Any cryptocurrency exchange hack adversely affects the rate of cryptocurrency, which makes the price to restore only after a few months. Hackers carry out attacks not only to steal money. Many hacks are performed for the sake of pumping or dumping the cryptocurrency exchange rate, some are insider’s job, and some are simple exit scams. After all, inexperienced market players (who are now the majority) begin to withdraw tokens to fiat when hearing bad news quickly. The likelihood of such well-designed tactical attacks will only grow with the development of the market and fierce competition on it. Coins and tokens can disappear even from the largest and seemingly protected exchanges. However, ? does the problem always lie on a hacker ROKKEX decided to create a timeline of cryptocurrency exchange frauds, and biggest crypto exchange hacks to find out whether only the hackers are to blame. Spoiler: Sometimes, the owners or employees are guilty as well. 2011 June Mt.Gox What: 2643 BTC Amount: Mt.Gox opens the list of cryptocurrency hacks. , a hacker managed to . Through phishing, he or she took possession of the administrative account, stole hot wallet private keys from wallet.dat file., changed the BTC price to 1 cent, obtained accounts of Mt.Gox users, created the sell orders, and bought 2643 BTC at the artificially created price for customers’ money. In the distant 2011 hijack auditor account with administrative rights July Bitomat What: 17,000 BTC Amount: A cryptocurrency exchange based in Poland was the 3rd largest exchange platform at that time. One day, due to , they lost keys to all BTC wallets, resulting in loss of 17k BTC. the accidental wallet destruction during the server reboot In a few words, Bitomat was using Amazon Web Services Elastic Cloud Computing to host virtual machines; the AWS warning goes that if an instance is taken offline all the data stored can be lost permanently. It appeared that Bitomat happened to be in an EC2 virtual machine, so it’s possible that they had little chance of recovering the old funds from the wallet. storing backups and current state of their wallet October Bitcoin7 What: 11,000 BTC Amount: On October 6, Bitcoin7 posted a message on their website that informed the users that cryptocurrency exchange. The hackers and gained full access to the main BTC depository and 2 of the 3 backup wallets. Russian and Eastern European hackers attacked breached Bitcoin7 servers Today, Bitcoin7 domain offers a scammy service of multiplying the amount of BTC. Maybe, it’s still possessed by hackers? Mt.Gox What: 2609 BTC Amount: The bad luck of Mt.Gox was gaining traction on October 2011. The exchange lost other 2609 BTC due to a programming error. To put it simply, Mt Gox accidentally created transactions that can never be redeemed. To understand the issue more deeply, . go here 2012 March Linode What: : 3000 BTC from Slush and 43000 BTC from Bitcoinica Amount On March 1, web hosting provider Linode was hacked, resulting in a theft of and . There have been two major BTC heists before, one 25,000 BTC theft in June and a 17,000 BTC theft from the BTC exchange Bitomat in August, resulting in the exchange being bailed out and acquired by MtGox. 3000 BTC from Slush 43000 BTC from Bitcoinica At that moment, security has become a major concern of the BTC community. Although people wanted to carry out their economic activity in cryptocurrency, the question of whether their money was safe disturbed them. May Bitcoinica What: 18,457 BTC Amount: The 43,000 BTC Linode theft was not enough, and was stolen from Bitcoinica’s reserves. The CEO Zhou Tong was barely able to prevent the loss of . The site was immediately shut down for security reasons. another 18,457 BTC 30,000 more Vitalik Buterin, being a writer and co-founder of : Bitcoin Magazine at that time, wrote “Unfortunately, given the financial stress that Bitcoinica was already in after the Linode theft two months ago, even this smaller loss turned out to be the straw that broke the camel’s back.” July : BTC-e What : 4,500 BTC Amount Here comes the first proven story when and peculate money that doesn’t belong to them. Alexander Vinnik, the operator of BTC-e, was arrested mainly for . He was one of the staff members who performed DDoS attacks, stole API creds, initiated Liberty Reserve deposits, and injected large amounts of USD into the system which were quickly sold for BTC. exchange operators are becoming greedy money laundering but also computer hacking BTC-e.com was considered a golden standard of reliability and had a chance to change the reputation of Russia being the money-laundering country. September BitFloor What: 24,000 BTC Amount: BitFloor had been operating since 2011 when on September 4, 2012, the operator of BitFloor reported a . The site was shut down, and access to customer funds denied as the exchange’s reserves were insufficient to accommodate all funds deposited. security breach that resulted in 24K BTC being stolen 2013 May : Vircurex What : 1,454 BTC Amount In 2014, the exchange announced it was almost bankrupt after . Part of the loss came from .” losing significant amounts of its reserve funds “two purported hacks the exchange experienced in mid-2013 As a result, the Vircurex froze withdrawals of BTC, LTC, FTC, and TRC. At the time, the company declared it would begin paying users back using the profits. The exchange refunded small amounts of cryptocurrencies to a few of its customers, but most of the funds owed remained with the exchange. October : Silk Road (marketplace) What : ~1,606 BTC Amount It won’t be a list of cryptocurrency fraud if we don’t mention Silk Road and Mr.Ulbricht criminal activity. Silk Road, located in the Tor network, can be called an alternative eBay or Amazon but for selling illegal goods, such as heroin, weapons, pornography, etc. All payment transactions were made in BTC, and the Silk Road was a middleman connecting the users and taking a commission for their illegal trades. For two years of the marketplace existence, the total volume of transactions amounted to 9.5 mln BTC. In 2015, the founder of the company Ulim Ross Ulbricht was sentenced to life imprisonment for many crimes including hacker attacks and collusion in money laundering. Soon the FBI got interested in Silk Road . The story doesn’t finish there, as secret service agent, who had been conducting the case, eventually . stole the dirty BTC himself November BitCash What: 484 BTC Amount: On November 11, Czech-based cryptocurrency exchange emptying 4,000 users’ wallets. experienced hacker attack The website servers were hacked to conduct a phishing attack with . The emails claim BitCash resorted to their US recovery company to get back the BTC that have been stolen. Recipients were asked to send 2 BTC to a wallet address for their BTC to be returned. However, the BTC address listed in the email text hadn’t been used online and had no transactions. fraudulent emails on behalf of BitCash to fool users 2014 March : Mt.Gox What : 850,000 BTC Amount In 2013 MtGox was one of the most popular cryptocurrency exchanges (47% of transactions in BTC were made through this platform). In total it lost 850,000 BTC, which is currently a record amount. As you might remember from the above, our list of began exactly with Mt.Gox which The hacker(s)/insider(s) gained access to a large number of BTC, began to control the input and output of funds, as well as deposits. During 2 years (2012–2013), a hacker was emptying wallets, but the Mt. Gox systems was , crediting some users with up to about 40,000 extra BTC. cryptocurrency exchange hacks private keys were stolen. interpreting the spending as deposits Today, 5 years later, Mt.Gox is still the biggest hack ever happened (and we hope it’ll remain like this). : Poloniex What : 12.3% of all BTCs (97 BTC) Amount Poloniex, a US-based cryptocurrency exchange, was hacked in the summer of 2014. The hackers managed to . exploit an incorrect withdrawal code of Poloniex The company did not report the exact number of BTC stolen, but you can check a detailed explanation of the hack on the . Moreover, Poloniex might have been hacked a few other times as some unofficial source like , , and has claimed. Bitcointalk forum this this this July : Cryptsy What : 13,000 BTC and 300,000 LTC Amount In July 2014, the attacker under the nickname — a cryptocurrency exchange. A hacker got access to BTC and LTC keys. As a result, a criminal(s) got 13,000 BTC and 300,000 LTC. Lucky7Coin inserted the Trojan code into the code of Cryptsy Interestingly, exchange administrators were familiar with the fraudster. The attacker sent an awkward letter two months before the hack introducing oneself as Jack and reporting that the previous owner of the nickname died. The owner of the company, Paul Vernon, was accused of destroying evidence of illegal activities and stealing 11,000 BTC. Cryptsy clients believe that the currency could be laundered through another exchange — Coinbase. December : Mintpal What : 3,894 BTC Amount MintPal was considered one of the best trading platforms until the time when management changed in the fall of 2014. The company was sold to Executive Director of Moopay, Ryan Kennedy, known under the pseudonym Alex Green. . It is noteworthy that several months later, after the withdrawal of funds, Kennedy was for rape and the sentence did not contain a clause about stealing $1.5 million in BTC. During the internal work, he stole 3,894 BTC and bankrupted the exchange sentenced to 11 years in prison 2015 January : Bitstamp What : 19,000 BTC Amount The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Supervisory Authority in Finance ( ), in January 2015. Hackers sent . One of the Bitstamp’s employees neglected security rule №1 — do not open files from strangers, and . As a result, 19,000 BTC was stolen, or about $5,100,000 at the day of the theft. CSSF was hacked a malicious file to the internal mail of employees followed the link on the device that has access to the BTC wallet of the exchange : LocalBitcoins What : ~17 BTC Amount 17 BTC is seemingly not a large sum compared to the compromised exchanges above; nevertheless, it’s one more argument in favor of paying attention (and allocating money) to cybersecurity. Nikolaus Kangas, : the vice-president of Local Bitcoins, explained “The attacker used that , which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.” LiveChat access to spread some kind of Windows executable Three users lost funds during the hack. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Again, 2FA is a reliable security measure that should be in place on every cryptocurrency exchange platform. : 796 What : 1,000 BTC Amount What seemed like a mistake, appeared to be a well-calculated and precise attack. At the end of January, . According to the explanation, . the server of Chinese cryptocurrency exchange, 796, was compromised a hacker gained access to a sub-module and tampered customers’ withdrawal addresses with one’s own February : Bter What : 7,000 BTC Amount Another attack that is related to employees mistake occurred in China. A small cryptocurrency exchange Bter was . . In February 2015, 7000 BTC was stolen from a cold wallet. After that, all the activities of the company were suspended, and only a couple of years later the Bter management resumed withdrawing funds from their assets. hacked several times Employees of the exchange organized the largest heist : KipCoin What : 3,000 BTC Amount Being the owner of an exchange platform, will you admit the breach immediately or halter the news until the investigation gives you more details? The owners of KipCoin . chose the second option Remember Linode? In 2015 it became clear that it was hacked again in June 2014 causing a breach of KipCoin server. The hackers changed Linode account password excluding the owners from accessing it; this entailed as well, as the hacker(s) gained control of the entire platform. KipCoin Linode root password to be changed For a month, the administration of the exchange tried to regain control, and they succeeded (surprisingly, nothing malevolent had happened during this month). That didn’t mean that hackers went away, they lurked. In October 2014, . hackers gained access to funds as the exchange didn’t change their BTC private keys KipCoin decided to not disclose this information immediately in light of BitStamp losing many coins and has taken all the necessary steps to file an official complaint with the police. 2016 March : Cointrader What : Unknown Amount A hack or an exit scam? That’s the question users often ask when an exchange unexpectedly shuts down. On March 28, Cointrader joined the graveyard of allegedly hacked cryptocurrency exchanges having sent their users : the following message Dear Cointrader Customer, A recent internal audit revealed a deficiency of Bitcoin in our wallets causing a delay in withdrawals. This issue is currently under investigation and it is our intention to have the balance of your account settled as soon as possible. We sincerely apologize for this unfortunate inconvenience and will keep you posted on the progress of this issue. In the meantime, we have halted deposits, withdrawals and trading activity until this matter has been resolved. Sincerely, Cointrader.net Support The shut down was followed with a low daily trading volume of only 81.43 BTC over the next 6 months. The number of affected users has never been reported. April : ShapeShift What : 469 BTC + 5,800 ETH + 1,900 LTC Amount ShapeShift story is an excellent example of . On March 14, an employee stole from the company 315 BTC. When the theft was uncovered, he got fired. However, the losses didn’t stop on that: on April 7 additional 97 BTC, 3,600 ETH, and 1,900 LTC disappeared. The site was taken offline, and incident response measures were in place, and then additional 57 BTC and 2,200 ETH were taken! an insider job or a disloyal employee The report stated: “Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.” May GateCoin What: : 4,320 BTC (250 BTC and 185,000 ETH) Amount Gatecoin was one of the first regulated cryptocurrency exchange platforms to spring up. It offered purchases of ETH-based tokens to vote on and fund development proposals during crowdsale for The Dao, and in the aftermath of the hack, it promised to a portal for withdrawing DAO-related tokens and fiat currencies. The exchange was well-known and prominent at that time, so there is no wonder that it . build attracted the attention of malefactors Gatecoin stated: “We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to . This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.” alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period August : Bitfinex What : 120,000 BTC Amount The Hong Kong company claimed to be the most reliable and secure cryptocurrency exchange, where wallets with multiple identifiers are selected for each client. It turned out to be just a matter of marketing. In August 2016, . . cybercriminals kidnapped 120,000 BTC The main leak of funds occurred through the BitGo processing service with which Bitfinex cooperated 2017 June : QuadrigaCX What : 67,000 ETH Amount Some errors don’t bring harm to the users of a cryptocurrency exchange but to the owners. Due to programmers error, a Canadian-based exchange platform . In the official statement, QuadrigaCX explained that the mistake happened after a Geth upgrade. Talking in technical terms: lost 67k of ETH “The programmer called a function in the splitter smart contract with a corrupted transaction data payload, which was the result of failing to prefix a certain value with 0x (which is necessary to indicate a string is hex-encoded).” December : Nicehash (a marketplace for mining hashing power.) What : 4,000 BTC Amount Nicehash wasn’t an exchange but a cryptocurrency hash power broker with integrated marketplace; nevertheless, the story also belongs to the list of cryptocurrency thefts. People rented their computing power to those who wanted to mine cryptocurrency without investments in hardware. It turned out that . people were paying to mine coins which went directly to hackers’ pockets The Slovenia-based company : gave further comment “Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency.” In August, the company announced . paying back 60% of stolen coins 2018 January : Coincheck What : 523,000,000 NEM Amount Another , the leading Japanese crypto trading platform. Hackers outside the country . As a result, 523 mln NEM coins were stolen for $533 million at the time of the theft. major hack occurred at CoinCheck infected the internal network of the exchange with a virus that was transmitted through email, and it allowed them to steal private keys The incident occurred due to the neglect of the storage of this cryptocurrency, as the exchange did not use smart contracts with multi-signatures, and all coins were stored on the same wallet. February : BitGrail What : 17,000,000 NANO Amount from the Italian cryptocurrency exchange Bitgrail. More than $170 million in 2018 was stolen According to the owner Francesco Firano, 17 million XRB (Nano / RaiBlock) was withdrawn from the accounts as a result of Nano representatives denied this information and stated that there were . 😏 “unauthorized transactions.” no errors It is worth noting that the rest of the tokens stored on the exchange did not suffer. After the attack, Bitgrail declared itself bankrupt. April : CoinSecure What : 438 BTC Amount As we already know, employees of the exchange can take advantage of their position and peculate considerable sums. In April 2018 an Indian exchange Coinsecure lost 438 BTC or $3.5 million at the rate. The owners of the company assume that when extracting BTG. The suspect denied his guilt and claimed that the funds “had been stolen in the process of of attack”. CoinSecure CSO (Chief Security Officer) committed a hack some kind June : Coinrail What : 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins + significant amounts of six other tokens Amount Despite Coinrail being a small exchange in South Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it and , and significant amounts of six other tokens. stole 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins The authorities didn’t give many details and called the attack a “cyber intrusion,” which resulted in many ERC-20 tokens stolen from the exchange. September : Zaif What : 5,966 BTC Amount Japanese based exchange Zaif . This resulted in $60 million in BTC, BCH, and MonaCoin being stolen. Oddly enough, the exact amount of stolen BCH is unknown, which does inspire Zaif to improve their security measures in the future. was hacked on September 14 Zaif has already filed a criminal case with local authorities; apparently due to the way a hacker got unauthorized access to the funds, possibly an employee went rogue? October : MapleChange What : 913 BTC Amount A small Canadian based exchange called MapleChange had a modest volume of around $67,000 per day since its launch in May 2018. In October they or . claimed being hacked suffered a bug which resulted in all customers’ deposited funds being withdrawn On October 28, they made a strange claim that they had to delete all their social media accounts during an investigation. With no details on their team or whether they were legally allowed to operate, the “hack” reeks of an orchestrated exit scam. November : Pure Bit What : $30,000,000 (ICO + 13,000 ETH) Amount Pure Bit raised over $30,000,000 in an ICO to create a cryptocurrency exchange in South Korea, but then they . executed an exit scam Pure Bit even tried to go further and sell a portion of stolen funds on UpBit. Luckily, UpBit promptly froze the account, knowing that the funds are fraudulent. Pure Bit website is now offline, and their KakaoTalk account renamed to a phrase that roughly translates into “I’m Sorry.” December QuadrigaCX What: 26 350 BTC Amount: One of the most remarkable hacks in our list of cryptocurrency thefts happened in December 2018. ; he was the only one who had access to the cold wallets of the exchange. Interestingly, at the moment of announcement users have been trying to withdraw funds for several months already and bankruptcy rumors were spreading quickly. The owner of QuadrigaCX, Gerry Cotten, suddenly passed away When Ernst&Young started their audit, they found out that there . QuadrigaCX started bankruptcy procedure owning their customers more than 26,000 BTC. had never been more than 100 BTC on a cold wallet There is a conspiracy theory that Gerry Cotten is still alive and that QuadrigaCX case is nothing more than just an exit scam. 2019 January : HitBTC What : Unknown Amount It is vital to mention HitBTC behavior ahead of . Users reporting that . the annual Proof Of Keys event were complaining across Reddit and other social media platforms HitBTC was blocking all attempts of withdrawing their funds : Cryptopia What : At least 19,390 ETH Amount On January 13, users of Cryptopia reported difficulties accessing and using their accounts. The first message from Cryptopia was that they were going into unscheduled maintenance to resolve a technical issue. Later the exchange clarified on that they had . Twitter suffered a security breach Cryptopia stated that they had reported the breach to the relevant New Zealand’s authorities. The full amount of lost funds is unknown; however, 19,390 ETH has been seen transferred to an unknown wallet. As Cryptopia was quite a small exchange, the possibility of an inside job is one of the versions. : Cryptopia What : 1,675 ETH Amount After being hacked on January 13, Cryptopia was . This confirms that . hacked again 15 days later the exchange no longer had any control over their wallets February : Coinmama What : 450,000k user emails and passwords Amount Coinmama is one of the largest crypto brokers, servicing a total of 1.3 million active users. On February 15th, , which led to . We can only assume how the sensitive data could have been used: to gain access to cryptocurrency exchange accounts or to sell on the black market for other aims. their customer database was hacked over 450k user emails and passwords leakage May : Binance What : 7,000 BTC Amount The latest case from crypto exchange hack history happened a month ago with Binance. The hackers withdraw 7,000 BTC (currently over $40 million) having used several tactics of . They also mentioned other info had been jeopardized, which could potentially refer to customers private details being stolen as well. One of the possible solutions to restore funds was . phishing and malware , which allowed them to obtain a large number of user 2FA codes and API keys a hard fork of the BTC network The skills and knowledge of criminals are improving, and the methods by which thefts are committed become even more sophisticated. It is rather difficult to return the stolen cryptocurrency because unscrupulous experts who participate in frauds sometimes turn out to be among cryptocurrency exchange owners. Therefore, before each user starts investing money, it is . worth becoming familiar with the companies’ team and security history Now you have an answer on the question “ ”. We dived deep and tried to cover all the cryptocurrency exchange thefts and frauds that have ever happened since BTC origin. However, there is still , so please share with us the information, and we’ll add it to the list. which crypto exchange was hacked a chance that we haven’t heard about other hacks Remember, it’s a risky idea to put money into places where solvency isn’t transparent. The public addresses of the exchange wallet and monthly revenue numbers should always be public on the company’s website. So, if you do the math, you can always keep track of how the business is going. This is the blockchain spirit, spirit of transparency, and honesty. Stay secured! You may also Like Binance Hack: Cryptocurrency Forks Explained 8 Ways to be Tricked when Buying Cryptocurrency on P2P Platforms Cryptocurrency Exchange VS Stock Exchange At , we take security extremely seriously, and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise :) ROKKEX If you have any ideas and suggestions, contact us at . . . . . . . Website LinkedIn Facebook Twitter Telegram Reddit Instagram <a href="https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href">https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href</a>
