2019 In Review: Major Blockchain/Crypto Security Incidents

A look back at some of the crypto hacks, scams, and arrests that happened this past year.

Harry
Harry
Dec 31, 2019 · 10 min read

There were a lot of security incidents across the blockchain space this year. As we near the end of 2019 and get ready to head into a new decade, let’s take a look back and see what happened and how we, as an industry, can learn from them moving forward.

We published multiple security-related stories this year. Like, seriously, lots of stories. Each story we publish addresses varying threat vectors that someone should be aware of when using cryptocurrency, with examples of real-life situations. The information shared in these stories are not only for the typical MyCrypto / Ethereum user either — the details can be applied across the industry, no matter what chain, exchange, or wallet you prefer.

We will also note some security-specific events for each quarter to illustrate and remind readers as to what went on through the year. Sadly there were too many events to list in a single article like this.


Quarter 1 of 2019 was very interesting, involving high-profile cases such as QuadrigaCX. At MyCrypto, we published five security-related articles to help educate users entering and staying safe within the cryptocurrency world.

Story: Unique phishing method to look out for: the fullscreen API

Story: The dangers of malicious browser extensions

Story: MyCrypto’s (Opinionated) Security Incident Response 101

Story: Hunting Huobi, MyEtherWallet, and Blockchain.info Scams

Story: The Difference Between a Hardware Wallet and a USB Drive

QuadrigaCX

MyCrypto CEO (Taylor Monahan) did an in-depth investigation of the Ethereum on-chain activity for Quadriga and published a spreadsheet of her findings.

Since that tweetstorm, the case has only become more muddled as new information comes to light. We strongly recommend checking out the recent Vanity Fair article on the case, which gives some additional insight into the players and moving pieces of the case. Here’s to hoping 2020 brings answers to those who lost funds due to QuadrigaCX’s ineptitudes.

Bithumb

Cryptopia

Some have estimated approximately $16M in ether and ERC-20 tokens were stolen. Cryptopia is working with various law enforcement agencies to determine the scope of the damage.


Quarter 2 of 2019 was extremely interesting, as we saw two separate zero-days performed on an exchange to gain unauthorized access, the Binance SAFU fund being utilized, and a couple of high profile arrests.

In Q2, the MyCrypto released 5 more security-related articles to help remind users, both old and new, to stay vigilant.

Story: Be careful with your KYC documents

Story: Private Keys + Websites = 💀

Story: Disclosure: Key generation vulnerability found on WalletGenerator.net — potentially malicious

Story: Discovering Fake Trezor, MetaMask, and MyCrypto Android APKs

Story: The SIM Swapping Bible: What To Do When SIM-Swapping Happens To You

Binance

Bitfinex

Coinbase

PlusToken

While the arrests happened in June, it wasn’t until December 2019 when news broke about the full scope and impact of the scam, thanks to Chainalysis’s in-depth report on the movement of funds.


In Q3, the MyCrypto publication brought you 2 more pieces to help users stay security-minded.

Story: Introducing CryptoScamDB.org

Story: Research into Trust-Trading Scams on Twitter

Bitpoint

Elliott Gunton

In August 2019, it was reported that Elliot Gunton was arrested. After hacking TalkTalk and stealing personal data in 2016, he helped supply the data for sim swapping attacks that lead to cryptocurrency exchange account hacks and stolen assets. This person was also part of the EtherDelta DNS hack in 2017 that led to a direct loss for a lot of users utilizing the (now small) DEX.


Quarter 4 of 2019 included hacks on Asian-based cryptocurrency exchanges, showing that exchanges repeatedly are the largest targets and increasingly hard to properly secure.

In Q2, we kept articles coming with 2 additional pieces to round out the year and remind users to keep their guard up.

Story: Nigeria, Indonesia, the US, and Vietnam are among the highest victim rates for crypto scams

Story: #MyCryptoWinter is back!

UPbit

GateHub

OneCoin


Observations

If you store your assets in a legit exchange, you’re still at risk

If you store your assets in a illegitimate exchange, you’re really at risk

If you give you assets to a scammer, you’re really screwed

Decentralized does not mean safe

Let’s do better in 2020.

Talk To Us & Share Your Thoughts

MyCrypto

The Official MyCrypto Blog

Harry

Written by

Harry

MyCrypto

MyCrypto

The Official MyCrypto Blog

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade