100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents

This week, users of cryptocurrency wallet provider Coinomi have been warned to transfer all funds they have in their Coinomi wallets to other wallets, because of an unfortunate decision on the developers’ parts:

A cryptocurrency investor named Warith Al Mawari is claiming he lost $70,000, his life savings, due to the Coinomi vulnerability.

Right now, on the Coinomi website (archive), they claim:

Founded back in 2014, Coinomi is the oldest multi-asset wallet available, with millions of active users. Most importantly, no Coinomi wallet has ever been hacked or otherwise compromised to date.

They may need to update that language…


Cryptocurrencies are ultimately secure, but only in how wallets interact with each other, not when it comes to wallets interacting with humans. “Security” is one of the main keywords you will see on any cryptocurrency exchange, payments service, wallet provider, or industry-specific blockchain related website… but, the history of crypto and blockchain’s technology, as well as communities, is full of examples of security vulnerabilities being exploited to harm investors, users, and customers.

Here is that history, confined to the following types of incidents:

  • Hack — Theft: An external party gains access to backend services, or redirects regular services to extract funds or cause damages
  • Hack — Identity Theft: An external party gains access to, or makes duplicates of, hack victims’ user data (i.e. KYC info)
  • Theft — Exit Scam: An internal party, or someone impersonating an internal party, gains access to funds and redirects/launders them
  • Theft — Extortion: An external party forces the hacking victim to redirect personal, or users’ funds
  • Glitch — Funds Locked: Due to an internal error, investors’ or users’ funds become inaccessible


This is Draft 1, and all this info has been compiled from 2nd-hand sources on social media; so if you see anything here that you know has been disproven, or know of anything not included here, please please let me know!

It is my hope that this dataset can be used by anyone and everyone to form a better understanding of vulnerabilities which still exist in “Crypto,” some which cannot be totally fixed, of course (i.e. extortion…), but some which may also be totally avoidable…such as the Coinomi losses mentioned above. Not storing your “life savings” in a single wallet, created on your Android phone, is good advice in my (biased) opinion…and it’d be nice to see services like Coinomi offer to their users.

Many financial damages can be prevented through more cooperative efforts to educate retail customers of the relevant payment and investment systems, I think…but some can only prevented by proactive regulators, too. The exit scams mentioned in this dataset, such as OneCoin, I imagine to be especially difficult to deal with using only “self-regulation” methods.

For more context on cyberhacks and the importance of disclosure, see this article published yesterday in WSJ:

https://www.wsj.com/articles/many-company-hacks-go

Few companies are telling securities regulators about cyberattacks, a new analysis finds, despite recent efforts to bolster disclosures of such incidents to investors.

Thanks for any feedback and help in making this list more complete!
-@KyleSGibson

PS — here’s some of the pre-existing lists I used for reference. If you’re looking for the actual tx address of any of these fraudulent transactions, start with these links:

https://bitcointalk.org/index.php?topic=83794.0;all#post_toc_39

and check out this report for some extremely detailed analysis and explanation of crypto exchange hacks: