- Libra Professes Independence from Facebook with Own 5-Member Committee
- Thailand's Police Suspects Actor Involved in Kidnapping and $740K Bitcoin Ransom
- US SEC Cautions Investors from Investing in Initial Exchange Offerings
- Attendees of North Korea's Crypto Conference Might Violate Sanctions
- Financial Technology on the Rise: Visa Buys Fintech Firm Plaid for $5.3 Billion
While cryptocurrency is generally considered to be well secured, there have been multiple incidents with crypto exchanges, whereby individuals or groups have hacked into crypto exchanges, stealing millions in cryptocurrency.
While this has raised a few key concerns among investors about the safety of investing or trading on these trading platforms, it has also resulted in better security and an understanding into the basic vulnerabilities of crypto exchanges.
However, even with the most secure systems, hacks keep occurring at an increasing rate. Recent studies from Kaspersky revealed that the second quarter of 2018 saw crypto hacks worth $2.3 million. This was done through crypto phishing into initial coin offerings whilst Ethereum was the preferred target.
There have been a number of large scale hacks, ever since crypto exchanges started. This resulted in a lot of digital currency exchanges having to completely shut down. Studying these events would be important for investors, as well as those interested in the crypto sphere, serving as a warning as well as case studies.
Let us take a look at the most prominent hacks ever in the crypto world, starting from 2019.
Crypto Exchange Hacks in 2019
Coinbase, June 20th
Coinbase successfully detected and blocked what would have been a hack on June 20th. The hackers are believed to have exploited a Firefox zero-day bug, targeting employees by spear phishing.
Coinbase’s Chief Security Officer, Philip Martin, tweeted details as to how the attempt was thwarted. He said – “[We] pulled apart the malware and infra used in the attack and are working with various [organizations] to continue burning down attacker infrastructure and digging into the attacker involved.” He iterated that the hack only targeted employees, and nothing points to customers being at risk.
Ripple, June 7th
Ripple lost close to $10 million from Ledger wallet, managed by service provider GateHub. $5.5 million were immediately laundered through cryptocurrency exchanges and mixer services. Almost 100 Ripple Ledger wallets were compromised.
Binance, May 7th
Binance announced a large scale breach on the 7th of May, after discovering that user API keys had been accessed by malicious actors. They were also able to access two-factor authentication codes, and other information pertaining to users.
The crypto exchange’s CEO, Changpeng Zhao, reported the loss, and the digital asset exchange estimates that the perpetrators were able to withdraw approximately $41 million in 7,000 Bitcoins. This security breach had an effect on 2% of the exchange’s total tradings in BTC.
“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
Binance is the world’s largest crypto exchange by volume, making this a big deal for the crypto community.
Bithumb, March 29th
South Korea’s largest crypto exchange Bithumb was subject to a hack. This resulted in more than 3 million EOS, and 20 million XRP being stolen. The user funds were under cold storage, and all of the stolen tokens belonged to Bithumb.
The incident was speculated to involve insiders. The blockchain security company PeckShield reported that the stolen EOS was rapidly moved to a number of other digital currency exchanges. A major portion was also sent to EXMO.
Crypto Exchange Hacks in 2018
2018 was filled with large scale hacks and a number of suspected scams, causing huge losses to traders. The year saw more than $500 million lost in a single hack, arguably the largest hack of the year.
Swiss crypto exchange Trade.io lost $8 million worth of TIO tokens, stolen from the company’s cold wallet. These tokens were stored in the local bank’s deposit safe and it was found that the safe was not compromised. This implies that the hackers gained access to the wallet details, and made transfers, which points to an insider’s involvement in the hack.
Japanese crypto exchange Zaif came under attack in September, resulting in a loss of $60 million in crypto assets. The tokens stolen involved Monacoin, Bitcoin Cash and Bitcoin. The digital asset exchange’s owner, Tech Bureau Corp, assured traders that all losses would be covered. They even agreed to exchange major stakes with Fisco Ltd for financial support in order to resolve the problems.
A small crypto exchange based in Italy, BitGrail was a great place to trade Nano (XRB). However, hackers got away with 17 million of these crypto tokens in February, which was at the time worth around $170 million.
The year started with a bang, with around 500 million NEM (XEM) digital coins being stolen from the Tokyo based cryptocurrency exchange Coincheck. The digital coins were worth approximately $532.6 million, which beat the Mt. Gox hack as well. The damage was estimated to be around $450 million at the time.
This led to Coincheck being acquired by Monex, and it took approximately ten months for Coincheck to resume trading at a regular rate. This was the largest crypto hack of 2018, ahead of Bitgrail, and Zaif.
Going Further Back to Other Crypto Exchange Hacks
While these are just a few hacks conducted in the past two years, crypto exchanges have been subject to hacks and scams ever since their inception. These hacks have caused losses in millions each time they occur. They are also the prime reason people are hesitant about crypto trading.
The main difficulty is in identifying where the crypto tokens are moved to after the hack. It is almost impossible to track who and where the hack took place, making it even harder to recover the losses.
The first major hack can be traced to Mt. Gox in June 2011. The largest Bitcoin exchange at the time, carrying out 70% of the world’s trading volume, was hacked. Reportedly, the hacker took control of a computer that belonged to an auditor, and sold a large number of Bitcoins to himself. He acquired around 2,000 Bitcoins, and additional 650 tokens were purchased at artificially deflated prices. None of these tokens were ever recovered.
Bad luck struck Mt. Gox again, in February 2014. With a bug in the Bitcoin code resulting in an overall freeze, the users continued getting agitated. February 24th marked the end of all trading on Mt. Gox, and the company was reported insolvent. This entire incident resulted in the price of BTC to decrease by 36%.
Another example of an earlier prominent hack is BTER, a cryptocurrency exchange in China, being hacked in February of 2015. With their cold wallet system hacked, almost 7,170 Bitcoins were compromised, valued at $1.75 million at the time.
This was the second hack, and it was later revealed that BTER’s definition of a cold wallet was faulty. Since it lost a lot of trust within the crypto community, it was quite natural that BTER would gradually shut down.
While the tokens stolen in the previous hack was NXT, BTC was stolen in the subsequent attack.
Conclusion about Crypto Exchange Hacks
While the total market cap of all cryptocurrencies could be worth more than US$ 1 trillion, it is also true that a significant number of crypto tokens are unaccounted for. Digital assets and their security has been a topic that has attracted a lot of attraction, especially with the increasing number of attacks on crypto exchanges.
The lack of regulation, and no checks or balances being enforced have often been held responsible for the perpetrators getting away with the crime. This calls for more stringent measures, both by the regulatory bodies, as well as crypto exchanges, to ensure a more protected system.
Types of hacks and scams are usually of the following types:
- Theft refers to an external party gaining access to the services by the cryptocurrency exchange, and redirects regular services. This might be done in order to exchange funds, or simply cause damages.
- Identity theft refers to an intruder taking user data, and gaining access via this stolen information.
- An exit scam is when an internal party, or an impersonator, access funds and redirects or launders tokens or money, putting users at a loss.
- Extortion refers to an external organization or person who forces the victims to redirect funds.
While cryptocurrencies are secure when it comes to wallet to wallet interactions, there is no guarantee when it comes to wallets interacting with people.
A lot of these situations can be avoided by more cooperative efforts. The first step would be to educate retail crypto customers about the associated risks, and the steps they can take to secure their digital assets.
While the technology behind cryptocurrency is advancing, so is the technology used by hackers. It is highly advisable for all concerned parties to be vigilant.