As the popularity of cryptocurrencies continues to soar, so does the number of hackers targeting exchanges. In 2017, crypto exchanges reported losing approximately $266 million as a result of security breaches and heists. However, the first half of 2018 alone has reported that triple this amount has been stolen from crypto exchanges already.
At the beginning of July 2018, blockchain security firm CipherTrace reported that $731 million has been stolen from crypto exchanges this year alone.
“With each passing crypto hack, there’s more at stake. These heists aren’t just becoming more common. They’re becoming significantly more valuable.”
In this article, we’ll take a look at some of the most prolific crypto heists in history.
The Coincheck heist
Koichiro Wada, president of Coincheck Inc., bows during a news conference in Tokyo, Japan, on Thursday, March 8, 2018. Photographer: Kiyoshi Ota/Bloomberg via Getty Images
In January 2018, hackers found a loophole in the Coincheck exchange that allowed them to steal over 500 million NEM. This was worth around $530 million at the time. While only the NEM was breached and other funds remained secure, NEM Foundation has stressed that the hack was nothing to do with the security of the XEM cryptocurrency.
They have insisted that the blame is entirely on Coincheck, saying that it was a result of its ‘relaxed security measures’. Because such a significant percentage of XEM was compromised, many people immediately assumed that NEM would carry out a hard fork in order to recover the funds. However, this did not occur. Coincheck now has the reputation of being the victim of the biggest crypto exchange hack in history.
The Mt. Gox Hack
Bitcoin trader Kolin Burges from Britain holds up a placard to protest against Tokyo-based bitcoin changer MtGox in front of the company’s office in Tokyo on February 26, 2014. YOSHIKAZU TSUNO/AFP/Getty Images
Up until the recent Coincheck hack, the Mt. Gox Hack was the biggest crypto heist in history. It still remains the biggest Bitcoin heist to have ever occurred.
Mt. Gox was a crypto exchange based in Tokyo, Japan. Between 2013 and 2014, it handled over 70% of all worldwide Bitcoin transactions. Unfortunately, by February 2014, the exchange had declared bankruptcy.
The hacker stole approximately 850,000 Bitcoins – worth around $450 million at the time. What’s more, this was approximately 6% of all Bitcoin in existence at the time. Therefore, at the time of the theft, this was a significant percentage of the total crypto market cap. In that sense, this was even bigger than the Coincheck hack. 200,000 of the stolen Bitcoins were eventually recovered. However, approximately 650,000 remain lost forever.
The DAO attack that led to the creation of Ethereum Classic (ETC)
Founder of Ethereum Vitalik Buterin during TechCrunch Disrupt London 2015. Photo by John Phillips/Getty Images for TechCrunch.
A ‘DAO’ is a Decentralized Autonomous Organization that aims to eliminate the requirement for third-parties in governing and to ultimately create a structure that has decentralized control. It does this by turning the rules and decision-making apparatus of an organization into code.
‘The DAO’ was the name of a particular DAO. It was launched on the 30th April 2016 and had a 28-day funding window. It was extremely popular – so much so that by the end of its funding period, it was the largest crowdfunded organization in history.
Throughout the crowdsale, several people expressed concerns about The DAO’s security and suggested that it could be vulnerable to attack. Despite this, it went on to raise over $150 million from 11,000 members – far more than its creators had ever imagined.
On June 12th, 2016, Stephen Tual, one of the creators of The DAO, announced that a “recursive call” bug had been found in the code. However, at the end of his post, stressed that “this is NOT an issue that is putting any DAO funds at risk today.” Unfortunately, Tual turned out to be very wrong. By the time the team had identified the bug and begun to fix it, a hacker was already exploiting it and draining The DAO of the ether it had collected from its token sales.
By the 18th of June, less than a week after the announcement had been made, the hacker had already managed to drain over 3.6 million ether (worth approximately $70 million) into a “child DAO”. This alone led the price of Ether to fall drastically from $20 to $13.
As a result of this catastrophe, an Ethereum hard-fork was proposed, with 89% of Ether holders voting in favor of it. This led to the creation of Ethereum Classic (ETC) – a new cryptocurrency which shares the data on the Ethereum blockchain up until block 1920000.
The Bitfinex exchange heist
Bitfinex is currently ranked as the second largest crypto exchange in terms of daily trading volumes. However, in August 2016, the exchange suffered a hacking heist that resulted in the loss of over 120,000 Bitcoins, worth around $66 million. Within hours of the attack, the value of Bitcoin had dropped from over $600 to $540. Moreover, the users never received compensation for their lost Bitcoins. Instead, the exchange paid users in BFX tokens for their losses and promised to buy these tokens back at a later date.
The platform experienced another cyber attack in June 2018. However, this attack only affected trading operations. Thankfully, no user accounts were compromised.
The BitFloor exchange heist
Despite being relatively unknown, the BitFloor heist remains one of the biggest Bitcoin heists in history. It resulted in the loss of over 24,000 Bitcoins. At the time it was considered relatively small. However, in today’s terms, the hack would be worth a surplus of $141 million.
Back in 2012, BitFloor was one of the largest competitors of Mt. Gox. However, it had to shut down abruptly when hackers gained access to the private keys of users. This was made possible because the hackers were able to gain access to the users’ private keys, which were stored in an extremely insecure manner in an unencrypted state, online, for backups.
Luckily, the exchange was able to refund users for their losses. However, it was ultimately forced to shut down.