Cryptocurrency is akin to digital gold, and just like the mineral counterpart, there is a considerable level of enthusiasm that is not too dissimilar to the California gold rush of the 1850s. People are eager to acquire cryptocurrencies as their value has skyrocketed in the last few years. The price of Bitcoin has risen from single digit value in 2011 to more than $10,000 in 2017. That is an increase in order of magnitude that is unprecedented in the history of tradable commodities. As a result of this growth, the market has become a target for hackers and cybercriminals. Throughout the years, there have been a number of high profile cryptocurrency hacks.
Before delving into the main topic of this article, it is important to briefly explain a few concepts that will aid readers in understanding the topic. Ownership of a cryptocurrency like Bitcoin implies that a certain number of Bitcoins is resident in the digital address of the owner. Proof of ownership of the Bitcoin in a wallet depends on the possession of the cryptographic keys (both private and public). Think of these to be like your credit card number and CVV number. If a hacker gets a hold of these keys, they can transfer your Bitcoin or other cryptos from your wallet into another wallet. Below are three of the highest-profile cryptocurrency hacks that have occurred till date.
Most of the high-profile cryptocurrency hacks have occurred on cryptocurrency exchange platforms. The DAO hack is one of the exceptions to that pattern. The DAO was established as an Ethereum-based venture capital organization that was governed by all of its participants. It was envisioned to be a robust platform that enabled the creation and implementation of DApps (Decentralized Applications) on its platform. The crowdfunding for the DAO raised more than $150 million in Ether in May 2016. By the following month, hackers exploited a flaw in the DAO and stole $50 million.
The flaw in the DAO had to do with something called the “Split Function.” This function allowed a user to take back the Ether that had been invested in the DAO. The process involved returning the invested Ether and registering the return in the ledger in order to update the records of the DAO. The hacker was able to create a “recursive function” which is basically a self-repeating function that made the first step of the split function to repeat itself continuously. Instead of moving to the second step of registering the token reversal, the code kept reverting back to the first step until $50 million worth of Ether was stolen from the DAO.
The entire Ethereum architecture took a big hit and there was a lot of confusion and uncertainty in the immediate aftermath of the DAO hack. The first major step was to carry out a soft fork of the blockchain. The soft fork was deemed problematic due to the fact that it would create a number of DDoS attacks during if implemented. Unable to come to a consensus, a schism soon developed in the Ethereum community which eventually led to a hard fork. This created two distinct Ethereum blockchains; Ethereum Classic (ETC) and Ethereum (ETH). The ETC blockchain is made up of participants who rejected the hard fork and elected not to alter the blockchain due to the DAO hack.
Bitfinex is a Hong Kong-based cryptocurrency exchange platform owned by iFinex Inc. It also provides wallet and trading services for cryptocurrencies. Bitfinex has suffered a few hacks during its time of operation but the biggest hack was in 2016 when almost 120,000 BTC were stolen from the platform. This amounted to about $72 million and it is the second largest Bitcoin exchange hack. The previous year, about 1,500 BTC had been stolen by hackers from the platform.
On August 4, 2016, hackers took advantage of a flaw in the multisig security protocol of the Bitfinex platform to steal 119,756 BTC valued at $72 million from the several customer accounts. In a bid to enhance security measures around their operation, Bitfinex decided to use multisig (multiple signature) security protocols. This created 3 private keys for a wallet split between three owners. Access to a wallet required 2 out of the 3 keys. Bitfinex entered into a partnership with BitGo and 1 private key for every customer wallet was stored on BitGo servers.
Concrete details of the exact nature of the hack are still unknown but the prevailing theory is that the Bitfinex multisig security framework wasn’t multisig at all. The system was alleged to have been set up in such a way that the Bitfinex servers were still a single point of failure. So, when the hackers breached the Bitfinex servers, they were able to get around the BitGo security protocols.
The aftermath of the hack wasn’t terminal for the operations of Bitfinex but the company was affected a great deal. Bitfinex responded by issuing BFX tokens as a sort of IOU in lieu of the funds that had been stolen. They also expanded the cryptocurrency trading pairs on offer on their platform. This increased the volume of trade of the Bitfinex platform and they were able to recover. As for the price of Bitcoin, it fell by almost 20 percent but recovered not too long afterward.
When the going was good, Mark Karpelès and Mt. Gox were at the top of the Bitcoin trading food chain. More than 70 percent of the global Bitcoin trading volume was being handled by the platform as it was by far the biggest in the market. Established in 2010, it quickly grew to the pinnacle of the Bitcoin trading market. It came crashing down after the biggest cryptocurrency hack occurred on the platform in 2014. It resulted in the theft of over 700,000 BTC worth about $473 million.
Before the 2014 hack, an intrusion has occurred on the platform way back in 2011. A hacker or group of hackers broke into the system and transferred a significant number of BTC away from customer wallets before eventually selling them on the exchange. More than $8 million worth of BTC was stolen in this hack but it was nothing compared to what came 3 years later.
The perpetrators of the 2014 Mt. Gox hack used a transaction malleability attack to accomplish the hack. Lack of adequate version control protocols and the inefficient set up of the software development process meant hackers could gain control and make unauthorized transactions on the platform. At the end of the day, 744,408 BTC had been stolen from the platform.
With the monumental scale of the theft, the platform declared bankruptcy with more than 100,000 customers losing their investments. Mark Karpelès, the CEO of the company was arrested and charged with fraud. The platform never recovered from the hack.
The threat of hackers continues to be a clear and present danger in the cryptocurrency market. As a result, many platforms take concrete steps to provide adequate security measures. Even with these measures, it is still important to take certain steps to protect your crypto coins. One such step is to never keep the bulk amount of your cryptocoins in online wallets. Investing in hardware wallets like Trezor and Ledger Nano are better options. Also, endeavour to always keep your private keys safe.