Another day, another cryptocurrency exchange hack.
Recently the crypto world has been shaken by the Binance hack, that vanished approximately US$40 million worth of bitcoin through patient methods to avoid detection.
It’s just the latest in a slew of hacks that have wracked the crypto-spheres tracing back to the prolific Mt Gox hack in 2014. Last year alone, an estimated US$867.45 million in losses were recorded from crypto thefts, as reported by CoinGecko in their 2018 report.
Losses are frustrating to all stakeholders, because they result in extensive damage control measures, including lawsuits, investigations, and loss recovery measures.
More crucial is what happens in the aftermath: questions like how are these losses are being dealt with, who is in control, and what are the measures we can take to protect ourselves from there.
Since we can only manage the risk we’re aware of, we reckon it could be time for a look back on some of the most memorable hacks that have occurred so far, specifically those amounting to millions in losses.
2019
May – Binance (US$40 mil)
Most recently, Binance fell victim to a hack which vanished US$40 million worth of cryptocurrency. The hacker apparently patiently executed timely actions through multiple seemingly independent accounts, which is why it wasn’t caught by Binance’s security checks. The withdrawal of the stolen funds triggered Binance’s alarms, but unfortunately they were not able to stop it before it was executed.
At the time of the hack, Binance was the top cryptocurrency exchange in volume, though the high-profile hack has naturally diminished its numbers.
March – Bithumb (US$19 Mil)
An accident involving company insiders cost Bithumb, a Korean cryptocurrency exchange, hacks worth over US$13 million worth of EOS and US$6 million worth of Ripple to unknown thieves.
Still in March, Bithumb, a Korean-based giant, faced a severe loss of over US$13 million worth of EOS and US$6 million worth of Ripple (XRP) to unknown thieves (hackers). Few days after the loss, the exchange revealed that this came as an “accident involving company insiders.”
March – DragonEx (US$45 Mil)
Singapore-based DragonEx lost ERC20 estimated to be worth US$45 million. DragonEx via Telegram reported that part of the crypto taken has been transferred to unnamed major regulated digital exchanges, and hopes that the strict KYC rules would allow the team to garner help in recouping the stolen funds. If any measures were taken, it has not yet been publicly disclosed.
January – Cryptopia (US18 mil)
The New Zealand based platform fell victim to up to US$18 million in lost ECR20 tokens, and was slightly unusual as the theft was conducted in a number of small operations using a number of wallets. Usually, thieves will take the money and try to launder it in one shot, which made the hack notable. However, the small transactions were probably cheap and helped the hacker escape detection.
2018
June – Bithumb (US$31 mil)
South Korean cryptocurrency exchange Bithumb suffered a loss of US$31 worth of cryptocurrencies when its hot wallet was hacked in June. Despite managing to reimburse customers from its own reserves, it has since dropped from being the sixth largest cryptocurrency exchange in the world (based on trade volumes) though it is still in the top 50. It has been able to recover about 45% of the stolen cryptocurrency value, or US$14 million worth since then.
June – Coinrail (US$40 mil)
South Korean cryptocurrency exchange Coinrail lost US$40 million in tokens after the exchange said it had suffered a ‘cyber intrusion’ which caused a variety of cryptocurrency to be stolen. Trading was suspended shortly after, with the exchange then putting 70% of its reserves into a cold wallet for safekeeping.
February – BitGrail (US$195 Mil)
The BitGrail hack is interesting, but mostly because some players suspect the exchange of an exit scam. The exchange claims to have lost roughly 7 million Nano tokens, then worth roughly $195 million. The price of Nano dropped by 20% on the news.
However, BitGrail had been making some suspicious moves, where in January, it stopped withdrawals and deposits of Nano. Then, they announced that they would enforce identity verification and AML protocols, despite not dealing with government cryptocurrencies or banks.
The ball dropped when BitGrail asked Nano’s developers to “fork” their records to restore the funds that were stolen from the exchange, which raised eyebrows. Nano’s team refused to budge. Most recently, Nano was slapped with a class-action suit as investors seek a court-mandated “rescue fork” from plummeting prices that began with the BitGrail hack, and BitGrail was sentenced to return funds to customers.
January – Coincheck (US$534 mil)
Tokyo-based Coincheck reported that US$534 mil worth of NEM had been stolen from its hot wallet in January. The platform announced a reimbursement plan in March after facing class action suits and intense probing by Japan’s Financial Services Agency. At the time, Coincheck said it lacked staff experienced in conducting internal checks, and performing management and security risk assessments. Coincheck kickstarted withdrawals again in May last year, and the business is slowly getting back on its feet.
2017
December – NiceHash (US$64 mil)
In December, Slovenian mining site NiceHash reported that a security breach on its payments system had resulted in US$64 million worth of Bitcoin being stolen. It has since switched CEOs, and reported to have reimbursed 60% of the missing funds.
November – Tether (US$30 mil)
Tether, based in Hong Kong is a stablecoin pinned to the US$, and stated that thieves stole approximately US$30 million worth of tokens in November. The funds were removed from one of the company’s core “treasury wallets” and sent to an unauthorised Bitcoin address on 19 November.
(Started in) July – Parity (US$32.6 mil)
In July, around US$ 32.6 mil worth of ether tokens was stolen from the platforms of Swarm City, Edgeless Casino, and Aeternity. A flaw had been identified in Parity’s multi-signature code for its digital wallet, where users had been storing their funds.
July – Veritaseum (US$8.4 mil)
Hackers stole US$8.4 million in tokens by circumventing the defenses of an ICO set by Ethereum based P2P platform, Veritaseum. The thieves stole 37,000 tokens called VERI, which they quickly exchanged them for Ether, and vanished.
2016
August – Bitfinex (US$72 mil)
US$72 mil worth of bitcoin were stolen from Hong Kong-based Bitfinex’s platform in August. The Bitcoin were taken from individual customer wallets, but Bitfinex chose to generalise losses across all assets. This meant that all customers would sustain a loss of about 36% of their total assets stored over the platform. The company could hence compensate all customers equally. Compensation took the form of BFX tokens, which customers could exchange for shares in iFinex, the Bitfinex’s parent company. The exchange announced that all such tokens had since been redeemed, signalling that all customer losses had been reimbursed.
June – DAO (US$70 mil)
When The Dao ICO happened in May, the only requirement for being an investor was to invest Ether into the system, and they were given DAO tokens. DAO tokens gave voting rights to be used during the selection of projects that would be funded.The DAO raised 12.7 million Ether, which was equal to more than US$150 million back then and became the biggest crowdfunding project until its time. However, on 16 June 2016, the DAO got hacked.
A hacker found a loophole in the coding that allowed him to drain funds from The DAO. In the first few hours of the attack, 3.6 million ETH were stolen, the equivalent of US$70 million at the time.
2014
Mt Gox (US$460 mil)
Mt Gox was one of the largest cryptocurrency exchanges in existence before it was hacked. The Japan-based cyptocurrency exchange initially lost 2,000 Bitcoin when it suffered a hack in 2011. Yet the exchange discovered in 2014 that it had in fact been the victim of ongoing hacking and that in total, around 850,000 Bitcoin were missing. The exchange subsequently suspended trading and filed for bankruptcy. To date, a couple of arrests have been conducted but investigations seem to be inconclusive. Although 200,000 Bitcoin were eventually recovered, they have remained frozen so long as the exchange was under bankruptcy protection. Since June, that protection has now been lifted and the remainder of Mt Gox’s assets redistributed to creditors.
Featured images credit: Pixabay.