Rovion, for 50 Bitcoin. The IP and internal router info checked out.
By the end of the article, Voorhees reflected on the silver linings he gained from this taxing experience. He also looked forward to the future of a stronger and better ShapeShift.
Gatecoin 250 BTC and 185,000 ETH
Gatecoin was a Hong Kong-based crypto exchange site that mainly traded in Ethereum.
In May 2019, the company discovered its hot wallets had been compromised. Gatecoin believed the hack started on May 9 and continued for three days, letting the attacker harvest 185,000 ETH and 250 BTC or 15% of Gatecoin’s total assets.
Gatecoin did not immediately reveal the hack to its users. Instead, its website displayed an offline notice for “maintenance” purposes.
Initially, Gatecoin’s website showed a notice that the platform was performing maintenance. Unbeknownst to its customers, Gatecoin was actually looking into the details of the hack.
Payback plan: Gatecoin reached out to investors willing to loan them funds for customer compensation in exchange for equity.
Not long after its website temporarily shut down, Gatecoin released a brief and official statement through its website.
A few days after the announcement, Gatecoin CEO, Aurélien Menant, discussed the hack on Reddit and answered FAQs he received. He also assured customers that no client data were compromised. Moreover, Menant discussed their plan to compensate for customer losses, which includes fund-raising.
The post read:
March 2019 Update: Three years after the hack, Gatecoin announced its liquidation due to failure of payments.
It’s challenging for a startup like Gatecoin to come back stronger from such a huge cyberattack. The exchange struggled to stay afloat, as it constantly experienced trouble with banking services.
In the now-deleted public statement, Gatecoin discussed the company’s dispute with its initial payment service provider (PSP). That issue led to banking services freezing Gatecoin’s accounts in September 2018.
A month after that, Gatecoin found new PSPs based in Europe. However, these new providers failed to process payments on time, causing more losses for Gatecoin.
In March 2019, Gatecoin received a winding-up order, marking the end of the exchange platform.
(Image source)
July 2023 Update: Most Gatecoin creditors are still yet to receive their compensation from the company, bringing forward their concerns regarding their asset values.
Gatecoin creditors consist of customers with leftover funds from the website and those affected by the 2016 hack. These customers are concerned with whether they will acquire funds for the same worth or follow today’s asset values.
To give you an insight, the 2016 hack that saw the loss of 185,000 ETH was worth $2 million then. Today, that amount of Ethereum is valued at over $300 million. That staggering amount of money has been sitting in the hacker’s crypto wallet until today.
Bitcurex 2,300 BTC
The Bitcurex website went offline without any explanation on October 13, 2016. A few days later, Bitcurex finally resurfaced but only with a brief announcement saying the shutdown was due to issues with an update. The site recommended its customers halt transferring funds to the platform.
Bitcurex released another statement a few days later. This time, it mentioned the reason for its downtime was because of damages inflicted by “external interference.”
For customers, this new announcement is still inadequate. Until one Bitcurex user started digging and found that the “interference” referred to the 2,300 BTC transferred out from the site within seconds.
Looking back: Bitcurex has had a history of being a cyberattack target.
In 2014, Bitcurex was almost a victim of a 19,000 BTC theft. The company immediately spotted this transaction and blocked it in no time. It did not result in any losses.
Post-hack: Bitcurex’s post-hack statements briefly discussed the reason behind its website’s shutdown.
Bitcurex customers were left in the dark when the website was suddenly inaccessible. Only after a few days, the site released a short notice regarding the matter. It read:
Ladies and Gentlemen,
In connection with the update of the Bitcoin client, problems appeared on our website. Therefore, we have decided to temporarily suspend the operation of the Bitcurex website.
PLEASE DO NOT MAKE TRANSFERS TO YOUR EXISTING BTC ADDRESSES FOR BITCUREX
We will keep you informed about the progress of work on restoring the website at www.bitcurex.com
We kindly inform you that the support system will not work during modernization works.
Please check the current information on our website.
Sincerely,
Bitcurex team
(Translated from the archive)
Bitcurex released another statement, which the customers found to be as vague as the first one. There were no mentions of a hack or a breach, only issues due to “external interference.”
“On October 13, 2016, as a result of the actions of third parties, the IT systems of the www.bitcurex.com / www.bitcurex.com website were damaged by external interference in the automatic collection and processing of IT data. The consequence of these actions is the loss of part of the assets managed by bitcurex.com / www.dashcurex.com
The owner of the services has concluded appropriate agreements with specialized companies in order to audit security, implement the corrective procedure and, above all, monitor the lost funds.”
(Translated from source)
The inadequacy of these statements pushed one Bitcurex customer to investigate. They uncovered that 2,300 BTC were stolen from Bitcurex within two seconds.
As the news about the theft spread, Bitcurex finally stepped forward and admitted the company’s loss of 2,300 BTC in a lengthy announcement. The exchange also advised its users to report the incident and file complaints to help recover their funds.
February 2017 Update: The Bitcurex website disappeared without any notice.
The final statement that disclosed the hack included a promise that the website would be up by November 2016. Bitcurex held their word and resumed trading in the said timeframe. However, in February 2017, the Bitcurex website suddenly disappeared without explanation.
Looking back at how it vanished, some signs indicated the platform’s inactivity before its disappearance. For instance, its last Twitter and Facebook posts were published on September 16, 2016.
Users were also promised their money back from the 2016 Bitcurex cyberattack. That remains an unfulfilled promise by Bitcurex until today.
The DAO 3.6 million ETH
The DAO hack altered the whole crypto industry, especially the Ethereum you may know today.
An attacker exploited a loophole in the DAO’s code a few weeks after its token sale. The hacker drained 3.6 million ETH from the DAO in just a few hours.
Ethereum founders and other crypto developers raced for a solution. The DAO and its people cannot lose that much money. Vitalik Buterin, Ethereum’s co-founder, suggested a fork to prevent the stolen funds from being moved. However, this suggestion sparked more tension in the community. Forking that much Ethereum would be a huge technological challenge. Most of all, that method raises questions on blockchain’s moral and philosophical foundation.
After careful deliberation, the DAO attempted a soft fork, but this method still opened a bug in the update code. A hard fork was the only way to go, which was eventually performed after a long heated debate.
The DAO hack did not result in any Ethereum loss. However, this method resulted in the creation of a pre-forked version of ETH called Ethereum Classic.
Looking back: The DAO was one of the earliest crowdfunding efforts in the blockchain industry, gathering 12.7 million ETH in its opening.
The DAO, or decentralized autonomous organization, was launched in 2016 as a venture capital firm for Ethereum. It’s an autonomous and self-sustainable organization with no centralized authorities like a CEO. This arrangement reduced costs and gave investors more control.
Instead of authority figures, the DAO was run through smart contracts, and its coding framework was an open source built by Slock.It. Anyone in the Ethereum community was authorized to send Ether in a unique wallet exchange for DAO tokens. These tokens can be used to vote on the organization’s plans and gain profits from the platform.
The token sale, or the Genesis DAO, as the community calls it, gathered 12.7 million Ether in its opening. That figure made it one of the biggest crowdfunds ever. This event went on for 28 days.
During this revolutionizing event, some observers raised concerns regarding the DAO’s code. Computer scientists pointed out a bug in the smart contracts that could allow someone to siphon funds from the organization. DAO programmers set out to fix this bug, but an attacker made it on time and drained one-third of the DAO’s Ethereum, or roughly 3.6 million ETH.
July 25, 2017: The DAO tokens were determined as investment contracts by the US Securities and Exchange Commission (SEC).
After the DAO hack, the organization went under multiple scrutinizations. One department that looked into the platform was the US Securities and Exchange Commission (SEC). According to the SEC, the DAO’s virtual tokens were considered “securities.” Thus, they must be subject to federal securities laws.
Stephanie Avakian, the co-director of the SEC’s Enforcement Division, spoke about the matter:
“The innovative technology behind these virtual transactions does not exempt securities offerings and trading platforms from the regulatory framework designed to protect investors and the integrity of the markets.”
(Quote from SEC July 2017 Press Release)
The agency had decided not to press charges on the DAO. However, its statement implies caution to everyone in the market.
February 2022 Update: Alleged DAO hacker identified as the TenX CEO and founder, Toby Hoenisch.
Laura Shin is the author of The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze and a crypto-journalist. While writing the book, Shin stumbled upon evidence that Toby Hoenisch was behind the DAO hack. She used a secret forensics tool from the crypto tracing firm Chainalysis. After following a trail of withdrawals and wallet addresses, Shin and her team discovered Hoenisch as the alleged person behind the DAO hack.
Hoenisch’s possible motive likely stems from him being one of the people who pointed out the DAO’s vulnerabilities in its code. Since his warnings were just shrugged off, he may have decided to prove people wrong and did what the faulty code called him to do.
Shin contacted Hoenisch by sending him the documents indicating he was the hacker and whether he had comments. Hoenisch briefly replied, saying Shin’s conclusion is “factually inaccurate.” Shin repeatedly contacted Hoenisch to elaborate on his short statement but never got back to her.
Bitfinex 119,756 BTC
Bitfinex, the biggest crypto exchange operating in USD, experienced one of the largest Bitcoin heists on August 2, 2016. Bitfinex announced they lost 119,756 Bitcoins from a security breach. Right after the news broke, Bitcoin’s value plummeted by 20%.
Bitfinex spread the losses across clients and the company’s assets to alleviate the damage.
Post-hack: Bitfinex announced the incident as a security breach resulting in the loss of some user Bitcoins.
The site’s announcement explained the sudden halt in trading was due to a security breach. Bitfinex also disclosed the company was working with the authorities and will look into compensation options for any customer losses after the investigation.
(Image source)
Payback Plan: The Bitfinex team discussed strategic options to repay customers, including looking into investors and giving away BFX tokens.
Four days after the cyberattack, Bitfinex released its statement saying its ready to relaunch within 24 to 48 hours in limited functionality.
Users received assurance from Bitfinex that the company was looking into possible options for compensation. However, these discussions were only beginning, so the reimbursement process will take time.
In the meantime, customers will be given BFX tokens to record their losses. One BFX token is worth every dollar stolen from the customer. These tokens will remain outstanding unless the creditor redeems them or turns them into shares of iFinex Inc.
Read the whole update here.
February 2019 Update: Bitfinex retrieved 0.023% of the Bitcoins stolen.
Since the hack, Bitfinex has been working with international law enforcement agencies to track down the bad actors and the lost funds. In November 2018, Bitfinex was alerted by the US Government that they had obtained Bitcoins believed to be from the 2016 hack.
The total fund retrieved was 27.66270285 BTC, roughly 0.023% of the amount stolen in 2016. The recovered Bitcoins were converted to USD and were used to pay the remaining customers with RRTs (Recovery Right Token).
June 2019 Update: Two Israeli brothers were arrested for alleged involvement in the 2016 Bitfinex hack.
Authorities have not stopped monitoring the stolen Bitcoins from Bitfinex. After three years of dormancy, the swiped funds were moved in June 2019. This activity gave the police a new lead to trace that led them to Israeli brothers Eli and Assaf Gigi.
The Gigi brothers not only participated in the Bitfinex hack but they were also involved in several phishing scams. They lured investors through Telegram or Reddit and collected their login and wallet information.
April 2021 Update: More movements of the stolen Bitcoins were recorded.
People behind the Bitfinex hack were finally moving the stolen funds. First, in 2019, which led to the arrest of the Gigi Brothers.
The next movement was discovered on November 30, 2020, where 5% of the missing Bitcoins (5,000 BTC) were transferred from an unknown address to another. Authorities failed to trace this activity.
New leads emerged in April 2021 when the Twitter account Whale Alert announced that 10% of the missing Bitcoins were transferred to a new address. This movement is in time with Coinbase’s direct listing on Nasdaq. For the authorities, the activity happening at the crypto milestone event was not a coincidence.
February 8, 2022 Update: The US Department of Justice press release revealed a New York couple were allegedly behind the Bitfinex hack.
For six years, law enforcement authorities involved in the 2016 Bitfinex hack diligently followed the money. One day in February of 2022, the US DOJ traced the stolen funds to Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31.
(Image from Heather Morgan’s Instagram @heatherreyhan)
According to the report, the husband-wife duo breached Bitfinex’s system and initiated 2,000 transactions that sent the Bitcoins to Lichtenstein. In the last five years, these hackers had spent 25,000 BTC (20.8%) of the coins they stole through numerous complicated withdrawal processes, making it hard for authorities to find the money.
To move the investigation, the court finally authorized the US DOJ online warrants to look into the couple’s account. They discovered the remaining 94,000 Bitcoins and the private keys directly receiving the funds.
In a statement by Chief Jim Lee of IRS-Criminal Investigation, he summed up the couple’s intention to launder the stolen Bitcoins:
“In a methodical and calculated scheme, the defendants allegedly laundered and disguised their vast fortune,” said Chief Jim Lee of IRS-Criminal Investigation (IRS-CI). “IRS-CI Cyber Crimes Unit special agents have once again unraveled a sophisticated laundering technique, enabling them to trace, access and seize the stolen funds, which has amounted to the largest cryptocurrency seizure to date, valued at more than $3.6 billion.”
(Statement from the US DOJ Press Release)
The $3.6 billion worth of assets recovered is the biggest financial seizure in the history of the US Department of Justice.
July 2023 Update: Liechtenstein and Morgan plead guilty to the Bitfinex hack.
Ilya “Dutch” Lichtenstein admitted to being the hacker behind the Bitfinex hack. However, it’s important to note that the couple was not charged for hacking Bitfinex. Instead, Liechtenstein might face 20 years in prison for one count of conspiracy to commit money laundering.
Heather Morgan, on the other hand, faces a maximum sentence of 5 years in prison for two charges, namely:
Money laundering conspiracy
Conspiracy to defraud the United States government
(Image from Alexandria Adult Detention Center)
Amidst all the pursuit and the tensions that this hack had caused over the years, Bitfinex is still standing today as one of the largest crypto exchanges.
Total Crypto Hacks Reported in 2017: $0.46 billion
The hacks from the previous year made some alterations in the crypto industry forever. As blockchain enters another year of growth, it’s still not free from cyberattacks, especially the South Korean cryptocurrency exchange industry which suffered the most from hacks this year.
Yapizon 3,831 BTC
Yapizon was a crypto exchange platform based in South Korea. It suffered a hack on April 22, 2017, where they lost over 3,800 BTC. Yapizon users only learned about the cyberattack 10 days after it hit.
The platform will suffer another hack as it rebranded to YouBit later in the year.
Post-hack: Yapizon turned its home page to a notice that addressed the hack, including its plan to compensate customers for the lost funds.
The exchange posted a detailed statement on its homepage, revealing the company fell victim to a hack. The bad actor took over 3,800 Bitcoins, and no customer data was compromised.
(Image source)
Payback plan: Yapizon, inspired by Bitfinex, will provide “Fei” tokens for its affected customers.
Copying Bitfinex’s payback strategy, Yapizon distributed the 37% total loss of assets across its customers. To assure its customers, the exchange announced its compensation program. Yapizon provided its customers “Fei” tokens equivalent to the amount they lost.
Bithumb (first hack) Undisclosed amount
Bithumb was the fourth largest crypto exchange platform worldwide when it faced its first cyberattack. No one knew about the hack until Bithumb customers realized someone or something had been draining their funds.
After several days of constantly receiving complaints, Bithumb finally admitted that a breach was behind the anomaly. There were no details besides that.
When pressured by the local media, Bithumb released more information regarding the breach. According to the site’s statement, the attacker hacked a Bithumb employee’s computer. From there, they stole the information of 31,800 Bithumb users.
Bithumb did not disclose how much the customers and company lost. Some users report losing up to 10 million Won ($8,700). Others from the media estimate the loss was around billions of Wons, but Bithumb never confirmed any amount.
The South Korean exchange platform will suffer more significant cyberattacks in the following years.
Payback Plan: Bithumb will initially reimburse a maximum of 100,000 Won ($897) per affected user.
In a now-deleted blog post, Bithumb updated its customers that they are looking into the total loss of the breach. While they do, the exchange was pressured to provide compensation.
It plans to reimburse up to 100,000 won ($897) per customer. This offer is only available until midnight of July 5, 2016. Note that the blog post was posted on Monday, July 3, 2016, roughly giving users 2 days to accept this offer.
YouBit 4,000 BTC
Following the exchange’s rebranding from Yapizon to YouBit, the platform suffered another cyberattack. YouBit ended up losing 17% of its assets, which cost the exchange 4,000 BTC.
In a defeated statement, YouBit apologized for the inconvenience this incident had caused and assured users they would receive partial compensation.
Unable to return from significant back-to-back heists, YouBit also declared bankruptcy and informed its customers about the site’s shutdown.
Payback Plan: Due to inadequate funds, YouBit will only partially refund its customers.
Based on the farewell statement that YouBit has published (it’s now deleted along with its domain), customers would only receive 75% of their crypto on the platform. No further explanation was provided.
EtherDelta 308 ETH
An open-source code is usually the culprit for decentralized exchanges or organizations, but the EtherDelta hack differed.
The EtherDelta hacker sent malicious links that looked legit on the site’s unofficial Discord and Slack channels. The link contains a code that would read the user’s wallet private keys and send them to a PHP script for the hacker to harvest. After that, the attacker can transfer funds out of the user’s wallets.
Based on the Ethereum Blockchain’s data, the hacker successfully stole 308 ETH from the exchange. However, neither the authorities nor the EtherDelta team confirm this amount.
Looking back: EtherDelta was founded in 2016 as one of the first and most popular decentralized exchanges (DEX).
Zachary Coburn founded EtherDelta in 2016. It’s a cleverly built exchange that did not require any authority or third-party control. Instead, it lets customers trade through smart contracts.
Post-hack: EtherDelta announced on Twitter that a hack had targeted the platform’s DNS server.
The exchange advised users not to use the site during the hack’s ongoing investigation.
(Image source)
EtherDelta customers who did not import their private keys in the malicious links “should be safe.” Meanwhile, customers who ran the exchange under MetaMask or a hardware wallet should be “completely safe.” Regardless, EtherDelta still suggested all customers move their funds to a new wallet as a security measure.
November 8, 2018 Update: The Securities and Exchange Commission announced pressing charges against EtherDelta founder Zachary Coburn, leading to him selling the exchange.
The Security and Exchange Commission (SEC) delivered a press release about settling charges to EtherDelta founder Zachary Coburn for “operating an unregistered exchange.”
This announcement followed the SEC’s July statement regarding the DAO’s tokens. Similarly, the tokens in EtherDelta are considered securities. Therefore, EtherDelta must be a registered exchange exchange, which Coburn failed to do.
Neither admitting nor denying SEC’s findings, Coburn paid $300,000 in disgorgement, $13,000 in prejudgement interest, and a $75,000 penalty. This enforcement led to Coburn selling the exchange to an unknown party for an undisclosed amount. It eventually shut down in the same year.
September 2019 Update: US authorities indicted two suspects for the EtherDelta hack.
The Northern District of California Attorney’s Office indicted EtherDelta hackers Elliot Gunton and Anthony Tyler Nashatka for the 2017 EtherDelta hack.
According to the findings, Gunton and Nashatka had indeed modified the exchange’s DNS settings by accessing an EtherDelta employee’s phone number, which they used to open the employee’s email address; the rest was history.
February 2023 Update: EtherDelta still holds customer funds amounting to over $42 million.
Coinbase Director, Conor Grogan, revealed in a Twitter post that EtherDelta still holds ETH assets. Although it’s phased out, EtherDelta allegedly holds over $42 million worth of customer funds, over half of which are Ethereum.
NiceHash 4,736 BTC
Near the end of 2017, S lovenia-based platform, NiceHash encountered a cyberattack. At first, customers had no idea why the crypto-mining platform had emptied their wallets. Later on, they were told it was due to ongoing maintenance.
Once information about the hack was out, the NiceHash team did not disclose the amount taken, but a user followed a wallet address that allegedly belonged to the hacker, and it held 4,736.42 BTC.
This hack became the largest theft in the history of Slovenia.
Post-hack: NiceHash addressed the cyberattack on its website and its plan to halt operations for one day.
Users learned about the hack through NiceHash’s now-deleted post. It briefly read:
“Unfortunately, there has been a security breach involving NiceHash website. We are currently investigating the nature of the incident and, as a result, we are stopping all operations for the next 24 hours.”
December 2020 Update: NiceHash completely refunded its affected users three years after the hack.
In a letter released on the site’s blog page, NiceHash CEO Martin Skorjanc revealed the company has been waiving its profits to repay its customers.
“We started to reimburse the damage gradually. We transferred every amount we didn’t need for bare survival to our users’ accounts. In the last three year s, we have regularly waived profits. But we do not regret it, as it heralds the beginning of a new era of growth and development for us. We don’t owe anyone anything anymore. We have fully settled all tax liabilities, and 4,640 bitcoins are again in our users’ accounts.”
Finally, in December 2020, Skorjanc fully reimbursed user wallets affected by the cyberattack.
June 2021 Update: US prosecutors unravel three North Korean hackers were behind the 2017 NiceHash breach.
The NiceHash team was pleased to inform its users that US prosecutors have indicted hackers behind the 2017 incident.
Members of the military intelligence agency of the Democratic People’s Republic of Korea (DPRK) were indicted for several “destructive cyberattacks.” Chang Hyok, Kim Il, and Park Jin Hyok are members of several hacking units, including the famous Lazarus Group. They are behind the theft of $1.3 billion worth of money and cryptocurrency, $75 million of which were from the NiceHash hack.
Total Crypto Hacks Reported in 2018: $0.9 billion
The crypto industry hit a low in 2018. Bitcoin had its worst year ever recorded in 2018, as its price closed 70% lower than the previous year. Major cryptocurrency exchange platforms also endured destructive cyberattacks in 2018. More details about them lie below.
CoinCheck $560 million worth of crypto assets
XEM coins recorded their highest closing value at $1.87 in January 2018. That amount must have enticed attackers so much, leading to the exploit of CoinCheck XEM coins, one of the largest single hacks in history.
On January 26, 2018, CoinCheck lost $560 million worth of assets, most of which were XEM tokens. Reports by the company claimed this incident was due to a shortage of employees and inadequate security measures, which made it easier for the hackers to infiltrate CoinCheck’s system.
Post-hack: CoinCheck reimbursed the loss of 260,000 customers using its capital days after the hack.
After realizing the exchange was hacked, CoinCheck froze its services as soon as possible. CoinCheck also paid 260,000 of the affected customers using Japanese Yen right away.
January 2021 Update: At least 30 people were charged for allegedly stealing from CoinCheck in 2018.
Japan’s Mainichi reported in January 2021 that 30 people allegedly traded $100 million worth of assets stolen from CoinCheck.
These suspects reportedly exchanged the XEM coins for other cryptocurrencies in the darknet. Then, they traded the digital currencies for fiat currencies in various legal exchanges for larger profits.
Bitgrail 17 million NANO (XRB)
Some might think that exchanges as small as Bitgrail are spared from hacks. However, traders flock to smaller platforms and pick up minor coins before they become mainstream.
On February 9, 2018, the site announced that that hackers stole 17 million NANO (formerly RailBlocks). Bitgrail temporarily suspended its operations to investigate and bounce back from the exploit.
February 10, 2018 Update: Nano developers respond to Firano’s controversial request for Bitgrail solvency.
Francesco Firano, founder of Bitgrail, had a $170-million problem after the hack. The whole company was racing to resolve this setback.
On February 10, 2018, the Nano Core team stated Firano’s methods and Bitgrail’s insolvency. About Firano’s plan to regain the lost funds, the Nano Core team revealed:
“Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue.”
The Nano team considered Firano’s methods misleading, leading to the statement:
“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”
(Quotes from Medium)
Nano plummeted by 20% across all exchanges. No further updates regarding the matter were released, except Bitgrail’s latest post on Twitter.
January 21, 2019 Update: The Italian Court ruled Bitgrail and Francesco Firano as bankrupt, urging the latter to return stolen funds to customers.
The Bitgrail Victims Advocacy Group released documents revealing Francesco Firano was behind the $170 million hack in 2018. The former CEO was also allegedly knowledgeable of several missing coins in the platform. He failed to disclose those incidents to the public or solve them.
A part of the document discussing that read:
“In its decision, made public on January 21, 2019, the Court found that the NANO reported lost by Mr. Firano on February 9, 2018, had actually been removed from the exchange months earlier, between July 2017 and December 2017.
The Court criticized Mr. Firano for not immediately taking steps to account for the losses. By waiting to make the shortfall public, Mr. Firano caused the public to suffer substantially larger losses. In July 2017, 2.5 million NANO was valued at approximately $250,000 (1/100th of the value it had in February 2018 when Mr. Firano went public).”
(Quote from document)
In light of these findings, the Italian Court also ordered the seizure of Firano’s personal assets to pay the customers affected by the hack.
CoinSecure 438.318 BTC
Coinsecure is a top Indian crypto exchange platform. It went through a hack while extracting BTG meant for customer distribution, losing 438.318 BTC.
Its team pointed fingers at its CSO, Dr. Amitabh Saxena, who was in charge of the BTG extraction at that time and discovered the so-called hack.
Post-hack: The Coinsecure team speculated that the hack was an inside job.
Coinsecure released a notice on its website announcing that many of its Bitcoin funds were transferred to an unknown address.
The platform claimed its system is rigid and has never been compromised, leading to its accusations of an inside job by Coinsecure CSO Dr. Amitabh Saxena, who had full access to the exchange’s private keys.
The statement read:
Payback Plan: Coinsecure ensured its customers some form of compensation for the loss will be distributed.
The first option that Coinsecure looked into is to track down the lost funds and fully return them to customers. However, that poses a challenge since incidents as such can never be solved overnight.
The other option was to apply lock-in rates immediately, reimbursing 10% of the Coin Holding Balance in BTC, while the remaining 90% will be reimbursed in INR.
Coinrail $40 million worth of crypto assets
Coinrail went offline following a “cyber intrusion” that saw the loss of several coins and tokens. It failed to specify the amount lost, but data shows it suffered $40 million of damage in its assets.
The small crypto exchange based in South Korea informed the public about moving its remaining assets to a cold wallet for safety. However, there were no mentions of how it intends to pay affected customers.
Post-hack: After discovering the hack, Coinrail shut its website down and informed its customers about a “cyber intrusion.”
On Twitter, Coinrail announced it discovered a cyber intrusion in its system that took various coins.
After a few days, CoinRail CEO Nam Kyung-sik issued a public apology in Twitter, including the company’s plans to move forward. However, it doesn’t include any methods to compensate for the loss of affected customers.
(Translation by Google)
Bithumb (second hack) $35 million worth of crypto assets
Bithumb was first hacked in July 2017 and was targeted again by attackers roughly a year later. This time, the hack was more significant as it resulted in a $35 million loss, mostly from stolen XRP coins.
Post-hack: Existing security issues on Bithumb gave way to the hacker’s exploit.
Based on Bithumb’s investigation, security issues manifested days before the attackers charged the exchange. These weak points in Bithumb’s security must have enticed hackers to steal from the platform easily.
When Bithumb’s IT team spotted the breach, they posted a notice of the suspension of select services on the platform.
Bithumb also announced it will be moving some assets to coin wallets for extra security.
Payback Plan: Bithumb confirmed its plans to reimburse affected customers using the company’s reserves.
Affected Bithumb customers will receive compensation from the company’s reserves right away. After learning about that information, experts in the crypto industry praised the company for its transparency and urgency for accountability.
Bancor 24,984 ETH, 229 million NPXS, 3.2 million BNT
Following a decentralized system, Bancor uses a mechanism of smart contracts to function. This quality made customers flock to the platform, but it was also a huge motivator in the hack it faced on July 9, 2018.
According to Bancor, “a wallet used to upgrade some smart contracts was compromised.” The wallet allowed the attacker to drain $12.5 million of Ethereum and $1 million of Pundi X’s NPXS token. The hacker also took $10 million BNT, but Bancor was able to recover it after several day.
Post-hack: Bancor disclosed vital information regarding the hack in full transparency via Twitter.
Zaif $60 million worth of crypto assets
Zaif, a crypto exchange platform based in Japan, had its hot wallets infiltrated by hackers and lost $60 million worth of various crypto coins.
When Zaif announced this incident, only 5,966 BTC were confirmed to have been stolen, while MONA and BTC values remained under investigation. In the end, Zaif estimated the casualty to amount to ¥6.7 billion ($60 million).
Post-hack: Zaif announced to its users that a hack was behind the platform’s temporary shutdown.
In their transparent and detailed announcement, Zaif revealed the hack on its hot wallets started on September 14, 2023, was detected on the 17th and confirmed by the 18th.
The Zaif team took immediate measures by notifying the Financial Services Agency and authorities. As for their plans to bounce back, the comprehensive statement revealed:
“After this case was discovered, we immediately made the following request for support and have already concluded a contract for support. The contents of the support include (1) providing assets equivalent to the assets entrusted by the lost customers, (2) providing technology and personnel to improve security, (3) capital alliances to improve the management foundation, and dispatching management teams.”
(Statement from source; translated by Google)
Total Crypto Hacks Reported in 2019: $1.13 billion
Ten hacks occurred in 2019, and their accumulative damages amount less than the Mt. Gox hack, crypto’s biggest hack ever. Check out one of the longest lists of crypto hacks below.
Cryptopia (First hack) $30 million
Cryptopia was a New Zealand-based crypto exchange that went defunct after a $30 million heist, which was equivalent to 15% of all its customers’ funds.
The platform tried its best to return to its normal operations. However, it could not bounce back from the hack and was subject to liquidation five months after the attack.
Post-hack: Cryptopia announced the security breach via Twitter and has been working with appropriate authorities to investigate the incident.
A day after the site’s unscheduled maintenance, Cryptopia finally revealed it suffered a security breach. The platform was put under supervision, and trading was halted while Cryptopia assessed the damages. 
The New Zealand Police led the investigation on the Cryptopia hack, who commented on the speculations surrounding the hack’s nature.
“We are also aware of speculation in the online community about what might have occurred. It is too early for us to draw any conclusions and Police will keep an open mind on all possibilities while we gather the information we need.”
(Quote from New Zealand Police Media Centre)
May 2019 update: Unable to restart its trading services, Cryptopia was forced to enter liquidation.
While under investigation by the New Zealand Police, Cryptopia’s site was inactive indefinitely. Two months after the hack, Cryptopia launched a read-only website stating that it struggled to return to its full operation.
Cryptopia kept updating its users via Twitter about its website rebuilding progress. However, before Cryptopia returned to full-service mode, it entered liquidation due to its financial inability to bounce back from the hack.
LocalBitcoins 7.9 BTC
LocalBitcoins was a popular peer-to-peer Bitcoin exchange platform. It saw its downfall when hackers exploited its customers, who were redirected to an identical site to LocalBitcoins’s discussion forum login page. Once the customers entered their login details, the hacker intercepted 2FA one-time codes and harvested user information and funds.
The site temporarily disabled access to its discussion forums after learning about unauthorized transactions in six user accounts. The loss from this incident amounted to 7.9 Bitcoins.
Post-hack: The LocalBitcoins team announced a breach that affected six user accounts, losing 7.9 Bitcoins.In a single-used Reddit account, LocalBitcoin stated the hack was discovered on January 26, 2019. The company disabled outgoing transactions right away and investigated the matter. Later on, LocalBitcoin narrowed the source from the website’s discussion forum and disabled user access to it. This quick action stopped the hack, with six affected users and almost eight Bitcoins taken.
DragonEx (First hack) $7 million worth of crypto assets
The Lazarus Group struck again, not sparing DragonEx from a damaging cyberattack. These notorious hackers created a legit-looking fake business and website called WFCWallet, which contained infected software.
When installed, WFCWallet would open a backdoor on an infected Apple Mac. That then gave the hackers the ability to uncover individual private keys of users.
To get into DragonEx, attackers contacted one of its senior executives about the software. After persistently contacting the executive about it, the DragonEx employee downloaded the software onto their Mac. Unfortunately, their compromised computer contained private keys for customer accounts, which the hackers gained access to.
This hack left DragonEx with a $7 million loss in various cryptocurrencies, such as Bitcoin, Litecoin, and Ripple.
Post-hack: DragonEx immediately spotted the anomalies from the hack and implemented a proper response.
Upon discovering the cyberattack, DragonEx took its platform offline, announcing it was due to a sudden system upgrade. After a while, it issued a statement across its social media platforms that revealed the hack.
DragonEx assured its customers that necessary steps would be taken to reimburse losses and improve its system’s security.
In a different Telegram announcement, the DragonEx team released the addresses where the stolen funds were transferred by the hacker.
(Image source)
April 19, 2019 Update: Uppsala Security Operations Team researchers tracked the 20 hacker wallet addresses and found them stored in several crypto exchanges.
The Sentinel Protocol Team revealed the process of tracking the stolen crypto funds in a blog post. The tracking process was led by researchers on the Uppsala Security Operations Team using the Crypto Analysis Transaction Virtualization (CATV) tool.
The procedure was only a case study, but it bore the locations of several of the hacker’s wallets, which are distributed across different crypto exchange platforms.
(Image source)
CoinBene 109 ERC-20 tokens
CoinBene was a top cryptocurrency exchange in its time. The platform began its downhill descent after suddenly closing its site for “maintenance” on March 26, 2019.
Its customers and some experts did not buy that reason. Some onlookers spearheaded their own investigation, like Nick Saponaro, CIO of blockchain startup Diviproject. He posted on Twitter that there were huge outgoing transactions in CoinBene for Ethereum and Etherscan during the alleged maintenance.
CoinBene remained silent regarding these allegations and has not issued any statement. Meanwhile, more experts looked into the platform, which has lost 109 ERC-20 tokens while under maintenance.
March 28, 2019 update: Data scientists from Elementus released details of recent transactions in CoinBene, showing $105 million worth of crypto siphoned out of the platform.
A day after CoinBene’s first maintenance notice, the company assured its users the site was going through the said procedure. However, the findings of data scientists at Elementus prove otherwise.
According to Elementus, there was $105 million worth of cryptocurrency moved out from CoinBene’s hot wallets. This information could be a direct indication that CoinBene suffered a hack. Elementus clarified it was not trying “to refute what CoinBene is claiming.” Nonetheless, Elementus’s observation “is consistent with how exchange hacks commonly play out.”
November 3, 2021 update: CoinBene closed due to “operational requirements of cryptocurrency laws and regulations in various regions.”
Roughly two years after the unverified CoinBene hack, the platform announced its systems closure starting November 31, 2021. According to CoinBene’s official statement, the platform must close “to meet the requirements for cryptocurrency laws and regulations in various regions.”
(Image source)
Bithumb (third hack) 3 million EOS
Bithumb suffered hacks back in 2017 and 2018, and still remained operational. However, attackers were not one with it yet as another unknown group of cyberthieves hit the site on March 29, 2019.
According to Bithumb’s official statement, its team spotted an “abnormal withdrawal” from its system and immediately investigated the situation. The company also stated the hack was an “accident involving insiders,” speculating it was an inside job.
Post-hack: Bithumb assured users that the stolen funds were company property and no customer assets were affected.
Some key information from Bithumb’s statement includes the nature of the hack, which was allegedly an inside job. Meanwhile, Bithumb assured its customers that all stolen crypto was company property.
(Statement source)
Bithumb did not disclose how much crypto was taken by the attackers. Instead, insiders tracked the transactions made by the hacker and deduced around 3 million EOS were siphoned from Bithumb.
Binance 7,000 BTC
Binance is the world’s largest crypto exchange by volume that had over 120,000 customers in 2017.
As a major exchange platform, hackers could steal a significant amount of Bitcoin, specifically 7,000 BTC, worth $40 million during press time. The loss ultimately accounted for 2% of Binance’s Bitcoin holdings.
CEO Changpeng Zhao released a statement detailing the hack experienced by Binance. In the announcement’s release, deposits and withdrawals were temporarily suspended while trading continued. According to Zhao, to infiltrate a large exchange such as Binance, “the hackers used various techniques, including phishing, viruses, and other attacks.
”Payback plan: Binance guaranteed affected customers would receive 100% reimbursement for their losses.
All customer losses will be reimbursed by Binance using the company’s secure asset fund, an emergency budget exactly for this situation. Still, Binance advised its customers that other accounts may show no losses but could still be affected somehow.
Bitrue 9.3 million XRP and 2.5 million ADA
Bitrue’s hot wallets were compromised on June 27, 2019 and 9.3 million XRP and 2.5 million ADA were transferred to different exchanges without authorization.
The company revealed this matter in a series of transparent Twitter posts, assuring its customer base that everything’s under control.
June 28, 2019: A day after the hack, Bitrue’s website was reopened and all stolen assets were returned immediately.After a series of updates regarding the ongoing investigation, Bitrue relaunched its website, and all user funds were returned fully.
Bitpoint 1,225 BTC, 1,985 BCH, 11,169 ETH, and 5,108 LTC
Bitpoint is a Japan-based crypto exchanged that halted its services on July 12, 2019, following the discovery of theft on its hot wallets.
The attackers took various cryptocurrencies, including Bitcoin, Bitcoin Cash, Ethereum, and Litecoin, amounting to $28 million, two-thirds belonging to Bitpoint customers, while the remaining were Bitpoint assets.
July 16, 2019 update: Bitpoint released a formal notice and apology to address the hack.
After a few days of investigation, Bitpoint issued a notice and statement disclosing crucial information regarding the cyberheist.
Bitpoint revealed a new estimate of stolen funds amounting to $28 million, which was $4 million lower than the rough calculation.
Payback Plan: Bitpoint promised to return lost assets to over 50,000 affected customers.
As reported in the Japanese newspaper, Asahi Shimbun, Bitpoint will reimburse the 50,000 customers who lost their cryptos from the hack. The company assured victims would receive a 1:1 crypto payment.
No further details on how to claim this refund or when it will begin were mentioned in the report.
Vindax $500,000 worth of crypto
Vindax is a small-scale crypto exchange based in Vietnam. Its primary focus is selling obscure tokens via the Launchpad platform. While Vindax conducted a token sale of Myfie, cyber thieves took $500,000 worth of at least 23 cryptocurrencies from the exchange’s hot wallets.
The Vindax team roughly disclosed any details regarding the hack. The only assurance customers got was a brief statement by a Vindax admin saying, “We have made a full recovery from this attack.” Other crucial information revolving around the incident remains a mystery until today.
Upbit 342,000 ETH
Upbit was the last cryptocurrency to be targeted by hackers in 2019, who took 342,000 ETH. During press time, that cost approximately $50 million, but now it totals over $710 million.
Post-hack: Upbit’s hot wallets in the exchange were compromised and prompted “abnormal transactions.”
The exchange was shut down as soon as the Upbit team discovered the hack. A few hours after that, Upbit disclosed the site suffered a hack that compromised its hot wallets. The hack was identified as an “abnormal transaction” and withdrew 342,000 ETH in minutes.
Upbit guaranteed this loss did not come from user assets. At the same time, it advised customers that the site would be suspended for two weeks to recuperate and investigate the matter.
Total Crypto Hacks Reported in 2020: $0.33 billion
Cyber attacks have become inevitable and expensive—a data breach alone could cost $4.35 million to fix. Seeing that reality, exchanges beefed up their security structure and measures. However, hackers revolved as well and came up with more sophisticated attacks. With that, 2020 saw nine exchange heists and four data breaches and leaks.
AltsBit $70,000
AltsBit was a small Italy-based crypto exchange platform. On February 5, 2020, a hack left AltsBit penniless, as the attackers took $70,000 worth of Bitcoin and Ether coins. It closed on May 8, 2020, due to its inability to bounce back from a cyberattack.
Payback Plan: AltsBit refunded its customers using crypto stored in the company’s cold storage.
The company had crypto funds stored in cold storage, which they would use to repay the affected customers. AltsBit announced that refunds will begin as soon as February 10, 2020.
The company will distribute the last round of refunds on May 8, 2020, from which AltsBit will be completely terminated.
dForce (Lendf.me and Uniswap) $24.99 million
The dForce is a protocol by the Chinese decentralized finance (DeFi). The lending platform, Lendf.me, and the decentralized crypto exchange platform, Uniswap, are under the dForce network protocol. They suffered a hack that lost 99.96% of their funds; that’s $24.99 million out of $25 million.
The hack called a reentrancy attack, allegedly stemmed from a vulnerability in the ERC-777 token standard.
April 21, 2020 update: The dForce hacker returned all the funds he stole from the protocol.
Three days after draining almost the entirety of funds of the dForce protocol, the hacker returned all $24.99 million to dForce.
An analyst on Twitter followed the hacker’s methods and what they did to the stolen funds after the exploit. The last Tweet on the thread showed a screenshot proving the hacker had returned all the assets back to Lendf.me:
Balancer $500,000
The Balancer hack is one of the most controversial cyberheists ever. Balancer is another decentralized finance (DeFi) protocol for Ethereum. It was exploited for $500,000 in one transaction due to an overlooked vulnerability in its smart contracts.
Post-hack: Balancer CTO, Mike McDonald, took responsibility for the bug that made the hack possible.
Upon disclosing the hack in public, Balancer received flack from a security researcher and its STA team for overlooking the bug that caused it. According to McDonald himself, he knew about the bug report that would allow certain hacks to manifest. However, it remained overlooked until it was too late. All that McDonald could do afterward was take responsibility and apologize for taking less time to review the report and letting the hack manifest.
Cashaa 336 BTC
Cashaa is an innovative crypto exchange platform that allows the buying and selling of crypto in fiat currencies. It’s based in the UK and operates Bitcoin OTC and other cryptocurrency exchange platforms in India.
According to Cashaa founder and CEO Kumar Gaurav, one of the OTC Transaction managers in East Delhi, India, had a machine malfunction. The employee requested to operate using his personal computer, which made it easier for the hacker to infiltrate Cashaa.
Using various techniques like phishing and viruses, the hacker gained control of the employee’s active sessions. Ultimately, the attacker transferred 336 Bitcoins and spread them to multiple wallets.
Post-hack: Kumar Gaurav discussed the OTC Bitcoin hack in detail and gained the support of the crypto community for his transparency.
The founder and CEO of Cashaa addressed the hack in detail on its official site. After finding the hack’s source, Gaurav and the company immediately investigated the incident. Gaurav even revealed the address of the transaction:
“The Bitcoins were transferred to 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek (Bitcoin Blockchain Address) from where it is spreading into multiple wallets.”
(Quote from source)
This move by Gaurav provided transparency and allowed insiders to probe into the matter. Moreover, Gaurav assured its users there would be no interruptions to Cashaa’s services.
Eterbase $5.3 million
Eterbase was put in “maintenance mode” after its team discovered a security breach. Hackers accessed six Eterbase wallets where they stole various cryptocurrencies amounting to $5.3 million.
Post-hack: Eterbase divulged the transaction details from the hack through a Telegram message.
On the 8th of July, 2020, Eterbase disclosed that its hot wallets were compromised by sending the details of the transactions on its Telegram channel.
Some crypto insiders tracked these addresses and came up with the total value stolen from Eterbase:
(Images source)
Eterbase also tweeted that some of the coins stolen were moved to popular crypto exchanges like Binance and asked for assistance from the said platforms.
KuCoin $280 million worth of crypto assets
KuCoin detected unauthorized large withdrawals on September 26, 2020. This anomaly was a hack on KuCoin’s hot wallets, leading to the loss of several crypto coins worth over $280 million.
As KuCoin CEO Johnny Lyu revealed, the hackers got their hands on private keys to KuCoin’s hot wallets. Upon discovering the hack, the KuCoin team suspended all deposits and withdrawals to minimize the attack’s damage. After that, Lyu guaranteed the public that funds left in the hot wallets were transferred to cold storage for optimal security.
Post-hack: The KuCoin CEO and his team discussed the hack in detail through several announcements.
KuCoin’s first announcement was released several hours after the team detected the hack. Only a few pieces of information were known by then, so Kucoin focused on assuring its customers that all affected user funds from this hack were insured.
Moreover, the company guaranteed that customers would receive updates as soon as they were available.
“To ensure the security of users’ assets, we will conduct a thorough security review. The deposit and withdrawal service will be suspended during the period. We will restore the service gradually after ensuring a safe state. We will keep you updated.
As “The People’s Exchange”, we will take full responsibility and maintain transparency. To keep you updated regarding the latest updates, our CEO Johnny Lyu will update more details through a livestream at 12:30 (UTC+8), September 26, 2020.”
(Statement from source)
In a live stream, the KuCoin CEO himself divulged more details regarding the hack, including all the crypto coins taken by the hackers.
KuCoin further assured its customer base that the company was in touch with certain authorities. The platform was also going through updates on its system to minimize the reoccurrence of this exploit.
Harvest Finance $24 million
An arbitrage on the DeFi platform Harvest Finance allowed the attacker to steal $24 million in crypto assets. An arbitrage is an attack that happens when somebody buys an asset and immediately sells it for a higher price to another exchange. Ultimately, the attacker gains profit without the risk of losing their money.
For Harvest Finance’s situation, the “arbitrageur” carried out the hack by placing a smart contract, which let them gather a $50 million USDC and $18 million USDT flash loan. Then, when the value of USDC increased, and its cost per share decreased, they deposited back the assets they gathered. Ultimately, the attacker gathered a $24 million profit from the scheme.
Post-hack: Harvest Finance explained the arbitrage hack it suffered and disclosed the platform’s plans to move forward.
A controversial Tweet was posted by Harvest Finance, disclosing its team had an idea of who the attacker was. 
A day after the attack, the Harvest Finance team posted a detailed post-mortem of the arbitrage, which included a summary of what occurred and the platform’s plans to improve the smart contracts.
In this post, Harvest Finance also announced the platform is putting a $100,000 bounty on whomever finds the hacker. This announcement was followed by the revelation of the hacker’s information and transaction addresses.
“If the return is done in the next 36 hours, the bounty will be 400k. Please do not doxx the attacker in the process. We strongly advise to focus all efforts on ensuring that user funds are successfully returned to the deployer.”
(Statement from source)
EXMO (First hack) $4 million
Large crypto withdrawals were spotted by EXMO on December 21, 2020, which turned out to be a heist from its hot wallets. The hacker took various cryptocurrencies like Bitcoin, XRP, Tether, ZCash, Ether, and Ether Classic. This hack left EXMO with 6% less assets.
Post-hack: EXMO constantly updated the public about the heist’s loss estimate and details on the hacker.
The platform’s initial statement calculated a 5% loss in its assets. Six affected servers hosted different cryptocurrencies, which EXMO revealed were transferred to the following address:
(Image source)
In a follow-up published on December 23, 2020, EXMO updated its estimate to 6%. Bitcoin was the most stolen crypto coin as the hacker took 306.99 BTC.
Livecoin Undisclosed amount
During this hack, Livecoin lost almost all control of the exchange. Not only did the hacker drain out funds, but they also gained access to Livecoin’s servers, nodes, back ends, and even social media accounts.
Before the attacker cashed out various assets from Livecoin, they first changed the currencies’ values. Bitcoin’s exchange rate became $450,000, Ethereum to $15,000, and XRP to $17. This method lets the hackers take out the crypto at inflated exchange rates.
January 16, 2020 update: Livecoin announced its decision to shut down operations after the damaging hack.
The hacker created serious financial and technical setbacks to Livecoin, pushing the exchange to an inevitable closure.
Speculations surrounded Livecoin’s announcement of shutdown as some users quickly labeled it an exit scam. However, Livecoin assured its customers that the company would pay stolen funds. It instructed users to reach out via a specific email and send their account information.
“After this date (March 17, 2021) no new requests will be accepted.”
No further information was provided regarding the exact date when Livecoin will reimburse its customers.
Total Crypto Hacks Reported in 2021: $2.3 billion
2021 was the year that Bitcoin, still the leading cryptocurrency, reached an all-time high. More people worldwide were also beginning to invest in crypto as 2021 saw 91.6% more first-time crypto buyers, a 20% increase from the previous year.
As for crypto hacks, exploits on DeFi platforms acco unted for 76% of all the hacks in 2021, but hackers were still getting better at exploiting exchanges.
Cream Finance (first hack) $37.5 million worth of crypto assets
The first crypto hack of the year made the record as Cream Finance experienced the largest flash loan attack in a DeFi protocol.
A flash loan is when an attacker borrows assets without collateral, and the loaned assets get returned within the same transaction. Using this method, the Cream Finance hacker took $37.5 million worth of crypto from the protocol.
The platform would experience multiple exploits in its DeFi system within the year.
Cryptopia (second hack) $45,000 worth of crypto assets
After suffering a damaging hack in 2019, Cryptopia went to liquidation. However, its state did not stop hackers from exploiting the platform.
Cryptopia creditor, Stakenet, had a cold wallet in the exchange. It was left unscathed in the first hack, but on February 1, 2021, an unauthorized transfer of XSN was recorded. The wallet contained $1.97 million worth of crypto assets, from which the hacker took XSN worth $45,000.
June 2023 update: Crytopia liquidation is ongoing, but liquidators say they are close to returning all user funds.
More than four years have passed since the liquidation process of Cryptopia began. Based on the June 12, 2023, report by Grant Thornton, the liquidation process is still in stage three of the procedure.
Furthermore, the liquidators have engaged with 93,700 claimants from the initial hack in 2019, yet more customers are waiting to be accounted for their asset loss.
PolyNetwork $610 million worth of crypto assets
PolyNetwork is another decentralized crypto platform that was targeted by hackers in 2021. It was only a small DeFi platform, but the attack against it was recorded as the industry’s biggest hack ever.
The PolyNetwork hack recorded a loss of over $600 million worth of crypto tokens, a slightly more significant amount than the CoinCheck and Mt. Gox hacks during their occurrence.
August 10, 2021 update: PolyNetwork urged the hacker to return the stolen funds via a Twitter post.
At first, PolyNetwork addressed the attackers via a Twitter post and asked them to return the funds. The PolyNetwork hackers did not run off with the gold in an interesting turn of events. Instead, they started to return the funds they stole.
On August 12, 2021, the hackers returned all the funds, except the $33 million worth of USDT that are frozen. Moreover, the hacker did return most of the assets, but there’s a catch to it. Over $200 million of the funds were trapped in a password-protected account. PolyNetwork and the hacker had the passwords, and both must work together to open it. However, when asked for the code, the hacker said he would only share it once “everyone is ready.”
August 17, 2021 update: PolyNetwork urged the hacker to return everything in exchange for becoming the company’s chief security advisor.
It is not everyday that a victimized exchange would offer its hacker a high position in its company. That’s the route PolyNetwork took to take back the remaining funds stolen from the platform.
In exchange for the password of the protected $200 million asset, PolyNetwork is willing to give the hacker the chief security advisor position in the company.
The company promised the hacker, who went by the name “Mr. White Hat,” $500,000 to restore user funds.
Liquid 107 BTC, 9 million TRX, 11 million XRP, 355,724 ETH, and ERC-20 tokens
Liquid faced a data breach in the previous year that compromised thousands of user information. On August 19, 2021, over $80 million of crypto assets were drained from the exchange. The stolen funds comprised several cryptocurrencies, particularly Bitcoin, Tron, Ether, and ERC-20 tokens.
Post-hack: Liquid confirmed the cyberattack via Twitter and exposed the hacker’s transaction addresses.
Liquid announced defeatedly that the platform had experienced a hack on its hot wallets. To assure its users, the company guaranteed the exchange’s remaining funds were being transferred to cold storage. Services were also temporarily suspended to make way for the investigation.
More importantly, Liquid revealed the hacker’s transaction addresses. This move is a part of being transparent and asking the crypto community for help to track down the hacker.
Cream Finance (second hack) 418 million AMP tokens and 1,308.09 ETH
Hackers targeted Cream Finance once again. This time, they used a reentrancy attack in its flash loan feature, draining over 418 million AMP tokens and 1,308.09 Ethereum.
Post-hack: Cream Finance announced the $29 million exploit via Twitter and addressed the trade stoppage on AMP.
A Twitter post by CreamFinance revealed the hack, such as the amount stolen and the type of cyberattack. The platform also suspended all supply and borrowing on AMP.
Cream Finance received assistance from PeckShield and Tal Be’ery during the investigation. The platform learned that the attacker used a reentrancy hack through its ERC777 token contract.
Payback Plan: Cream Finance plans to repay the stolen assets by allocating 20% of all its protocol fees.
The post-mortem of Cream Finance tackled the hack in detail, from what happened during the attack, how it manifested, and the aftermath.
The company also discussed its plan to repay the stolen funds by allotting 20% of its protocol fees as repayment. This plan will carry on until all the debt is fully compensated.
Moreover, Cream Finance put a bounty on the stolen funds. To honor its 10% bug bounty, the company promised that if the hacker returned all stolen funds, they could keep 10% of the assets.
Meanwhile, anyone who could identify or provide more information regarding the hacker would receive 50% of all the funds returned for their efforts.
Compound Finance $147 million worth of crypto assets
According to Robert Leshner’s Twitter post, a smart contract “written by a community member, with review from multiple other community members” was behind the Compound Finance hack. The said contract was flawed with a bug, which the hacker exploited to access $147 million worth of crypto assets.
Cream Finance (third hack) $130 million worth of crypto assets
For the third time in the same year, Cream Finance succumbed to a heist.
Blockchain security firms, PeckShield and SlowMist, detected the hack first, and was later confirmed by Cream Finance. Like the first two, the hacker targeted the platform’s lending system and ran a flash loan.
The hacker stole a total of $130 million in crypto assets, the biggest heist among all the exploits experienced by the company.
Post-hack: Hours after the hack, Cream Finance fixed the bug used in the hack with the assistance of Yearn.
Some six hours after the incident, Yearn, a cryptocurrency platform, assisted Cream in fixing the bug exploited in the hack.
As for the hacker’s whereabouts, Cream has tracked down the transaction addresses of the stolen funds. However, there was no way to get any of them back as the funds were moved to new accounts.
BadgerDAO $120 million worth of crypto assets
Dozens of user wallets in the DeFi protocol platform, BudgerDAO, were compromised on November 29, 2021. The hacker capitalized on BadgerDAO’s smart contract permissions and siphoned $120 million from various user wallets.
Post-hack: Badger users reported unauthorized withdrawals from their accounts, which the platform recognized via a Twitter post.
The hacker drained funds from various user accounts.. Badger acknowledged reports of missing funds by announcing the temporary stoppage of withdrawals.
Further investigation entailed and BadgerDAO received assistance from PeckShield. The latter estimated the losses by looking into the transaction addresses of the stolen funds.
BitMart $196 million
PeckShield, a blockchain security firm, initially spotted the BitMart hacking incident through huge outbound transfers. Various tokens were sent out of BitMart’s BSC and ETH hot wallets, amounting to $196 million.
BitMart’s investigation revealed the hacker exploited private keys to compromise the hot wallets.
Post-hack: BitMart disclosed the platform had suffered an attack with an initial loss estimate of $100 million.
In an official statement, BitMart revealed a security breach that infiltrated its ETH and BSC hot wallets. The hack was still under investigation at the time of the first announcement. PeckShield looked into the incident and estimated a $100 million loss..
After an hour, BitMart CEO Sheldon Xia provided another estimate after further investigation. This time, the loss was looking to be over $150 million.
AscendEx $78 million worth of crypto assets
AscedEx, formerly known as BitMax, suffered a breach on one of its hot wallets on December 11, 2021. The hacker prompted the unauthorized transfer of $78 million worth of crypto tokens.
Post-hack: AscendEx and PeckShield worked together during the hack’s investigation and estimated a $78 million loss.
Based on AscendEx’s joint investigation with PeckShield, the hacker took $78 million worth of of funds across three blockchains: Ethereum, Binance, and Polygon.
Several hours after its initial announcement, AscendEx disclosed its four-fold approach to resolve the effects of the hack. The plan includes user compensation, further investigation, project improvement and mitigation, and restoration of services.
Vulcan Forged $140 million worth of crypto assets
A $140 million worth of transaction was massive for a small platform as Vulcan Forged. When the company looked into this anomaly, Vulcan Forged realized someone had exploited its servers.
Post-hack: In a video posted on Twitter, CEO Jamie Thomson discussed the details of the hack, revealing how the attacker stole $140 million.
According to Jamie Thomson, Vulcan Forged CEO, the hacker got through the servers using Venly credentials.
Total Crypto Hacks Reported in 2022: $2.98 billion
Cyberthieves unleashed a new kind of savagery in 2022. All crypto hacks from this year cost over $5 million in losses. The highest amount stolen stood at $620 million, the biggest single loss in all of crypto hacks history at the time of the incident.
LCX $6.8 million worth of crypto assets
Various cryptocurrencies such as ETH, USDC, and EURe were siphoned from LCX’s hot wallets in January 9, 2022. PeckShield first identified the hack, flagging the hacker transactions as suspicious, which was then confirmed by LCX.
Crypto.com 4,836.26 ETH, 443.93 BTC, and others worth $66,200
Two-factor authentication (2FA) is a type of multi-factor authentication (MFA) meant to increase security using multiple factors. The Crypto.com hack, however, raised some questions about 2FA’s ability to amp up security.
A hacker bypassed Crypto.com’s 2FA requirement to carry out a $34 million heist. The details of how the attacker managed to trigger unauthorized user withdrawals remain a mystery or undisclosed by Crypto.com.
Post-hack: Crypto.com issued a security report three days after the hacking incident
According to the company’s report, 483 Crypto.com users experienced unauthorized withdrawals on their accounts. Upon learning about this incident, it suspended all withdrawals for affected tokens.
The amount taken from the unauthorized withdrawals totaled to 4,836.26 ETH, 443.93 BTC, and around $66,200 in other cryptocurrencies.
After further investigation, Crypto.com learned the hacker got through by initiating withdrawal without 2FA. Crypto.com took various steps to correct this flaw, revamping its 2FA structure. Then, it revoked all customer 2FA tokens and asked them to re-login and set up their 2FA.
Qubit Finance 206,809 BNB
Qubit Finance is a unique decentralized finance (DeFi) protocol that offers lending and borrowing services, but the hackers had their eyes on another quality: Qubit’s Ethereum-BSC bridge.
The Ethereum-BSC bridge allowed customers to deposit ERC-20 tokens and receive BEP-20 tokens, which they are free to use in the Binance Smart Chain.
The Qubit Finance hacker illegally minted 206,809 BNB from the bridge, which they converted to wETH and BTC-B.
Post-hack: Qubit Finance initially announced via Twitter that the protocol had been exploited for unlimited qXETH.
Qubit Finance released a straightforward announcement via Twitter. It disclosed the incident by revealing the hacker’s transaction addresses.
At first, Qubit Finance disclosed “the hacker minted an unlimited amount of qXETH.” Further investigation was carried out and Qubit released its new findings in a post-mortem.
“At 9:34PM UTC on January 27th, 2022, an attacker began their exploit of Qubit Finance’s Ethereum-BSC bridge. This exploit ended up netting them 77,162 qXETH ($185 million), which they then used to borrow and convert 15,688 wETH ($37.6 million), 767 BTC-B ($28.5 million), approximately $9.5 million in various stablecoins, and ~$5 million in CAKE, BUNNY, and MDX.”
(Statement from source)
The assets stolen amounted to roughly $80 million during the time of the hack. Seeing that was a significant loss, the platform released a statement via Twitter to ask the hacker to return the stolen assets.
Wormhole 120,000 wETH
Wormhole is another DeFi protocol that enables a token bridge exchange, a quality exploited by a hacker. The Wormhole thief took advantage of the Solana’s side of the bridge and ended up in possession of 120,000 wETH.
Post-hack: In a Twitter post, Wormhole announced the amount lost from the exploit and its plan to handle the incident.
According to Wormhole, wETH must be baked 1:1. To achieve that and start its recovery, the platform added ETH over the next few hours post-hack.
Vitalik Buterin, Ethereum’s co-founder, provided his insights on cross-chain applications in crypto following the Qubit and Wormhole hacks.
Ethereum’s very own Vitalik Buterin put up his views on the security limits of bridges via Reddit. He said that he is pessimistic about cross-chain applications.
Axie Infinity 173,600 ETH and 25.5M USDC tokens
Axie Infinity is a play-to-earn game that peaked in 2021 with 2.8 million daily active users. A year after Axie’s rise to the top, the single largest crypto hack destroyed the platform’s growth.
A hacker exploited Axie Infinity’s Ronin bridge and siphoned 173,600 Ethereum and 25.5M USDC tokens. During press time, the stolen amount totaled at over $620 million, recording the biggest crypto hack ever.
According to investigations, the hackers utilized an unlikely method to create a fake LinkedIn job offer. The fraudulent offer was presented as a high-paying position from another firm, which does not exist. An employee fell for this deceitful offer and accessed the link, and thus, the phishing hack began.
Post-hack: Ronin Network, Axie Infinity’s network bridge, announced the hack via Twitter and halted its Ronin bridge and Katana Dex.
In a Twitter thread, Ronin Network announced that Axie Infinity has suffered a cyber attack. As a result, the game’s Ronin bridge and Katana Dex were temporarily closed.
The developer assured its user base that the incident is under investigation and funds will be reimbursed to those affected.
April 15, 2022 Update: North Korean hackers Lazarus Group are allegedly behind the Axie Infinity hack, US Government says.
US authorities involved in the Axie Infinity hack investigation linked the North Korean Group Lazarus to the heist.
The Treasury Department’s Office of Foreign Assets Control (OFAC) tied Lazarus’s Ethereum wallet to the Ronin hack (Axie Infinity hack). The wallet held only 148,000 ETH, which means the missing 14% has been laundered by the group already.
September 2022 update: With the help of Chainalysis, US authorities seized $30 million of stolen funds from the Lazarus group.
The Lazarus group usually utilizes Tornado Cash to mix Ether and launder their stolen fund. However, the US authorities have imposed sanctions on Tornado Cash, making it invaluable to the bad actors.
With the assistance of Chainalysis, US authorities recovered $30 million of the stolen Axie Infinity funds. This is the first time the authorities seized stolen funds from the North Korean hacker group.
In light of that, the Lazarus Group has been struggling to move the stolen assets. The funds remained in the Axie Infinity blockchain, which they can’t convert or transfer.
Beanstalk Farms $182 million worth of crypto assets
DeFi platforms are a hotspot for hackers this year. The latest victim is Beanstalk Farms which lost $182 million in funds due to a flash loan that took 13 seconds to complete.
Post-hack: It was PeckShield that spotted the hack first, which was later confirmed by Beanstalk.
Popular blockchain security firm, PeckShield, first spotted the anomaly on Beanstalk’s Ethereum transactions.
Beanstalk briefly confirmed the hack via a Twitter post and assured users that investigation was underway.
Fei Protocol and Rari Capital $80 million worth of crypto assets
Fei Protocol and Rari Capital are DeFi platforms that merged back in December 2021. A reentrancy vulnerability on Rari’s Fuse lending protocol was exploited by a hacker and also affected the Fei Protocol, stealing a total of $80 million worth of crypto.
Post-hack: Rari temporarily paused borrowing in the platforms after acknowledging the hack.
Smart contract analysis firm, BlockSec, exposed the Fei and Rari hacker’s methods. It also came up with the initial estimate of $80 million crypto stolen.
Fei Protocol reached out to the hacker in a Twitter post, stating that if they return all the stolen funds, they could keep the $10 million as a bounty.
At the same time, Jack Longarzo of Rari announced the team looked to spend its backstop.
Mirror Protocol $92 million worth of crypto assets
The first Mirror Protocol hack took place in October 2021, but the heists went on for a year until FatMan, a crypto researcher, revealed the Mirror Protocol’s vulnerability via Twitter, on May 28, 2022.
Three days after FatMan’s initial disclosure of the recurrent and undetected hacks, he spotted another cyberattack on the protocol. Because of his observation, it’s the first time a Mirror Protocol hack was spotted in its early occurrence. Despite his announcement, no developers could look into the situation and provide a solution.
Ultimately, the bad actor stole over $92 million worth of cryptocurrency in seven months of work.
Maiar DEX 1.658 million EGLD
Maiar is a decentralized exchange that utilizes pools of liquidity and algorithms. It went offline after Elrond Network CEO Beniamin Mincu announced via Twitter that suspicious activities were detected in the Maiar DEX.
Several hours after careful investigation, the team found that the hacker exploited a bug on the Maiar DEX. The attacker managed to siphon 1.658 million native Elrond tokens called EGLD.
Post-hack: xFoudres, a crypto researcher, worked on the investigation and found out the hacker targeted three wallets from the DEX.
The hack’s investigation was an “all hands on deck” situation, as told by Beniamin Mincu. One of the researchers, xFoudres, worked on identifying the attacker’s method and the final amount stolen.
xFoudres discussed the whereabouts of the stolen funds, starting from where they were taken. The thief exploited three Maiar DEX wallets, taking around 820,000, 800,000, and 38,000 EGLD.
The total amount loss comes to 1.658 million EGLD.
Harmony $97 million worth of ETH
Another cross-chain bridge suffered a breach. The Harmony Network’s Horizon bridge was hacked and the platform was left $97 million poorer in terms of Ethereum and other crypto tokens.
After a thorough investigation by the FBI, they have confirmed that North Korean groups were behind the exploit, specifically the Lazarus Group and APT38.
Post-hack: The stolen fund’s transaction address was revealed by the Harmony Team in part of a Twitter thread
The Harmony Team immediately went to Twitter and announced the hack’s discovery and loss estimate. Its initial response was to report to the authorities and “ identify the culprit and retrieve the stolen funds.” Moreover, Harmony asked for assistance from other crypto exchange platforms to avoid further damage.
Nomad Bridge $190 million worth of funds
Crypto bridge hacks were prevalent this year due to their vulnerable nature, and the Nomad Token Bridge was not spared from the bad luck. The Nomad Bridge was under an update, exposing a weak spot in its smart contract, which the hacker took advantage of on August 1, 2022. They drained $190 million worth of tokens in this hack.
Post-hack: Nomad Bridge addressed the hackers to return the stolen funds to a particular Ethereum wallet address as part of the network’s recovery process.
With the help of various blockchain firms, Nomad set up a recovery address for the hackers to return the stolen funds.
Binance Smart Chain 2 million BNB
Binance is the biggest crypto exchange platform in the industry. It’s also one of the safest and most secure platforms worldwide. However, that claim was challenged as hackers hit Binance on October 7, 2022.
The bad actors spotted a flaw in Binance’s IAVL Merkle proof verification system and stole 2 million BNB tokens.
Post-hack: The BNB Chain Ecosystem discussed its plans and thanked its user base for the support.
Binane BNB Chain released an initial update via a blog post on its website. The BNB Chain Team provided minor details of the hack and its ideas to move forward.
“What happens next? There will be on-chain governance votes to determine the following four actions for the common good of BNB:
What to do with the hacked funds, freeze or not to freeze?
Whether to use BNB Auto-Burn to cover the remaining hacked funds, or not?
A Whitehat program for future bugs found, $1M for each significant bug found.
A Bounty for catching hackers, up to 10% of the recovered funds.”
Mango Markets $116.7 million worth of crypto assets
Hackers have been targeting DeFi exchange networks. Mango Markets became the latest DeFi hack victim on October 12, 2022, and the last for this year.
Mango Markets is a DeFi exchange that runs mainly in the Solana blockchain. The bad actor manipulated Mango’s native token value as collateral, then siphoned a huge loan of $116.7 million.
Post-hack: Joshua Lim, Genesis Trading’s Head of Derivatives, tweeted how the hacker used two accounts to attack Mango Markets.
One of the incident’s onlookers, Joshua Lim of Genesis Trading, shared his investigation that revealed the hacker’s methods.
Based on his analysis, the attacker used two accounts. Then, they deposited 5 million USDC, and bought 438 million Mango tokens (MNGO), leading to a 1,000% increase in MNGO. The spike in MNGO price provided the hacker with a higher collateral value, ultimately liquidating $116.7 million from the platform.
October 15, 2022 Update: Avraham “Avi” Eisenberg identified himself as one of the bad actors on the Mango Markets heist, justifying that all his actions were “legal.”
Several days after the hack, Avraham “Avi” Eisenberg came forward and publicized his involvement in the Mango Markets hack. He said his actions were within legal bounds as he was “using the protocol as designed.”
Mango Markets, on the other hand, struggled to overcome Eisenberg’s hack. The platform’s insurance couldn’t cover all liquidations. As a result, some users couldn’t access their funds. Ironically, Eisenberg looked into resolving the Mango Market’s insolvency by proposing an ultimatum.
The settlement had Eisenberg return $67 million of the stolen funds to Mango, which the latter promised to distribute to affected user funds.
December 27, 2022 Update: Eisenberg was arrested in Puerto Rico in light of the US authorities’ second filing of a complaint of ‘market-manipulation offenses.’
Deribit $28 million worth of crypto assets
Deribit’s hot wallets were compromised by hackers who took $28 million worth of crypto on November 1, 2022. Based on Deribit’s post-hack analysis, the cause of the hack remained undisclosed.
The exchange was able to bounce back from the hack as all the losses were covered by the company reserves.
FTX $477 million worth of crypto assets
FTX went through a series of unfortunate events on November 11, 2022. That day, news broke that FTX had filed bankruptcy, and its CEO Sam Bankman-Fried was arrested for embezzlement of customer funds.
As if the chaos was not enough, hackers infiltrated FTX’s hot wallets. At first, they took 9,500 ETH and targeted other FTX cryptoassets. In the end, they stole a total of $477 million.
Post-hack: Hacken, an onlooker investigating the incident, revealed that FTX moved the untouched funds to safer cold storage after the hack.
Recent transactions from FTX were posted by Hacken, revealing tokens were being transferred from its hot wallets, which were then converted to ETH.
October 2023 Update: Movements of the FTX stolen funds suggest bad actors are operating from Russia.
The thief had already started their complex money-laundering process when they switched the tokens for ETH. They also used cross-chain bridges to move their crypto assets to another blockchain, turning them into Bitcoin, which is easier to process into “mixing” services.
Moving the funds to mix services made it challenging for researchers in Elliptic who were tracing the transactions. However, they still found that $4 million of the assets were transferred and cashed out to certain exchanges linked to Russian hacker groups.
“Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”
(Statement from source)
Total Crypto Hacks Reported in 2023: $0.31 billion
Crypto hacks drew early damage to the industry in 2023’s first quarter alone. According to BSAFE on Twitter, “95.7% of all crypto losses were due to hacks,” while the remaining losses were due to frauds and scams.
The damage continued until Q3 of 2023, which saw back-to-back hacks, especially from the notorious North Korean Hacker group Lazarus.
DragonEx (Second hack) Undisclosed amount
Four years after suffering a $7 million hack, DragonEx has succumbed to another cyberattack.
Hackers stole private keys on DragonEx, took an undisclosed amount from the platform’s wallets, and transferred the assets to several other exchanges, such as Huobi, Gate.io, and Bittrex. DragonEx asked for these exchange’s assistance in freezing the stolen funds.
GDAC 60.8 BTC, 350.5 ETH, 220,000 USDT, and 10 million WEMIX
On April 9, 2023, South Korea-based crypto exchange GDAC was targeted by hackers who took $13 million worth of various crypto coins, particularly 60.8 BTC, 350.5 ETH, 220,000 USDT, and 10 million WEMIX.
Post-hack: GDAC released an apologetic statement to address the emergency shutdown of the platform, which was due to the hack.
In a notice released via GDAC’s website, the platform apologized to its user base for any inconvenience the temporary shutdown may have caused. GDAC disclosed that the platform suffered a hack that occurred in its hot wallets, which took 23% of GDAC’s total assets in its storage.
Atomic Wallet $100 million worth of crypto assets
The Atomic Wallet heist is the Lazarus Group’s first major hack in 2023. The hackers targeted at least 5,500 user wallets in the platform and siphoned a staggering $100 million worth of crypto assets.
Post-hack: Atomic Wallet recorded 0.1% damage on all Atomic Wallet app users who have been affected.
Affected customers flooded Atomic Wallet with reports of funds that suddenly disappeared from their wallets. The exchange stopped operations right away and looked into the situation.
Two weeks passed and some customers were concerned due to a lack of update. On June 20, Atomic Wallet finally provided a post-mortem of the hack.
“In light of the reports from our users on the 3rd of June, we immediately changed access to all our servers and switched our internal processes to ‘under attack mode’. In addition, we are working on a security app update to reduce the chances of potential future attacks. We strongly encourage all our users to keep their wallet apps updated to the latest versions.”
(Statement from source)
According to Atomic Wallet, the cyber heist affected 0.1% of its user base. The platform guaranteed its customers that its security infrastructure has been improved and investigation is underway.
August 2023 Update: Fifty Atomic Wallet customers who collectively lost $12 million from the hack filed a lawsuit against the exchange.
A group of high-profile clients of Atomic Wallet launched a class action against the exchange over their collective loss of $12 million from the June 2023 hack. This group of clients consists mainly of 50 high-net-worth Russian investors.
German lawyer Max Gutbrod and Boris Feldman are the coordinators of the lawsuit. Gutbrod provided a brief statement about the lawsuit, which read:
“We are working on recovering the assets for our clients and we will be filing a class action against Atomic Wallet […] They didn’t give our clients any information about the hack or go to the police to report it.”
(Statement from source)
Alphapo $60 million worth of crypto assets.
Alphapo offers crypto payment processing services for platforms like gambling sites, e-commerce subscription services, and other businesses.
As a lucrative target for hackers, the platform was hacked on July 22, 2023, and lost $60 million worth of cryptocurrencies during press time. Based on the investigation of several onlookers and the authorities, the notorious Lazarus Group may be behind the hack as they left “a very distinct fingerprint on-chain.”
This hack is still undergoing investigation.
CoinsPaid $37.3 million worth of crypto assets
CoinsPaid is another crypto payment processing service. The platform suffered a hack that led to a loss worth $37 million.
What’s interesting is that CoinsPaid was hacked the same day as Alphapo, and both of them suspect the Lazarus Group to be the perpetrator of the attack.
In its press release, CoinsPaid stated that the Lazarus Group must have expected the attack to be more successful. Still, the company’s “dedicated team of experts” fortified the platform’s systems, which minimized the hack’s impacts. Ultimately, the Lazarus Group left with a “record-low reward.”
Wrap-Up
Centralized crypto exchanges have been the biggest targets of hackers since crypto’s emergence. However, the latest heists involve DeFi protocols, as its dependence on smart contracts creates various vulnerabilities that hackers exploit.
In this list of crypto hacks, it’s clear that no exchange, network, or individual is safe from cyberheists. Any platform, big or small, new or long-standing, is not spared from such damaging incidents.
As the world of crypto evolves, so does the security involving it. However, hackers are talented enough to develop their own strategies around advanced security measures. That said, it is certain the crypto industry has more hacks to see, and this list will go on.
