Over the past few years, there have been a handful of high-profile that deeply shook the cryptocurrency world. The intention of this article is not to scare anyone away from cryptocurrencies but instead to educate readers on why these happened. Understanding past vulnerabilities enable the blockchain and crypto community to grow stronger and more resilient to cryptocurrency hacks attacks cyber-attack attempts. MT.GOX & Bitcoin The first example is one of the most well-known attacks in history. was , handling of the world’s Bitcoin exchanges. Problems existed prior to the attack such as a minor hack in In 2013, Japan-based MT.Gox the biggest bitcoin exchange in the world 70% 2011. There were some red flags prior to the attack (Source: Blockgeeks) : There was no use of , which would keep track of all changes made in the code base and allow rolling back to any previous versions if needed. Version Control Software (VCS) There was no testing policy, meaning that untested code was deployed to transfer crypto assets worth millions. This brings us to the . On , the company to check why there were transaction delays. They realized they had been subjected to a , which means that someone was able to tamper with the transaction data before it was dedicated to the blockchain and even if the changes were noticed after the fact, nothing could be done after it has been detected, as the blockchain is immutable. $473 million US dollar hack February 7, 2014 stopped all Bitcoin withdrawals Transaction Malleability Attack (MTA) The attacker was able to overwrite transactions to make them appear as unconfirmed when in reality they were. In doing so, they were able to overwrite . US$473 million worth of Bitcoin without the system noticing The timing of the attack was unfortunate as Bitcoin was just starting to gain mainstream exposure and people feared that the attack could set back faith in the system by , and so the price fell drastically but quickly recovered. MT.Gox declared bankruptcy shortly after. at least 4–5 years DAO & Ethereum The second case relates to and DAO was a complex smart contract that was going to revolutionize Ethereum forever. It was going to be a decentralized , that would fund the creation of made on Ethereum. If one wanted to have a say in how Dapps would get funded, then they had to buy DAO tokens for a certain amount of Ether. After Dapps got a stamp of approval from its curators, they were voted on by the token holders; if the proposal got approval, then they received the funds to start developing. DAO the subsequent Ethereum blockchain fork. Venture Capital Fund Dapps 20% Within of its formation, DAO accumulated over r, and at that point, it held If someone wanted to leave the DAO, they would have to exchange their DAO tokens for Ether, and Ether would then be locked for 28 days before they could withdraw it to their personal wallets. 28 days $150 million dollars worth of Ethe 14% of all Ethereum issued. someone this DAO exit loophole and siphoned away On June 17th, 2016, exploited ⅓ of the DAO’s funds US$50mln. When someone requested to exit the DAO, the contract went through two steps: The contract would exchange the user’s DAO tokens for Ether, and, They would register the transaction on the ledger updating the token balances. The made a recursive function request so the contract would take the DAO tokens from the attacker, and give them the Ether requested. Instead of moving on to step 2, the recursive function reset the code, meaning that even more Ether would be paid out to the attacker for the same tokens that had already been paid for. hacker It was eventually decided that a hard fork was the best solution reverting the chain to before the hack meaning that people had their funds returned and the code was fixed. However, many people disagreed with using this method to solve the problem so they stayed on the original Ethereum chain. This is what spun the creation of Ethereum (the chain that forked away from the attack) and Ethereum Classic (the chain on which the DAO hack happened). Learn more about blockchain forks. BITFINEX The third case refers to the second biggest attack on the Bitcoin network. It was suffered by Hong Kong-based cryptocurrency exchange platform Bitfinex in 2016 (lost 120,000BTC, worth $72Million USD at the time). wanted to provide better security, and so partnered with to provide users with multi-signature wallets. Multisignature wallets require a certain number of the keys linked to the wallet to sign off on any transactions, so instead of one single transaction sign off there would be at least 2 checks. Unfortunately, this is what opened the door to the hackers. Bitfinex BitGo When the hackers attacked the Bitfinex servers, they had both the Bitfinex controlled and the BitGo controlled keys signed off on all legal bitcoin withdrawals. So the theory is that these multi-sig wallets were not multi-signature at all. There was one point of failure and that was with Bitfinex’s servers. So just like with the previous hacks, Bitcoin’s price was negatively impacted (fell nearly to its lowest ), before it managed to recover reaching new all-time highs a year later (2017). In response to the attack, issued a as an to its users. As of , they bought back all of the tokens and hence settled the debt to their users. 20% $480 at the time Bitfinex BFX token IOU April 2017 Closing Thoughts These were not only large in scale but also had a great impact on the community, such as with the creation of However, none of these attacks had anything to do with the underlying blockchain technology, as the blockchain of both Bitcoin and Ethereum have remained . Instead, these attacks reveal that the cryptocurrency community can bounce back from any such obstacles and grow stronger. infamous cryptocurrency attacks Ethereum & Ethereum Classic. unhackable If you enjoyed this article make sure to follow Our mailing address: info@gxblocks.net GX Blocks Energy — Official Website: www.gxblocks.com Copyright © 2020 GX BLOCKS ENERGY S.A. Also published on Medium’s subdomain: https://gxblocks.medium.com/3-most-infamous-cryptocurrency-hacks-a888d6c8f735
