Top Crypto Hacks 2020: DeFi, Exchanges and Individuals
In 2020, the world has changed. After the initial shock of the pandemic and the subsequent collapse of markets, people adjusted to the new isolating reality. One of the fundamental changes in everyday life was the mass transition to remote work.
Against this background, the number of cyber crimes has significantly increased. As the researchers predict, the number of attacks will continue to grow.
The cryptocurrency community and companies have long been targeted by hackers. According to analysts, Until October 2020, the blockchain industry has lost over $13.6 billion in attacks since 2012.
Unfortunately, the hacking of Bitcoin exchanges and wallets is far from new and in year 2020, amid the boom, DeFi projects have become a favorite target of hackers. Cipher Trace estimates that by November 2020, attackers had stolen almost $100 million from DeFi protocols.
We will tell you about the main hacks of 2020, because of which users lost millions of dollars, and some companies closed down altogether.
- The biggest hack of the year was the attack on the cryptocurrency exchange KuCoin.
- Most often in 2020, DeFi protocols suffered from intruders actions. They attacked several users using instant loans.
- Besides hacking protocols and platforms, cybercriminals actively traded user data.
KuCoin — one of the largest hacks in history (damage — $280 million)
The September 2020 attack on the cryptocurrency exchange KuCoin was one of the largest hacks in the crypto history industry.
Initially, the damage was estimated at $150 million, but later, analysts changed the estimate to $280 million. Hackers who hacked KuCoin laundered funds through mixers and the decentralized exchange Uniswap. By November, KuCoin returned most of the stolen funds to users and restored the deposit and withdrawal of coins.
Dforce Hack (damage — $25 million)
In April 2020, a hacker attacked the dForce DeFi protocol. At the time of the theft, the amount was almost $25 million. He took advantage of the vulnerability of the imbtc token which was an ERC-777 standard and a critical vulnerability in the smart contracts of the platform, Lendf.me responsible for updating user balances. Besides the damage caused to dForce, the hacker took out all the tokens from Lendf.me (291 imbtc or $2 million at the time of the attack).
However, the attacker made a fatal (for him) mistake — he inadvertently disclosed his identification data by accessing decentralized exchanges directly without using the distributed file system IPFS.
As a result, Singapore law enforcement officers caught a hacker, and he had to return all the stolen funds.
Harvest Finance: “engineering error” at a cost of almost $20 million (damage — $19.8 million)
In October 2020, an attacker stole $19.8 million from the Harvest Finance platform. It took him seven minutes to withdraw the funds. The hacker later returned $2.47 million. The developers promised to distribute them among users and set a reward of $1 million for help in returning funds.
Representatives of the project explained the hacker attack as an “engineering error.”
End of Pickle Finance (damage — $19.7 million)
Another DeFi project, Pickle Finance, suffered major damage because of the hacker attack. Hackers stole more than $19 million. The project’s token price collapsed and shortly after the hack, Pickle Finance announced a merger with yearn.Finance.
Read Complete Story:
Eminence: another project of Andre Cronje in the spotlight (damage — $15 million)
In September 2020, a hacker withdrew $15 million from the unfinished DeFi project Eminence. It was launched by Andre Cronje, a well-known developer in the decentralized finance sector. Subsequently, the attacker returned Cronje $8 million.
Serial attacks on BZX (damage — $11.6 million)
The BZX DeFi platform has been attacked by hackers several times in a year. In February 2020, the attackers withdrew 1,193 ETH. A few days later, BZX was hacked again, and they withdrew another 2388 ETH.
Another attack occurred in September 2020. The total amount of damage was more than $11.6 million.
Exmo Lost 6% of their funds (damage — $10.5 million)
At the end of December, hackers broke into the Exmo cryptocurrency exchange. Initially, it was about the loss of about 5% of total assets, but later the exchange clarified that it lost 6% of the funds. According to preliminary estimates, the damage amounted to $10.5 million.
Hacker hacked founder of Nexus Mutual Hugh Karp (damage — $8 million)
In addition to exchanges and DeFi projects, individuals also came to the attention of hackers. In December 2020, a hacker withdrew more than $8 million in NXM tokens from the personal wallet of Nexus Mutual founder Hugh Karp. Karp reached out via Twitter with an offer of a $300,000 reward for returning’s of his funds. The hacker said that he will not sell tokens until the crypto prices rise or until Karp transfers 4500 ETH to his address.
Read More Details of NXM hack:
“Black Thursday” for MakerDAO (damage — $8 million)
Against the background of the March 2020 crypto market collapse, attackers withdrew more than $8 million from the MakerDAO system
“Black Thursday” for DeFi: The investors filed a class action lawsuit against the Maker Foundation and several affiliated organizations. The Maker Foundation published a report on the incident, but MKR token holders refused to compensate the collateral holders in MakerDAO.
The attack on the Dollar stablon Origin (damages — $7 million)
On the night of November 17 2020, a hacker broke into the Origin Dollar stable coin network and withdrew funds worth more than $7 million. To launder and move funds, he used a Tornado Cash mixer and renbtc coins. By December, the Origin Protocol team had submitted a plan to compensate users.
Here’s our detailed compensation plan for $OUSD holders. We appreciate everyone’s patience as we worked to develop a detailed plan for providing compensation equal to 100% of the value deposited to OUSD at the time of the exploit.
- Origin Protocol (@OriginProtocol) December 12, 2020
Value DeFi hack (damage — $6 million)
Because of the attack on the multi stable coins storage, an unknown person withdrew $6 million in DAI and USDC stable coins from the Value DeFi project. He took advantage of an instant loan.
The developers offered the hacker to keep the coins worth $1 million and return the rest. The attacker ignored the offer, but partially compensated for the losses to users. For example, the hacker returned 50,000 DAI to a nurse who claimed that she had lost all her savings.
DeFi projects Akropolis, Cheese Bank and warp faced similar attacks this year. Finance Experts believe that hackers will continue to use instant loans to hack DeFi projects in the future.
Hacked Eterbase (damage — $5.3 million)
In early September 2020, hackers broke into the Slovak cryptocurrency exchange Eterbase. The platform announced the loss of user funds in Bitcoin, Ethereum, Tron, XRP, Tezos and Algorand in the amount of more than $5.3 million. Hackers transferred most of the crypto to Binance, Huobi and HitBTC.
Bitcoin wallets under threat — attack on Cashaa (damage — $3.1 million)
One of the Bitcoin wallets operator of the cryptocurrency exchange Cashaa was hacked in July 2020. The hacker withdrew 336 BTC. At the time of the hack, Estimated damage was worth $3.1 million, which by December 2020 is equivalent to more than $7.5 million.
In February 2020, the Altsbit cryptocurrency exchange was hacked. And although the stolen amount seems relatively small ($285,000), it forced the exchange to close.
In the summer, the DeFi projects Balancer, and Opyn were hacked. Hackers also attacked cryptocurrency platforms hosted by GoDaddy. They also stole 1,400 BTC from an investor using an old version of the Electrum wallet, and, according to media reports, hacked 2,000 accounts of the cryptocurrency-friendly Robinhood platform. Attackers actively traded user data
At the end of the year, the information of one million users of Ledger bitcoin wallets was publicly available.
Will cybercriminals attacks on the cryptocurrency industry in 2021 continue? Experts believe that yes. However, leading cryptocurrency projects do not wait for hacker attacks — they devote more and more time to their security systems, and experts issue reports and recommendations on methods of protection and counteractions.
In the future, companies that put the user funds security and user data as their top priority will take large crypto market share.
Originally published at https://thecryptobasic.com on January 11, 2021.