Since its release ten years ago, Bitcoin (BTC) has gradually found itself to be a juicy target for hackers and criminals looking to make a quick buck.
During its meteoric rise — climbing from almost nothing to an all-time high of over $20,000 in January 2018 — Bitcoin managed to garner the interest of millions. However, during this same time, hackers and cyber-criminals began to recognize the ease with which they could exploit the services and institutions holding the system together.
In total, well over one million Bitcoins have been stolen throughout its ten-year history — with the majority of these occurring in its infancy. Now, at the dawn of Bitcoin’s tenth anniversary, let’s examine some of its largest wounds.
Bitconnect was a crypto community and lending platform initially released in 2016. Since its early days, Bitconnect had repeatedly come under fire for supposedly being a Bitcoin Ponzi scheme/pyramid scheme, offering investors as much as one percent interest compounded daily through its multi-level marketing scheme — which saw investors further rewarded for inviting additional users to the site.
Despite the warning signs, Bitconnect quickly rose through the ranks to become one of the most popular cryptocurrencies in 2017, before getting slapped with a cease and desist notice from the Texas Securities Board and the North Carolina Securities Division.
Just over a year after its launch, Bitconnect shut down operations on January 16, 2018. The amount lost as a result of the Ponzi remains up for debate but is generally considered to be in excess of $1 billion.
Kraken Cryptor Ransomware
As a new and relatively unknown type of ransomware virus, Kraken Cryptor has been able to infect hundreds of thousands of computers worldwide since its initial detection in August 2018.
What makes Kraken Cryptor most dangerous is its ransomware-as-a-service nature, which allows affiliate partners to purchase Kraken Cryptor payloads for $50 each, allowing them to receive 80 percent of the ransom payment if paid.
The Kraken Cryptor ransomware is typically distributed to victims through emails offering promotions, applications and a variety of unsolicited receipts or invoices. Once the victim clicks on the application, the Kraken Cryptor trojan is loaded onto their system. Kraken encrypts the contents of their hard drive. Once the files have been encrypted by Kraken Cryptor, the virus loads a ransom note, requiring the computer owner to buy bitcoin to pay a variable amount, typically 0.125 BTC, to recover their encrypted files. (Sorry, no bank account!) The only other option available is to buy expensive data recovery from a tech bureau to recover all your files.
It remains unclear exactly how much money has been lost due to Kraken Cryptor, but likely totals several million dollars due to its rapidly gaining momentum.
Mt. Gox Exchange Hack
Mt. Gox was an online cryptocurrency exchange located in Tokyo, Japan. At the beginning of 2014, Mt. Gox was, by some margin, the largest cryptocurrency exchange in the world, handling around 70 percent of all bitcoin transactions worldwide.
However, despite its apparent success, all was not well. Throughout a period beginning in 2011, up to the exchange closure in 2014, MtGox was subjected to the largest, and possibly longest, gradual theft in Bitcoin history — with over 740,000 Bitcoin being siphoned off from Mt. Gox wallets, plus an additional 100,000 Bitcoins stolen from Mt. Gox reserves.
At the time, the more than 840,000 Bitcoins stolen were worth around $450 million, but would currently be worth more than $5 billion today. To date, only 200,000 BTC has been recovered, and the exact origin and perpetrator of the hack remains unknown.
Bitfinex Exchange Hack
In August 2016, Bitfinex announced that it had suffered a security breach, resulting in the loss of almost 120,000 Bitcoins — at the time comprising 0.75 percent of the circulating supply of BTC. Shortly after the hack, Bitcoin crashed, seeing 20 percent of its market cap wiped off within just hours.
Investigations into the theft found that hackers were able to exploit a loophole in the Bitfinex multisignature wallets. Following the hack, Bitfinex issued BFX tokens to those affected, these could be redeemed at $1 each to recoup any lost funds. As of April 03, 2017, Bitfinex has successfully completed the redemption of all BFX, repaying their debt to its users.
Since the hack, Bitfinex has managed to maintain a strong position among cryptocurrency exchanges, currently sitting at 16th position by volume with over $100 million in daily trades.
Zaif Exchange Hack
Zaif is another Japanese cryptocurrency exchange that was recently targeted by bitcoin hackers. According to a recent report by the exchange, a total of 6.7 billion yen worth of cryptocurrency was stolen from the exchange — currently equal to more than $60 million.
The company revealed that hackers with unauthorized access to the exchange’s hot wallets were able to extract large amounts of Bitcoin (BTC), Bitcoin Cash (BCH) and MonaCoin (MONA), with a total of 5,966 confirmed stolen (around $37 million).
As of writing, the company is still determining the hacker’s entry point and exact amount stolen, and are working on a route to compensate those affected.
Allinvain, one of the earliest Bitcoin miners and, unfortunately, the victim of one of the first large-scale Bitcoin thefts, was robbed for 25,000 Bitcoins. At the time, that was worth around $500,000. According to this Bitcointalk thread, the hacker suspects that he was infected with a trojan that had direct access to his wallet file.
To date, the 25,000 Bitcoins has not been recovered, and the hacker remains unidentified. Had the hack happened today, the value would be more than $150 million, eclipsing even some of the largest exchange hacks.
Sheep Marketplace Exit Scam
Sheep Marketplace was an anonymous online drug marketplace only accessible using Tor, the anonymous browsing tool used to access the ‘Dark Web’ or darknet markets.
A total of as much as 40,000 BTC was stolen by the owners of the bazaar in one of the largest exit scams in Bitcoin’s history. Following a smaller hack of around 5,400 Bitcoins siphoned off by a rogue vendor, the Sheep Marketplace owners froze withdrawals on the site and made off with approximately $40 million in illicit funds in December 2015.
After an extended investigation, Thomas Jiřikovský, a Czech national, was identified as the site owner and sentenced to nine years in prison for the theft.
Bitcoin Savings & Trust Ponzi
In November 2011, First Pirate Savings & Trust, a high-yield investment scheme which offered investors the opportunity to earn interest up to seven percent, was launched. According to its founder, Trender Shavers (or Pirate40, as he was known on Bitcointalk) was able to offer such suspiciously high-interest rates by “selling BTC to a group of local people” at a high margin.
Unsurprisingly, after running for several months, Shavers was forced to shut down the operation, suddenly announcing default on August 28, 2012. It is estimated that, at its peak, around 500,000 BTC was invested — then worth around $7 million.
In related news, Trendon Shavers became one of the first people in the world to be prosecuted for a cryptocurrency Ponzi scheme, being sentenced to 18 months imprisonment for securities fraud.
The Bitfloor Heist
In 2012, Bitfloor was the fourth largest cryptocurrency exchange dealing with US dollars. In September 2012, Bitfloor was hacked, with a total of 24,000 Bitcoin’s being stolen, essentially bankrupting the exchange.
According to a post by Bitfloor’s founder, Roman Shtylman, hackers were able to access the unencrypted private keys for the exchange’s wallets during a manual upgrade. He does not mention exactly how the hacker gained access to the company servers.
Shortly after the hack, Bitfloor was forced to close down operations, the hacker has never been caught.
While not technically a hack or scam, an incident that occurred on August 15, 2010 resulted in the creation of more than 184.4 billion new Bitcoins, more than 100x the current circulating supply.
Due to a bug in block 74638, it was found that a transaction erroneously caused the creation of 92.2 Billion BTC for two different addresses — while whoever solved the block was rewarded with an additional 0.1 BTC that didn’t exist before the transaction was made.
Shortly after the bug was recognized, a new version of the Bitcoin core client was released containing a soft fork change that saw all value overflowed transactions rejected. Had the issue not been swiftly corrected, the value overflow bug could have completely collapsed the Bitcoin network.
Did we miss anything? Which hack or theft do you think damaged the industry the most? Let us know in the comments below!