Published in


Hack of the Week — May 2020

Hot wallets still risky in 2020, how to steal 120K bitcoin from an exchange, when smart contracts fail, & teaming up with ex-top internet company hackers

Every week we highlight one “#hackotw”. At the end of the month, you can find a summary right here in the Hack of the Week series.

Hack of the Week — May 27, 2020

The ZHOU gang, highjacking computers for $87 Million

In 2018, police in the city of Xi’an in northern China began investigating a complaint alleging hackers had compromised a victim’s computer to steal 100 million yuan (approximately $15 million) in cryptocurrencies. A task force was set up and months later identified a suspect named Zhou. The authorities started tracking Zhou’s movements and were able to pinpoint two accomplices, Cui and Zhang. Each of them had worked for high profile internet companies.The group was charged of reaving an estimated total of 600 million yuan or $87 million, but the actual amounts could be even higher. Their victims were mostly corporate and personal network systems.

Hack of the Week — May 20, 2020

Hot wallets are always a risk, even in 2020

Just a few weeks ago, in 2020, hackers targeted at least 10 high-value accounts from the $IOTA hot wallet, exploiting a vulnerability in the official IOTA wallet app called Trinity, again providing a great example as to why your crypto should be kept in a cold wallet wherever possible.

Hack of the Week — May 13, 2020

Guide to — How to steal 120,000 Bitcoin from an Exchange

In 2016, the then largest Bitcoin exchange operating in USD announced a security breach and the loss of just under 120,000 BTC, worth around $78 million at the time (and over $1 billion at the top of the market in late 2017!). If you had Bitcoin, you most likely had an account at Bitfinex. As a result of the hack communication, Bitcoin took a direct plunge of 20% in value. Bitfinex’ response to the heist was to spread the damage over all clients and their assets, averaging out each user’s loss to 36%. Moreover, Bitfinex gave each affected user Bitfinex (BFX) tokens that they could redeem through the exchange or trade for shares in the parent company iFinex. Customers were given 1 BFX for every 1 dollar lost. Bitfinex made it an important objective to compensate its customers, and within 8 months following the breach, all BFX tokens were either redeemed or trades for iFinex shares. The ongoing investigation eventually led to the arrest of two Israeli brothers in 2019 by the Israeli Police cyber unit. Apart from the Bitfinex hack, the duo was also charged with a multitude of elaborate phishing attacks, netting them an estimated $100 million in total.

Hack of the Week — May 6, 2020

When smart contracts fail to keep your crypto safe, repeatedly

As if the Ethereum ecosystem hadn’t suffered enough in 2016 with the DAO hack, the Parity hack in 2017 would add to its losses, and also happens to be an important part of NGRAVE’s genesis story. NGRAVE’s CTO Xavier Hendrickx was a developer at Swarm City at the time, a project that raised 76,000 Ether in 2016 in an ICO. One day, Xavier took a look at the smart contract balance holding the funds, and 44,000ETH were missing. Swarm City was one of the most impacted projects by the Parity hack, which totaled 150,000ETH. The attackers had been able to exploit a vulnerability in the coding of the multi-sig smart contract, developed by no one else than Gavin Wood, one of the co-founders of Ethereum. In a race against time, a white hat hacker group with which Xavier was acquainted, drained 377,105ETH from other Parity wallets, successfully protecting a multitude of projects from losing all their funds. Following the events, Xavier became CTO of SwarmCity in late 2017.

But the unfortunate story wasn’t over yet: within the same year, a Parity user under the pseudonym devops199 accidentally “killed” the entire Parity multi-sig library, freezing another monstrous 513,774.16ETH or $280 million in the act. Xavier happened to be in the Gitter chat (under his pseudonym n3xco) and witnessed first-hand devops199’s confirmation of the accidental freeze (screenshot below).

Screenshot of Gitter chat where devops199 confirms he has killed the Parity library. User n3xco — Xavier Hendrickx, now CTO of NGRAVE — was also in the Gitter chat at that moment and learned first-hand what had occurred.

We are live on Indiegogo!

On May 26, we officially launched our pre-orders on Indiegogo. Now is the perfect time to get your NGRAVE ZERO + GRAPHENE at a huge discount.

Find out more here.

And have a look at our campaign video!


Ruben Merre

Co-Founder & CEO of NGRAVE



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


We moved to our new blog! Find the latest articles at | The World’s Most Secure Cryptocurrency Hardware Wallet | #TheColdestWallet