The 5 Biggest Crypto Exchange Hacks in History
There have been many hacks in the crypto world over the past few years — scenarios where expert hackers took advantage of frailties in an exchange’s security structure, leading to millions in lost funds, and many traders left without their investments. In this piece, we take a closer look at crypto exchange hacks with the biggest impacts.
Our intention is not to scare or discourage anyone from using crypto exchanges. With this piece, our aim is to to educate and raise awareness for a prevalent need for security measures in the industry.
While the specific reasons for each hack are different, there is a structural problem that can be associated with all of them. Every centralized exchange today is custodial, meaning the exchanges themselves hold the users’ funds. With such large amounts of cryptocurrency concentrated in one place, it’s no wonder centralized exchanges are a prime target for black-hat hackers.
Without further ado, here are the most impactful crypto hacks in history:
#5 Zaif
- Date of hack: September 2018
- Amount stolen: $60 million
Very recently, the Japanese exchange announced the theft of $60 million worth of cryptocurrency from their platform. Currently, there is not a lot of information out about how this hack happened, but the Financial Services Agency (FSA) of Japan is investigating the incident. Zaif only holds $20 million in reserve assets, so it wasn’t able to refund its customers right away. However, there is still hope for Zaif users to get a refund soon, because Zaif partnered with a Japanese investment group called Fisco to cover the losses. Fisco will in return receive a significant ownership stake in the exchange.
#4 Bitfinex
- Date of hack: August 2016
- Amount stolen: $72 million / 120,000 BTC
In August 2016, hackers were able to exploit a vulnerability in Bitfinex’ multisig wallet architecture. This resulted in a loss of 120,000 BTC (around $72 million). While Bitfinex did not cover the losses directly, they were able to refund their users using a proprietary token (BFX), which was bought back over the course of a year in return for fiat money. The attack, being the biggest hack since the Mt. Gox exploit in 2014, had an immediate effect on the overall cryptocurrency market. Within hours, the price of Bitcoin declined by up to 20%.
One of the most unsettling things about this particular hack was that even the use of two-factor authentication (2FA) did not protect users from losing their funds.
#3 BitGrail
- Date of hack: February 2018
- Amount stolen: $195 million
By far the most controversial hack occurred in the beginning of 2018, when Italian exchange BitGrail announced that $195 million worth of Nano tokens were drained from their accounts. This announcement was followed by a series of allegations against BitGrail CEO Francesco Firano who was accused of being actively involved in the heist. The main piece of evidence that skeptics pointed to was data pulled from the Nano blockchain explorer. That data seemed to indicate that the hackers may have initiated the unauthorized transfer weeks before it was reported as a hack, but so far, investigations have not been able to dig up any concrete evidence indicating it was an ‘inside job’. Affected users are still waiting for any information about refunds.
#2 Mt. Gox
- Date of hack: February 2014
- Amount stolen: $350 million / 850,000 BTC
Mt. Gox remains the most prominent crypto exchange hack, even though it happened more than 4.5 years ago. 750,000 BTC from Mt. Gox customers and 100,000 BTC from Mt. Gox’ reserves were stolen during the attack. The reason this hack burned into the heads of the community is that the amount of Bitcoin being drained from the platform was magnitudes higher than everything that has been seen before. This was mostly because Mt. Gox was at that time handling about 70% of Bitcoin trades worldwide. Obviously, the size of the hack immediately brought the exchange to its knees, the operations were suspended immediately and Mt. Gox had to file for bankruptcy. The market had a hard time recovering from this news and saw a bear market that lasted for more than a year. Fortunately, the price of Bitcoin has risen significantly since 2014. As the company still held about 160,000 BTC when it filed for bankruptcy, they might be able to fully refund the affected customers.
#1 Coincheck
- Date of hack: January 2018
- Amount stolen: $535 million / 523 million NEM
The medal for the largest cryptocurrency hack in history goes to Japanese cryptocurrency exchange Coincheck, which lost $534 million worth of NEM coins early this year. According to Fortune, the exchange admitted that its own sloppy security practices were to blame. Specifically, Coincheck did not hold the stolen cryptocurrency in cold-storage but rather had them in hot-wallets (meaning they were connected to the internet). Coincheck also reportedly failed to protect the wallets with standard multi-signature security protocols. As the value of NEM tokens devalued quite a bit since the hack occurred, Coincheck decided to refund $0.83 per NEM token, meaning a sum of $420 million will be repaid to affected customers.
With these 5 massive crypto hacks in mind, it’s clear that in order for crypto trading to become mainstream and for the movement as a whole to grow, investors have to feel that their money is well-protected. With centralized exchanges being responsible for such large sums of money, they become primary targets for these detrimental hacks, and as a result, traders become hesitant to put their money in to these exchanges. This is just part of the reason why we’re building 1Konto — to not only provide the best price with our cross-exchange functionality, but also to provide a platform with the necessary security to ensure a user’s funds are safe and secure.
Disclaimer
It is important to note that the selection for this list was made purely based on amount stolen denominated in USD at the time of the incident. This obviously creates a certain bias towards more recent hacks as the price of most cryptocurrencies have skyrocketed in 2017/2018. The list would look quite differently if the stolen cryptocurrency is to be denominated at today’s prices.
If this piece was valuable, make sure to subscribe to our newsletter here. Also, for a limited time, we’re giving away free trades! Subscribe on the link above to find out how.
About 1Konto
1Konto (German for “one account”) is in process of becoming the first to connect traditional and digital assets through one-click trading. We focus on increasing adoption of digital assets, reducing friction in ownership and bridging the new crypto world and the traditional financial markets all at the best price via our proprietary algorithm.
Stay informed
The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained in this post or any of my posts constitutes a solicitation, recommendation, endorsement.
All Content on this post is information of a general nature and does not address the circumstances of any particular individual or entity. Nothing in the post constitutes professional and/or financial advice, nor does any information in the post constitute a comprehensive or complete statement of the matters discussed or the law relating thereto.
