Any chain is only as strong as its weakest link — and when it comes to the blockchain, this link seems to lie with exchanges and trading platforms. These entities have been hacked at least six times and lost nearly $1 billion worth of cryptocurrency in the first nine months of the year, CipherTrace report shows.The sudden popularity of Bitcoin and 1,600+ other digital coins caught an eye of hackers and cybercriminals in recent years, as they quickly realized that unregulated and often poorly-managed trading platforms for cryptos are an easy target. In 2018, the crypto world lived through several high-profile crypto heists that cost cryptocurrency exchanges millions of dollars. Let’s take a closer look at some of the worst cryptocurrency heists.
Coincheck: $530 Million in NEM (XEM)Coincheck is one of the biggest hack attacks in history that highlighted the security issues present in the crypto trading industry. The event forced Japanese regulators to tighten their approach towards cryptocurrency operators.
What happened?Late in January, hackers breached the hot wallet of Tokyo-based cryptocurrency exchange Coincheck and stole 500 million NEM tokens — worth of $530 million at the time of the attack. Though only NEM tokens were affected, the NEM Foundation insisted that the hack had nothing to do with the cryptocurrency itself, but was a result of the negligent security policy of the exchange. Coincheck spotted and flagged 11 addresses containing the compromised NEM tokens to prevent the hackers from trading them on other exchanges. However, they still managed to launder their loot via different channels, including the dark web.
Why did this happen?As it was revealed during the investigation, the company kept NEM tokens on a hot wallet instead of a more secure cold storage or a multisig wallet. While hot wallets are convenient for trading purposes, they are intrinsically insecure and vulnerable to hack attacks.
How did it end?Coincheck agreed to repay its customers a compensation to the tune of $420 million out of its own pocket. In April 2018, Coincheck was purchased by Japanese financial giant Monex Group for 3.6 billion yen.
BitGrail – $187 Million in Nano (NANO)The Italian cryptocurrency exchange BitGrail was offline for a week before it finally confessed that the hacking incident had taken place.
What happened?There are no details about how the hackers managed to get access to exchange’s funds, though, the industry experts suspect that the money had been leaking through a security loophole for a week before the company admitted the loss of funds, stopped operations and filed for bankruptcy. The obscurity of the incident and suspicious reaction of the company made people think of that the hack was actually an exit scam.
Why did this happen?The whole case is wrapped in a mystery, but the affected parties continue to investigate the situation, so more details may emerge in the future. Nano developers insist that the heist had nothing to do with token specifications, but was caused by Bitgrail’s vulnerabilities.
How did it end?Bitgrail refused to compensate Nano holders for losses and stopped operations. In May, the company attempted to resume trading, but the Italian court ruled that the bankrupt exchange must stay closed and confiscated all Bitcoins from company’s accounts. Meanwhile, a group of investors tried to force the Nano Foundation to make a hardfork and save the stolen money. They filed a lawsuit to a New-York district court, but to no avail.
Zaif: $60 Million in Crypto (Including 5,966 BTC)Another Japanese cryptocurrency exchange fell victim to cryptocurrency hackers despite regulator scrutiny and increased security measures. Zaif didn’t learn the Coincheck lesson and paid a heavy price for it.
What happened?Hackers got their hands on digital coins stored on a hot wallet of Zaif, a trading platform operated by Osaka-based Tech Bureau, and managed to siphon Bitcoin, Bitcoin Cash (BCH), and MonaCoin (MONA) to the tune of $60 million before the company noticed an unusual outflow of funds from its wallet and suspended operations. Around $19.6 million of the stolen money belonged to the exchange, and the rest was users’ assets. Tech Bureau filed the incident as a criminal case to local police for further investigation; however, the money was gone forever.
Why did this happen?Just like in Coincheck’s case, the Zaif incident involved unauthorized access to customers’ funds stored in hot wallets with a constant internet connection — which emphasizes a structural weakness of virtual exchanges.
How did it all end?The company had to sell a major share of its ownership to the Japan-listed firm Fisco in exchange for $44.5 million to compensate clients for losses. Recently, a group of cybersecurity firms managed to trace the coins stolen from Zaif to France and Germany; however, there is no hope that they can be recovered.
Coinrail: $40 Million in NPXS and Other CryptosThe fourth largest cryptocurrency heist hit a small South Korean exchange.
What happened?The hacking incident happened in June 2018, and cost the South Korean exchange 30 percent of its virtual coins. The company noticed the leak and managed to freeze and recall some of the funds due to cooperation with relevant exchanges and developers. The hackers got away with less popular tokens like Pundi X (NPXS), Aston (ATX), and Enper (NPER). Some of the leaked funds were recalled.
Why did this happen?In the case of Coinrail, cybercriminals were able to breach the company’s servers, which is equivalent of getting a master key to all a bank vault. Luckily, Coinrail lost only 30 percent of the coins. The damage might be much more severe.
How did it all end?Coinrail offered a compensation plan for its clients and resumed trading soon after the incident.
Bithumb: $31.5 MillionThe sixth largest cryptocurrency exchange by trading activity was breached at the end of June, shortly after the Coinrail incident.
What happened?The company stopped operations as soon as it noticed suspicious activities on its accounts. The company stated that the stolen digital currencies were kept on cold wallets that were not constantly connected to the Internet. However, some industry experts expressed doubts about that, claiming that the stolen coins were most likely to be from the ‘hot wallets.’
Why did this happen?If the stolen coins were kept on a cold wallet, the attackers would need to physically break into the exchange premises before they got access to the wallet and stole the funds. This case demonstrates that no security measures can guarantee the safety of virtual coins, while the relative anonymity of cryptocurrency transactions makes them an easy target for hackers.
How did it all end?Bithumb promised to compensate the customers for losses in full. Have you ever fallen a victim to cryptocurrency heist? Do you see more heists coming before the end of 2018? Let us know in the comments below.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.