Part 1 (#25–#13) Revealing techniques of 25 successful attacks on blockchain: from 2010 to 2018, $1.8+ billion USD. Bitcoin Out of Thin Air — 92 Billion BTC Date: Aug 2010 Attack An flaw in Bitcoin’s code has been exploited at block #74638 to generate 92233720368.54277039 BTC. The overflow has resulted from a type that can hold an integer up to at most 2⁶³-1, giving the number 9223372036854277039. integer overflow UINT64_MAX After Attack Bitcoin community canceled all relevant transactions and rolled back the ledger to the pre-hack state. AllinVain — 25,000 BTC ($500,000) Date: Jun 2011 Attack The hacker broke into the victim’s hard drive and transferred a large chunk of balance to an external wallet. World’s first cryptocurrency hacks victim . from Wikipedia Mt. Got 1st Hack — 2609 BTC ($50,000) Date: Jun 19 2011 Attack The attacker and altered the nominal value of BTC to 1 cent. Afterward, the attacker transferred 2609 BTC from some clients to sell at this low price and purchased back nearly 650 BTCs from another account. obtained an auditor’s credentials After Attack Mt. Got suspended the operations for several days but then carried it on. from https://steemit.com Bitcoinica: Hacked 3 Times — 122,000 BTC ($430,000) Date: Mar / May / Jul 2012 1st Attack The attacker hosted on the Linode’s server and made away with 43,554 BTC. Some individuals who used Linode’s server have also been hacked. decrypted the Bitcoinica’s hot wallets 2nd Attack The attacker got access to Bitcoinica’s database, obtained users’ private identification information and sensitive details, and stole 38,000 BTC. 3rd Attack The attacker stole 40,000 BTC, but it has been reported that Bitcoinica’s funds were held in Mt. Gox secretly, which was later refunded. from bitcoinmagazine.com BitFloor — 24,000 BTC ($85,000) Date: Sep 2012 Attack The attacker obtained the unencrypted private keys that stored online for backups. After Attack BitFloor refunded the users, but it eventually closed down due to regulatory measures from its associated banks. from KryptoMoney.com Mt. Got 2nd Hack — 750,000 BTC ($350 million) Date: Mar 2014 Attack The attacker found . The details of the transactions can be edited to make it like it never took place. transactions malleable Specifically, in a general transfer transaction, the attacker (the receiver) was able to manipulate the sender’s signature before it goes into the blockchain, and changed the transaction ID. This new and tampered transaction has a chance to overwrite the sender’s original transaction, in which scenario, the attacker gets the funds yet it seemed like the sender does not successfully put the original transaction into the blockchain. The attacker (the receiver) can, therefore, ask for an additional transfer, who will eventually receive the funds twice. After Attack Mt. Got halted all BTC transactions right away. No refunds were made. Eventually Mt. Got filed for bankruptcy. from https://cryptoiscoming.com Poloniex —97 BTC (12.3% of all its BTC) Date: Mar 04 2014 Attack The attacker exploited the . Because of that, the withdrawal requests were processed simultaneously instead of sequentially, the attacker could send multiple withdrawal actions within a short period of time to withdraw more than the balance allowed, making the balance negative eventually. faulty design of Poloniex’s withdrawal code After Attack Polonies reduced all its holders’ balance by 12.3%, and later on repaid all the losses. from Wikipedia BitStamp — 19,000 BTC ($5.1 million) Date: Jan 04 2015 Attack The attacker stole 19K BTC from Bitstamp’s operational hot wallet. After Attack BitStamp suspended all operations. And it moved on to use a . multi-sig wallet from http://theconversation.com The DAO — 3.6 million ETH ($55 million) Date: Jun 2016 Attack Clearly, it’s due to reentrancy. on it. Lots of tutorials After Attack Ethereum community planned to do a soft fork but found another DDoS vulnerability inside the code, so a hard fork was inevitable. Right now we have Ethereum (new version) and Ethereum Classic (old hacked version). from https://steemit.com/ Steemit.com —Steem and Steem Dollars ($85,000) Date: Jul 2016 Attack The attacker hit 260 Steemit accounts and drained their balances. It’s a human error that was caused by a UI design flaw. Some users might not be aware of the difference between the memo and the password, and accidentally pasted their password at the memo field, which will be submitted along with the transaction. Those passwords will be kept public and immutable on the blockchain of Steemit! can simply scrape the passwords of numerous users who made this fatal mistake. A simple script from https://www.bitfinex.com Bitfinex — 120,000 BTC ($72 million) Date: Aug 2016 Attack Bitfinex switched to use BitGo’s multi-sig wallet 12 months ago. The attacker found a vulnerability in its multi-sig architecture and took advantage of it. After Attack Bitfinex issued BFX tokens to compensate victims, which are redeemable in USD. The victims lost are refunded slowly and steadily afterward. The attack made the price of BTC drop from $607 to $515 in just a few hours. from “Daily value of your cryptocurrency wallet” CoinDash — ETH ($7 million) Date: Jul 2017 Attack The attacker manipulated the ICO address posted on CoinDash’s website to lure investors into incorrect place for exchanging Ether for CoinDash tokens. Wrap-up Hope you enjoy the brief intro to the techniques of each of the big hacks. Some of the attack details remain confidential and there’re not much opened to the public, I have tried my best to organize and present the truth based on the references below. There are , including Veritaseum, Parity 1st hack, Enigma, Tether, Parity 2nd hack, NiceHash, Coincheck, BitGrail, Google Adwords, Bancor, Coinrail, Zaif, and a real bloody hacker fight that I have experienced. 12 more hacks to go Stay tuned! Great References https://medium.com/bitfolio-org/the-biggest-cryptocurrency-hack-in-the-history-of-blockchain-22380febfaa2 https://coinsutra.com/biggest-bitcoin-hacks/ https://blocksdecoded.com/cryptocurrency-hacks/ https://u.today/top-3-biggest-bitcoin-hacks-and-frauds-in-history https://www.coinannouncer.com/the-hack-history-of-blockchain/ https://blockonomi.com/mt-gox-hack/ Hack on blockchain itself: https://coincentral.com/blockchain-hacks/ https://cryptopotato.com/lessons-learned-from-the-biggest-crypto-hacks-in-history/ https://cryptopotato.com/market-declines-as-korean-crypto-exchange-coinrail-faces-hack/ https://www.benzinga.com/fintech/17/11/10824764/12-biggest-cryptocurrency-hacks-in-history https://www.ccn.com/biggest-theft-history-know-far-530-million-coincheck-hack https://www.blockstuffs.com/blog/top-10-blockchain-hacks Blockchain Graveyard: https://magoo.github.io/Blockchain-Graveyard/ Acquire security consultancy from blockchain white-hat hackers. is for your blockchain business safeguarding. Be careful not to be 0xdead! Turing Chain

Tether

Ethereum Classic

Chain

ConsenSys

Learn Blockchain’s Top 25 Hacks in History

Too Long; Didn't Read

Companies Mentioned

Coins Mentioned

@jeffhu

RELATED STORIES