Investigations | June 25, 2021

The 10 Biggest crypto hacks in history

by Crystal investigations team

Cryptocurrency is reputed for its transparency, but unfortunately, it is also well-known for cybercriminals targeting platforms and exchanges to exploit them. Although exchanges invest some resources to protect their assets, experienced attackers can breach their security walls.

Exchanges are targeted regularly as they tend to have open-source code libraries. Criminals like to target crypto exchanges since a single breach could net them the assets of thousands of users. More security measures are needed, as illicit activities become more sophisticated.

This article looks at the 10 biggest centralized crypto exchange (CEX) exploits in history so far:

1. Mt. Gox (2011): the first major breach in the crypto world

Mt. Gox was a crypto exchange located in Tokyo, Japan launched in 2010. At one stage, it was the largest cryptocurrency exchange in the world – handling more than 70% of bitcoin transactions globally. In 2011, the exchange was hacked and bitcoin worth $8.75m was stolen.

Although the exchange vowed to improve its security mechanisms, it suffered from another attack in 2014. This time, it was carried out on a much larger scale. Almost 850,000 bitcoins ($615m) were siphoned off. They achieved this by flooding the exchange with a large number of fake bitcoins. This secure breach was among the first major ones in the bitcoin world.

The breach resulted in several lawsuits being filed against the company, from customers, vendors, as well as partners. The CEO of the exchange, Mark Karpeles, was a central figure in many of these since he didn’t use any version control software for the site’s source code.
Any coder could accidentally overwrite the site’s code, thereby leaving the entire system vulnerable. These lawsuits have not helped the exchange’s users till now. The exchange is looking to refund its users via a civil rehabilitation plan submitted to the Tokyo District Court.

2. KuCoin (2020) – the most recent attack

KuCoin is a crypto exchange based in Singapore. It was founded in 2013 and deals in several cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and Ardor. In September 2020, it was targeted, and the criminals managed to steal over $281m worth of coins and tokens.

In addition, hackers managed to obtain the keys to some of the hottest wallets on the exchange. Although KuCoin quickly blocked all transactions on its website, the damage had already been done. This breach is among the largest in the history of crypto assets.
In the aftermath, the management team of KuCoin launched a thorough investigation. This swift move yielded positive results, as more than $204m worth of funds was recovered within weeks. The exchange has also made a key breakthrough in identifying the potential suspects.

It is alleged that a hacker group based in North Korea was responsible for the act. This case highlights the importance of moving quickly and having the ability to track transactions on a real-time basis. In addition, the exchange is planning to cover the losses of all its users.


3. Upbit (2019) – the hack that made use of a single transaction

Upbit is a cryptocurrency exchange that was founded in 2017. Although the exchange is based in South Korea, it has become popular in other parts of the world. In fact, during 2018, it became the world’s largest crypto exchange in terms of daily transactions.

However, in November 2019, the exchange was hit by a major cyber attack. The criminals managed to break into the exchange and steal over $45 million in a single transaction.

Within a few days of the attack, the hackers moved a majority of the crypto to other wallets, in order to make it harder for the authorities to track them. After a few months, the US Department of Justice managed to identify two Chinese nationals who had taken part in the attack.

Furthermore, it was revealed that hackers from North Korea were also involved in the attack. In the aftermath, Upbit tried to persuade other exchanges to block the accounts related to it.

4. BINANCE (2019) – the biggest name to be hit

Binance is one of the biggest names in the business. The exchange is headquartered in the Cayman Islands and is the world’s largest cryptocurrency exchange (by volume). The exchange offers over 360 different cryptocurrencies and is active in more than 1200 markets.

In addition, Binance claims to have built an entire ecosystem of crypto transactions, research, training, and charity. However, in May 2019, the exchange was hit by a major security incident.

The hackers withdrew over 7000 bitcoins from its hot wallet. The total losses from the attack were approximately $40m. The attackers managed to break into the exchange’s security systems, obtaining key information sets, including two-factor codes, APIs, and other data.

Astonishingly, all the missing bitcoins were linked to a single cryptocurrency wallet. The exchange has stated that its secure asset fund for users (SAFU) is covering all losses.

5. Bitfinex (2016) – the hack where losses were distributed

Bitfinex is a Hong Kong-based crypto exchange that was founded in the year 2012. It is owned by iFinex Inc., a company that has also developed a stablecoin known as Tether. In 2016, the crypto exchange was attacked by hackers, who managed to steal coins worth over $60 million.

After the attack, Bitfinex managed to track some funds and also issued refunds to its customers in the form of equity. All losses from the attack were equally distributed among the users.

In 2019, the US government managed to retrieve a portion of the funds and also identified some of the hackers. It was found that two Israeli brothers were involved in the attack. They were swiftly arrested by the authorities and charged under cybercrime regulations.

In 2021, it was found that the coins that were originally stolen have been moved from one wallet to another. It is believed that certain individuals that were involved in the attack are trying to cash in on the high prices of bitcoin.

6. CRYPTOPIA (2019) – the curious case of two attacks

Cryptopia was an exchange based in New Zealand founded in 2014 and located in Christchurch. In January 2019, the exchange was hit by a major attack that resulted in total losses worth $15.5m. The management estimated that over 9% of its total holdings had been stolen in the attack. The attack was so severe that it resulted in the complete liquidation of the exchange.


7. ZAIF (2018) – the attack that was identified too late

Zaif is one of the oldest crypto exchanges in Japan. Operating since 2014, it was the first exchange to receive an official license in Japan. Zaif offers more than 40 cryptocurrencies. In September 2018, the exchange had a major breach, as hackers gained access to its hot wallets.

Although the hack took place on September 14, Zaif could not identify it until three days later. Total losses were around $60 million. Crystal was able to track the funds and assign a risk score of 100% by marking the hackers’ wallet after checking all withdrawal transactions from Zaif.

In the aftermath, the exchange signed a deal with Japanese investment firm Fisco. As part of the deal, it managed to raise about $44.5m of funds. These funds were then used to cover the losses faced by its users. In return, Fisco took over the majority ownership of the exchange. As a result, deposit and withdrawal services on the exchange were restored in April 2019.

8. BANCOR (2018) – the hack where users went unscathed

Bancor is an Israeli start-up founded in 2016. It is essentially a crypto company that offers a fully decentralized exchange service to its users. The firm raised $150m in an ICO in 2017.

However, the following year, it was hit by a major attack that resulted in total losses worth $23.5m. The hackers used a sophisticated technique in order to execute the crime. They targeted a specific wallet that the company was using to upgrade its smart contracts.

The Bancor exchange was taken offline after the incident. In addition, the company identified and tracked the stolen coins. They figured out that some of the coins had been transferred to other exchanges. Bancor then requested these exchanges to freeze the stolen coins.

The company insisted that no user funds were lost during the attack. Critics of Bancor claimed that the firm simply did not do enough in terms of protecting its own assets.

9. COINCHECK (2018) – the biggest hack so far

Coincheck, a crypto exchange headquartered in Japan, was founded in 2012 and is considered to be among the top 20 exchanges in the world. The exchange offers a wide range of crypto, including bitcoin and Ethereum. In January 2018, bad actors managed to break into the exchange and steal crypto worth $534m.

This was confirmed as the largest crypto attack in history. As soon as the breach took place, Coincheck froze all deposits and withdrawals. However, the damage had already been done and the exchange admitted that it may not be able to cover the losses suffered by its users.

The attack was followed by a thorough investigation led by Japanese authorities. The hackers used a phishing attack to access hot wallets. They were then able to spread malware and siphon off the funds. Further details about the attack were revealed in early 2021 when authorities stated that most individuals involved in the attack were in the high-income group.

10. COINBENE (2019) – the hack that wasn’t admitted at first

CoinBene is a Singapore-based crypto exchange that is operated by Chinese employees. It is considered to be among the top 10 crypto exchanges in the world by trading volume. The exchange serves the crypto community in over 192 countries.

In March 2019, CoinBene was attacked by cybercriminals who managed to walk away with over $105 million in cryptocurrencies. However, the exchange stated that it was closing down for maintenance activities, instead of accepting that the attack took place.

A thorough analysis of its transactions revealed that the exchange had indeed been defrauded. The criminals managed to move the stolen coins to a wide range of exchanges, including Binance. The lost coins are yet to be recovered.

Above we’ve outlined some of the largest CEX crypto exchange security breaches in history. It is quite remarkable to note the breadth of these attacks. It is also evident that setting up robust security walls is not enough in terms of offering protection against experienced cybercriminals.

Further, the sheer scale of some of these attacks highlights the need for exchanges and other crypto firms to be extremely vigilant so that they can keep an eye on unauthorized activities.

This can be achieved by partnering with industry specialists that offer solutions like cryptocurrency transaction tracking, analytics, and risk assessment. Crystal Blockchain is one company that provides specialized risk mitigation solutions in the field of blockchain analytics.

Be the first to get news from Crystal