Cryptocurrency, the technology of the future already here, is designed to be transferred electronically and securely, with the blockchain recording all transactions, thus reducing the likelihood of fraud. However, this has not exactly been the case in practice.
Hacks of cryptocurrency exchanges have been a persistent thorn for investors and exchanges. Indeed, regardless of the measures exchanges employ to safeguard their assets, skilled attackers have still found a way to breach platform security walls. This post will present a list of crypto exchange hacks since 2012 and some measures for investors to safeguard their funds.
Can Cryptocurrency Exchanges Be Hacked?
Since the inception of the first cryptocurrency, criminals and organised hackers have targeted crypto exchanges and stolen large amounts of Bitcoin, Ethereum, and other valuable assets. Up to 50 crypto exchanges have suffered cyberattacks, the most recent being the FTX hack in November 2022.
What do we know about crypto hacks?
- Since the 2012s, up to 50 crypto exchange platforms have suffered crypto hacks, culminating in a total loss of more than AUD 4 billion worth of cryptos.
- Between 2020 and 2021, it’s reported that successful hacking attempts dropped significantly when many platforms undertook more stringent security measures and adopted business-distributed storage systems.
- Hot crypto wallets linked with private and public keys support transactions and serve as security measures, though the most updated breach was with the theft of the hot wallet’s private keys.
- Since the appearance of Bitcoin, it has been proved that there are no 100% secure exchange wallets (whether hot or cold), and cold wallet services might not be completely offline, as boasted by many platforms.
- Personal hardware wallets are still the safest way for investors to secure their digital assets from potential breaches.
- The most recent one at the time of writing is an authorised hack that drained about $600 million out of the FTX’s wallets.
List of Hacked Crypto Exchanges
Below is a list of all crypto exchange platforms that were hacked or subject to significant security breaches until December, 2022.
List of Hacked Crypto Exchanges
| No | Time | Crypto exchange | Hack cause | Token stolen at the hack time | Amount stolen (AUD) |
| 1 | January, 2022 | Crypto.com | N/A | USD 35M | 47.25M |
| 2 | November, 2022 | FTX | Unauthorised access | USD 600M | 780M |
| 3 | April, 2021 | Hotbit | Hot wallet breach | 0 | 0 |
| 4 | August, 2021 | PolyNetwork | Code vulnerability exploit | $600 Million Worth of Cryptocurrency - Returned Half of It | 780M |
| 5 | August, 2021 | Liquid | Hot wallet breach | 107 BTC + 9,000,000 TRX 11,000,000 XRP Almost $60 Million Worth of Ether + ERC-20 Tokens | 145M |
| 6 | December, 2021 | BitMart | Hot wallet breach | USD 200M | 225M |
| 7 | December, 2021 | AscendEX | Hot wallet breach | USD 77.7M | 120M |
| 8 | February, 2020 | Altsbit | Hot wallet breach | 6,929 BTC 23,210 ETH 3,924,082 ARRR 414,154 VRSC 1,066 KMD | 105K |
| 9 | April, 2020 | Lendf.me | Bugs | $25 Million Worth Cryptocurrency | 36M |
| 10 | April, 2020 | Uniswap | Bugs | USD 8M | 1.1M |
| 11 | June, 2020 | Balancer | Protocol loopholes | USD 500,000 exploited | 745K |
| 12 | July, 2020 | Cashaa | Malware | 336 BTC | 4.7M |
| 13 | September, 2020 | KuCoin | Data leak | $280 Million Worth Cryptocurrency | 410M |
| 14 | December, 2020 | BTC Markets | Staff mistake | Nearly 1000-customer data | N/A |
| 15 | December, 2020 | Yapizon | Hot wallet breach | 3,800 BTC | 7.9M |
| 16 | December, 2020 | EXMO | Hot wallet breach | 306.99 BTC | 7.5M |
| 17 | December, 2020 | Livecoin | Servers breach | Lost Control of Servers | N/A |
| 18 | January, 2019 | LocalBitcoins | Phishing | 17 BTC | 11.8K |
| 19 | January, 2019 | Cryptopia | N/A | 19,390 ETH + 1,657 ETH $45,000 worth of XSN | 23.8M |
| 20 | February, 2019 | Coinmama | Data leak | 450,000 User Emails & Passwords | N/A |
| 21 | March, 2019 | DragonEX | N/A | $7 Million Worth of Cryptocurrency | 10M |
| 22 | March, 2019 | Coinbene | Trusted insider | Over USD 100 million | 134M |
| 23 | March, 2019 | Bithumb | N/A | $7 Million Worth BTC and ETH $31 Mil + 20 Mil XRP $3 Mil EOS | 43.5M |
| 24 | May, 2019 | Binance | Hot wallet breach | 7,000 BTC | 60M |
| 25 | June, 2019 | Gatehub | N/A | 23,200,000 XRP | 14.2M |
| 26 | June, 2019 | Bitrue | Servers breach | 9.3 Million XRP 2.5 Million ADA | 6.7M |
| 27 | July, 2019 | Bitpoint | Servers breach | 1,225 BTC 11,169 ETH 5,108 LTC 1,985 BCH Over 28 Million XRP | 48M |
| 28 | November, 2019 | Vindax | N/A | Cryptocurrency Worth USD 500,000 | 745K |
| 29 | November, 2019 | Upbit | Hot wallet breach | 342,000 ETH | 73M |
| 30 | January, 2018 | CoinCheck | N/A | 523,000,000 NEM | 834M |
| 31 | February, 2018 | Bitgrail | Trusted insider | 17,000,000 NANO | 218M |
| 32 | April, 2018 | CoinSecure | Trusted insider | 438 BTC | 5.2M |
| 33 | June, 2018 | Coinrail | N/A | 1,927 ETH 2.6 Billion NPXS 93 Million ATX 831 Million DENT Coins& Large Amounts of 6 Other Tokens | 60M |
| 34 | September, 2018 | Zaif | Hot wallet breach | 5,966 BTC | 89.4M |
| 35 | October, 2018 | Maplechange | Trusted insider | 913 BTC | 76K |
| 36 | December, 2017 | EtherDelta | Server DNS breach | USD 1.4M | 2.1M |
| 37 | April, 2016 | Shapeshift | Trusted insider | 469 BTC 5,800 ETH 1,900 LTC | 342.5K |
| 38 | May, 2016 | Gatecoin | Hot wallet breach | 250 BTC 185,000 ETH | 3.2M |
| 39 | August, 2016 | Bitfinex | N/A | 120,000 BTC | 927.7M |
| 40 | August, 2016 | BTER | Trusted insider | 7,170 BTC | 2.6M |
| 41 | December, 2015 | Bitstamp | Malware | 19,000 BTC | 7.5M |
| 42 | February, 2014 | Mt. Gox | Many methods | 25,000 + 2,600 + 850,000 BTC | 685M |
| 43 | March, 2014 | Poloniex | Hot wallet breach | 3,000 BTC | 74.5K |
| 44 | July, 2014 | Mintpal | Hot wallet breach | 8 Mil VRC + 3,700 BTC | 3M |
| 45 | November, 2013 | Bitcash | Servers breach | 484 BTC | 149K |
| 46 | March, 2012 | Bitcoinica | Servers breach | 43,000 + 18,457 BTC | 130K |
| 47 | September, 2012 | Bitfloor | Servers breach | 24,000 BTC | 372K |
| 48 | October, 2011 | Bitcoin7 | N/A | 5,000 BTC |
Cryptocurrency Exchange Hacks
Since they entered the market, the following cryptocurrency exchanges have been compromised by cyber security attacks with the loss of customer funds or a data privacy violation. This list comprises centralised, decentralised, wallet, and leverage trading systems.
2022 Exchange Hacks
FTX – November 12, 2022
The now-collapsed crypto exchange FTX suffered an AUD 900 million hack when the hacker gained access to all the cold wallet storages. According to the blockchain security auditing firm Hacken, one entity suspected to be an internal staff syphoned roughly AUD 600 million from the exchange. John Ray, the current CEO of FTX, admitted that the platform had been compromised.
🚨 FTX (@FTX_Official) hot wallets across different networks demonstrated suspicious activity a couple of hours ago
Possible amount of stolen funds can be near $400M
Here are some details
🧶…
— Hacken🇺🇦 (@hackenclub) November 12, 2022
Crypto.com – January 17, 2022
Crypto.com, one of the world’s leading crypto exchanges, was hacked in 2022, with around 483 client accounts compromised on January 17. CEO Kriz Marszalek said that the security compromise forced the exchange to shut down certain services for 13 to 14 hours. The specific cause of the breach has yet to be determined. The exchange platform had 4,836,26 ETH, 443,93 BTC, and around AUD 98.6K in other currencies stolen.
2021 Exchange Hacks
Hotbit – April 29, 2020
A bitcoin exchange with over 2 million users globally witnessed a “major cyber attack.” On April 29, 2020, several essential services were inoperable, and the attacker attempted to access the exchange’s wallets. As a result, the platform has been shut down, stating that it needs a complete inspection.
PolyNetwork – August, 2021
A group of hackers attacked PolyNetwork in what could have been the largest cryptocurrency robbery of all time, topping even Mt. Gox. The hacker exploited a critical flaw in Poly Networks’s programming to transfer all the funds to his accounts.
The hacker took over $600 million in cryptocurrencies, then initiated communication with Poly Network and pledged to repay the stolen funds. The corporation begged the hacker to release all the cash, and while he did, the last $200 million payment of funds remained frozen and required the hacker’s secret key. Recent reports indicate that the private keys were also shared, leading to the full recovery of the stolen funds.
Liquid – August 19, 2021
Japanese crypto exchange Liquid suffered a theft of around $97 million worth of digital assets in August, 2021. Some of the company’s digital currency wallets had been “compromised,” and the assets were being transferred to four different wallets.
Important Notice:
We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet.We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended.
— Liquid Global Official (@Liquid_Global) August 19, 2021
Elliptic, a blockchain analytics company, revealed that the hackers stole approximately $97 million in bitcoins. $45 million in tokens were being transferred to ethereum through decentralised exchanges such as Uniswap and SushiSwap. These blockchain-based platforms require no intermediaries.
BitMart – December 5, 2021
BitMart was also a centralised exchange that lost $196 million worth of bitcoins in a hack. PeckShield estimated the damages to be $100 million in different cryptocurrencies on the Ethereum blockchain and $96 million on Binance Smart Chain.
The hacker has been methodically using a decentralised exchange (DEX). aggregator 1inch to trade stolen assets for ether (ETH) and a secondary address to deposit the ETH into privacy mixer Tornado Cash, making it more difficult to trace the stolen cash.
AscendEX – December 11, 2021
AscendEx, formerly known as BitMax, lost approximately $77.7 million in a cyberattack. The firm discovered the breach on December 11, 2021, after a series of unwanted transfers from one of its hot wallets were reported. However, the cold wallets were unharmed, and all other hot wallet assets were moved while the hack was being investigated.
AscendEX committed to reimbursing consumers whose assets were compromised. In a series of tweets issued in December 2021 after the attack, the corporation stated that it had a duty to treat clients fairly. Any affected consumers would get a full refund of their losses. AscendEX was always loyal to users, especially in the crypto business, where community was the driving force behind innovation.
2020 Exchange Hacks
Altsbit – February 5, 2020
On February 5, 2020, the very modest Italian cryptocurrency platform Altsbit was hacked. The exchange kept approximately AUD 105K in Bitcoin and Ether in hot wallets. At the time, many of the exchange’s assets were housed in cold wallets. This was contrary to established practices in the sector because most funds should be maintained in separate storage.
Altsbit partially refunded its clients prior to ceasing operations in May. As of press time, Altsbit’s 24-hour trading volume was $14.8 million, with ARRR/BTC accounting for 98% of its trading activity (ARRR is the native token of the Pirate Chain).
Lendf.me – 19 April, 2020
Lendf.Me was a famous Ethereum-based decentralised lending network. The instant borrowing and withdrawal capabilities of the exchange were hit with the funds of $24.5 million stolen. OpenZeppelin, a business that does security assessments for cryptocurrency platforms, revealed a vulnerability on GitHub in July 2019. The hackers initially used the exploit against Uniswap, and then used it again the next day against Lendf.me, draining around 99.5% of the platform’s funds. The stolen funds were moved promptly to other accounts.
Balancer – June 29, 2020
The Balancer automated market maker protocol was compromised in a single Ether transaction. The hacker carried out a complicated blockchain transaction to assault balancer pools and stole at least $425,000 worth of tokens. 455 WETH (worth $100k) and 2.4M STA (worth $100k) were changed to 109 WETH (worth $25k), 11.36 WBTC (worth $100k), 60.9K SNX (worth $100k), and 22.6K LINK (worth $100k).
Cashaa – July 11, 2020
More than 336 Bitcoins were stolen from the wallet of exchange Cashaa by hackers. To investigate the incident, Cashaa immediately halted all platform activity. This incident was also reported to other exchanges.
According to the firm, malicious software was installed on the computer used for exchange transactions. As soon as a Cashaa employee attempted to log in, this malware alerted the hacker, who was then able to transfer Bitcoin from the Cashaa hot wallet to his own wallet. Using only two transactions, he stole 336 BTC from the exchange wallets.
Cyber Crime department in Delhi is informed. Also, all the crypto exchanges have been notified about the hacker address (14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek) to block the #Bitcoin transaction. pic.twitter.com/Fe6ZlxtrQF
— Cashaa (@yourCashaa) July 11, 2020
KuCoin – September 25, 2020
On September 25, 2020, KuCoin, a famous cryptocurrency exchange, was hacked. The exchange lost AUD 410M in digital assets in the incident. A leak of KuCoin’s hot wallet private keys caused the breach. Fortunately, all of Kucoin’s clients’ stolen funds were covered by insurance. According to estimates, AUD 410M in crypto assets stolen during the breach were recovered, and suspects were reported to the police.
BTC Markets – December 1, 2020
One of Australia’s largest cryptocurrency exchanges, BTC Markets, inadvertently exposed customers’ personal information. According to Business Insider Australia, the exchange disclosed the names and email addresses of more than 270,000 consumers when it issued bulk mailings.
Instead of manually addressing each recipient or using blind carbon copy, the error saw names and addresses in the “to” section. While no passwords or bank information were compromised, the email addresses of those whose cryptocurrency accounts were compromised can be exploited for targeted phishing attempts.
Yapizon – December 19, 2020
Youbit (previously Yapizon) was a very modest cryptocurrency exchange in South Korea that was hacked for 3,816 BTC on April 22, 2019, or 37% of holdings. It spread the loss across all exchange clients to help the impacted individuals. After this, the exchange was renamed YouBit. In December, 2020, the exchange lost 17% of its assets after a cyberattack. Youbit went bankrupt and is no longer available.
EXMO – December 21, 2020
The crypto exchange EXMO said that around $4 million in stolen bitcoin on December 21 originated from Poloniex.
The U.K.-based platform estimates that 6% of its cryptocurrency was lost due to the attack, with an estimated $4 million withdrawn via Poloniex. The total amount of money lost due to the breach was not immediately known.
Due to criminals withdrawing cash through Poloniex, the exchange stated that EXMO could not retrieve the assets.
Livecoin – December 23, 2020
The crypto exchange Livecoin said on December 23, 2020, that it had fallen victim to a carefully-planned attack” and lost control of parts of its servers, advising consumers to cease using its services. According to reports, the hackers took 106 BTC, 380 ETH, 236 BCH, 567,012 XRP, 66,8 million DOGE, and an undetermined number of USDT and ERC-20 tokens. The Ethereum-related assets were changed to DAI on the decentralised market Uniswap, and a portion of the remainder was transferred to KuCoin.
2019 Exchange Hacks
Cryptopia – January 2019 & February 2021
Initially, the firm believed that a technical glitch caused this, but subsequently acknowledged that a security compromise had occurred.
Cryptopia lost around 19,390 ETH due to the breach, although the corporation did not provide details regarding its losses.
Worse still, in less than a month after the initial theft, the bitcoin exchange was hacked a second time, and 1,675 ETH were taken.
After the massive loss sustained in 2019, the stolen hot wallet went under the supervision of the company’s liquidators. Then, in February 2021, its hot wallet was hacked again, losing over $45,000 worth of XSN.
LocalBitcoins – January 26, 2019
On January 26, 2019, an unauthorised source accessed and sent transactions from several affected accounts on LocalBitcoins. Hackers accessed at least six user accounts and stole over 7.9 BTC, worth around AUD 11.8K.
The company added that it had identified the issue and determined that it was caused by third-party software-powered functionality. According to online reports, the problem appears to have been associated with LocalBitcoins’ forum.
Coinmama – February 15, 2019
On February 15, 2019, Coinmama, one of the top crypto brokerages worldwide with 1.3 million active members, suffered a security breach. The official exchange statement claimed that 450,000 email addresses and passwords were compromised in a global cyber assault encompassing 24 websites and over 747 million data.
DragonEX – March 24, 2019
DragonEx, a crypto exchange in Singapore, has been hacked for an unknown quantity of cryptocurrency. The platform said on its official Telegram channel that it had experienced a cyberattack on March 24 that “transferred and stole” bitcoin from its users.
The value of the losses has not yet been supplied with any information. However, DragonEx’s Telegram group administrator gave the wallet addresses for 20 cryptos to which the stolen funds were reportedly sent. The hackers’ transfer of stolen crypto funds to the Huobi and gate.io exchanges has been halted.
Coinbene – March 25, 2019
On March 25, 2019, there were outgoing transactions from the hot wallet of CoinBene to an unknown wallet. Several rumours circulated that a hacker had compromised the bitcoin exchange. Users on the platform noticed problems with pending deposits, which generally shows the exchange has been hacked.
Reportedly, the platform lost approximately AUD 60M worth of ERC-20 tokens. However, it denied involvement with the attack and didn’t provide any official response to queries about the causes of the compromise.
Bithumb – March 29, 2019, June 18, 2018, & July 5, 2017
The Korean crypto exchange is a repeat offender on our list, having been implicated in three distinct hacking incidents over three years. The first Bithumb theft occurred in July 2017 when hackers stole AUD 10.5M in Bitcoin and Ethereum.
Then, Bithumb suffered a $30 million hacking attempt on June 20, 2018, and in March 2019, Bithumb was reported to lose an additional 20.2 million XRP. The XRP, worth $6.2 million at current rates, was transferred from Bithumb’s wallet via transactions visible on XRPSCAN.
Binance – May 7, 2019
In May of 2019, hackers stole over $40 million worth of bitcoin from one of the world’s largest cryptocurrency exchanges, Binance. According to Binance, the hackers stole over 7,000 bitcoin and used various attacks to perpetrate the large-scale security breach.
The malicious actors had access to user API keys, two-factor authentication codes, and potentially additional information. Consequently, they could withdraw approximately $40 million in bitcoin from the exchange.
Gatehub – June 6, 2019
In June of 2019, hackers gained access to 18,473 encrypted user accounts on GateHub. Email addresses, hashed passwords, and encrypted XRP ledger wallet secret keys were targeted by hackers. The breach resulted in the loss of over AUD 14.2M. At that time, GateHub warned customers of fraudulent emails instructing them to transfer funds to a hosted wallet created by GateHub.
Bitrue – June 27, 2019
The hot wallet of the Singapore-based crypto exchange Bitrue was compromised on June 26, 2019, leading to a loss of 9.3 million XRP and 2.5 million Cardano (ADA). The platform claims that a single hacker exploited a hole in our Risk Control team’s second review to access the personal assets of about 90 Bitrue members and then used this knowledge to access the exchange’s hot wallet and steal the cryptocurrency.
Bitpoint – July 11, 2019
Bitpoint is also a cryptocurrency exchange to suffer a cyberattack aimed at its assets; the exchange platform reported that around 3.5 billion yen ($32 million) in money were taken, of which 2.5 billion yen were client funds. The compromised hot wallet held five cryptocurrencies, such as bitcoin, bitcoin cash, and ripple.
Vindax – November 5, 2019
On November 5, 2019, the Vietnam-based cryptocurrency exchange VinDAX was hacked, resulting in the loss of around $500,000 in 23 different cryptocurrencies. The VinDAX incident is the latest in a string of crypto exchange hacks and data breaches in the year 2019 and is part of a wider and rising pattern of digital currency thefts that have occurred since the introduction of Bitcoin in 2008.
Upbit – November 26, 2019
Upbit is another Korean crypto exchange that suffered a cyber security attack, losing $49 million on November 26, 2019 at 9:00 UTC. In a few minutes, an abnormal transaction resulted in the loss of 342,000 ether. The exchange stated that the loss did not originate from user funds and has suspended all operations for a minimum of two weeks.
2018 Exchange Hacks
Coincheck – January 27, 2018
The Tokyo-based cryptocurrency exchange Coincheck lost around $534 million worth of NEM coins, after its network was hacked on January 25, 2018. The attackers stayed unnoticed for eight hours, allowing them to take 523 million tokens stored in a hot wallet. Although the actual worth of the stolen coins is unknown owing to the volatile nature of cryptocurrencies, Coincheck may have already lost at least $400 million.
Bitgrail – February 10, 2018
On February 11, 2018, Bitgrail, an Italian trading platform, was targeted. Bitgrail is not a famous platform, but it was one of the most significant exchanges in Italy that dealt in lesser-known cryptocurrencies, such as the Nano token and XRB.
In February 2018, just as the price of NANO rose from a few cents to $33, an exchange was compromised and the coin was stolen. Approximately 17 million coins (equivalent to approximately $150 million) were stolen from nano wallets, according to the report.
CoinSecure – April 13, 2018
The Indian Bitcoin exchange Coinsecure disclosed in a security notice that it has suffered a setback after 438 BTC, worth over $3 million at the current Bitcoin price, were stolen from its offline Bitcoin wallets.
The company maintains that it has never been hacked or compromised, and the incident occurred when its CSO Dr. Amitabh Saxena was extracting Bitcoin Gold (BTG) for customer distribution. Saxena, on the other hand, claims that funds were lost during the private key extraction process.
Coinrail – June 10, 2018
Korea may be a hotspot for cryptocurrency investment, but Coinrail is one of its smaller exchanges, ranking just inside the world’s top 90 by trading volume. Nonetheless, even smaller exchanges have a substantial amount of coins, as evidenced by the size of the theft in June, 2018.
Specifically, the hackers stole NPXS tokens worth $19.5 million that were issued by the ICO of the payment project Pundi X. In addition, they raised an additional $13.8 million from Aston X, an ICO project developing a platform for decentralised documents, $5.8 million in tokens for Dent, an ICO for mobile data, and over $1.1 million from Tron, a highly publicised Chinese project.
해킹공격시도로 인한 시스템 점검중입니다. 일부코인(펀디엑스,NPXS)이 확인되었으며 추가적인 코인피해가 있는지 여부를 확인중입니다. 추후 자세한 사항은 재공지하겠습니다 / There has been an cyber intrusion in our system. We’re confirming it and some coins(Pundi X, NPXS) are confirmed.
— coinrail (@Coinrail_Korea) June 10, 2018
Zaif – September 14, 2018
Another cryptocurrency exchange in Japan was hacked, resulting in the loss of 6.7 billion yen ($60 million worth of cryptocurrencies), including 5,966 bitcoins.
Tech Bureau operates the licensed exchange, which is known as Zaif. At around 17:00 Japan Standard Time on September 14, Zaif detected an unexpected outflow of money from the platform; therefore, the business seized asset deposit and withdrawal services.
Tech Bureau stated that subsequent investigation revealed that hackers with illegal access to the exchange’s hot wallets had stolen around $60 million worth of bitcoin, bitcoin cash, and Monero. However, the actual quantity of stolen bitcoin currency remains unknown.
MapleChange – October 28, 2018
MapleChange, a small Canadian cryptocurrency exchange, was reportedly compromised, with the loss of all stored assets. The breach occurred just days after the exchange reached its highest daily trading volume ever on October 22, 2018, surpassing 9.8 BTC.
Shortly after the attack, the MapleChange team rushed to Twitter to make an official notification regarding the hack, indicating that refunds would be unavailable until their investigations were complete.
Very all MapleChange public accounts were stopped or removed almost quickly after the attack and its announcement on Twitter, including its Twitter, Discord, and Bitcointalk service notifications.
2017 Exchange Hacks
EtherDelta – December 20, 2017
On December 20, 2017, the popular cryptocurrency exchange EtherDelta was hacked in a dramatic manner, with many customers transferring their tokens to the hacker instead of the exchange. At least 308 ETH ($266,789) and a substantial quantity of tokens, possibly worth hundreds of thousands of dollars, were taken.
EtherDelta verified the incident on Twitter and warned users to refrain from using the website. At the time of writing, the warning has not been withdrawn, therefore EtherDelta is still dangerous to use.
Dear users, we have reason to believe that there had been malicious attacks that temporarily gained access to @etherdelta https://t.co/NnqU5Er4rj DNS server. We are investigating this issue right now – in the meantime please DONOT use the current site.
— EtherDelta (@etherdelta) December 20, 2017
2016 Exchange Hacks
Shapeshift – March 14, 2016
According to the report, the first hack to Shapeshift occurred on March 14 and resulted in the loss of 315 BTC. It was quickly determined that a ShapeShift employee was responsible for the mishap and was then fired. Then, work began on migrating the service to safer hardware.
Nevertheless, according to ShapeShift’s research, thefts persisted. On April 7th, 97 Bitcoin, 3,600 Ethereum, and 1,900 Litecoin were stolen. Two days later, when the platform was offline, and security measures were implemented, a further 57 BTC and 2,200 ETH were stolen.
Gatecoin – May 9, 2016
According to reports, a hack on Gatecoin’s hot wallets resulted in the loss of funds. A recent update from the exchange team revealed that as much as $2 million was stolen, confirming allegations that arose after the attack was discovered.
Gatecoin asserts that it lost up to 185,000 ethers and 250 bitcoins, a sum worth around $2.14 million at press time. The exchange additionally stated that it believes the attack began on May 9 and persisted for three days.
Bitfinex – August 2, 2016
Founded in 2012 and ranked #5 in trading volume, liquidity, and traffic, Bitfinex offers bitcoin traders charting tools. Bitfinex has had a few issues, including an unlawful transfer of 120,000 Bitcoins on August 2, 2016. Coindesk stated that Bitcoin was worth AUD 927.7M at the moment. The stolen money hasn’t been paid out or recovered. Bitfinex is offering incentives to find hackers. Bitfinex will award 5% of the total property recovered (or equal funds or assets at the current market prices).
BTER – August 15, 2016
BTER, a Chinese Bitcoin exchange, claims to have been hacked, with more than £1.1 million ($1.75 million) of the digital currency stolen. It then offered a prize of 720 bitcoins, or around £112,000 ($168,000), to anyone who could chase it back.
According to BTER.com, the breach originated with a cold wallet. It indicates that the funds cannot be moved outside the account. Cold wallets are an additional security mechanism to prevent hackers from accessing “hot” wallets.
Someone hacked Bter’s NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated.
— Bter.com Exchange (@btercom) August 15, 2014
2015 Exchange Hacks
Bitstamp – December 11, 2015
Bitstamp, one of the largest digital bitcoin currency exchanges, suffered a security breach that resulted in the loss of approximately 19,000 bitcoins worth approximately $5 million. Since then, the firm has provided few details about what transpired behind the scenes, citing the investigation into the missing funds as confidential.
Those behind the attack on Bitstamp used Skype and email to communicate with employees and attempt to distribute malware-infected files by appealing to their personal histories and interests. Bitstamp’s system was compromised when systems administrator Luka Kodric downloaded a file he believed was sent by a representative of an organisation seeking his membership.
2014 Exchange Hacks
Mt. Gox – February 2014
Mt. Gox was a major participant in the cryptocurrency industry, conducting a staggering 70% of all bitcoin transactions globally at its height in 2013. Mt. Gox was victimised by the greatest bitcoin theft to date. Hackers accessed and stole 740,000 bitcoin from Mt. Gox clients and 100,000 bitcoin from the firm, which at the time was worth around $460 million.
The AUD 685MM breach was among the largest in history and led to the Bitcoin price collapse. The business immediately froze deposits and withdrawals and filed for bankruptcy in Japan. Mt. Gox damaged the industry’s reputation, and it took years to rebuild public trust in centralised exchanges. The incident swiftly spun out of control, and by the end of February 2014, the firm had declared bankruptcy.
Poloniex – March 4, 2014
In 2014, the prominent trading site Poloniex lost around 12.3% of its entire Bitcoin holdings due to an assault. According to reports, a hacker exploited a flaw in the exchange’s programming to access the private keys. As the hackers successfully transferred 76 Bitcoins worth AUd 74.5K at the moment from the exchange, trading was suspended. The cryptocurrency exchange claims that all clients who suffered a financial loss have been reimbursed.
Mintpal – July 13, 2014
The hot wallet of the digital currency trading site MintPal was compromised, resulting in the loss of millions of vericoins
The 13th of July assault targeted a weakness in the withdrawal system of the website. The hacker was able to bypass internal restrictions and approve a withdrawal request for the vericoin wallet’s contents.
Notably, those behind the hack also targeted the site’s bitcoin and litecoin wallets. However, customer balances were not impacted due to MintPal’s current cold storage protocols for these wallets.
2013 Exchange Hacks
Bitcash – November 11, 2013
An older exchange breach from 2013 impacted Bitcash.cz in the Czech Republic.
After a server breach, Bitcash, an exchange located in the Czech Republic, lost Bitcoin. The attackers acquired access to emails and conducted a phishing scam, posing as Bitcash in order to get client information, which they exploited to steal money.
Nearly 4,000 user accounts with an estimated total value of 2 million Czech koruna, or roughly AUD 149K at the time, were compromised.
2012 Exchange Hacks
Bitcoinica – March 1, 2012
Over the years, Bitcoinica’s demise has been linked to several causes, but it all began in March 2012 when unknown persons hacked Linode, a web hosting service provider. This action resulted in the theft of 43,000 BTC from Bitcoinica.
A hacker used a compromised email account to steal roughly 18,457 BTC from the company’s hot wallet.
The second hack negatively affected the website’s trust and liquidity, ultimately leading to its dissolution. Prior to ceasing operations, Bitcoinica initiated a claims process to reimburse those investors who suffered financial losses as a result of the assault.
Bitfloor – September 12, 2012
The year 2012 was not a good one for many Bitcoin exchanges and services. Bitfloor was the fourth-largest cryptocurrency exchange on the US market when it was hacked.
In September 2012, hackers gained access to Bitfloor’s encrypted servers and subsequently a backup of wallet keys. Bitfloor assigned private keys for transactions, but the firm also possessed an unencrypted backup of these keys, which the hackers used to obtain 24,000 BTC. From that point on, the hackers syphoned out all of the hacked accounts’ cash, which totaled approximately $250,000 at the time.
Cyberattacks against Cryptocurrency Exchange Centres
Cryptocurrency exchange platforms are susceptible to several hacks.
Phishing
No company, regardless of the security measures already in place, can completely prevent phishing assaults.
Phishing is a sort of social engineering that uses psychological manipulation to compel an unsuspecting user to breach security standards. As with other businesses, cryptocurrency exchanges are prone to phishing attempts of many types.
In 2020, the United States Department of Justice charged two Russian hackers with stealing $16.8 million using bitcoin phishing websites; the operation began in 2017 and continued through 2020. The suspects operated bogus websites that allowed them to steal digital currencies from hundreds of individuals enrolled on the Poloniex, Binance, and Gemini platforms. Unsolicited phone calls, SMS messages, and the internet are utilised in social engineering attempts against bitcoin exchange consumers.
Weak security Measures
Crypto exchange companies are not cybersecurity specialists. Therefore, they do not employ the most recent defence technologies to safeguard their digital assets. Many outsource their cybersecurity activities to a third-party supplier, making them susceptible to attacks if the third-party service is compromised. Some crypto exchange companies safeguard the hot wallets of their members using a single private key, which is a security flaw for cryptocurrency hot wallets. If an attacker successfully breaches the system, he will have access to all wallets kept by users.
Utilising weak access controls
Any IT system’s security is not based solely on technological protections. For example, installing a security authentication system that permits employees to utilise weak passwords creates a concern. It can provide criminal attackers with the opportunity to steal stored digital assets.
Software’s security vulnerabilities
A bitcoin trading platform is a software system, and it is nearly difficult to create an IT system that is 100% safe. Threat actors attempt to exploit vulnerabilities in crypto exchange platforms to steal funds and conduct unlawful transactions.
Another approach used by hackers to steal money from bitcoin exchange customers is the distribution of bogus Android and iOS trading and cryptocurrency applications.
How to secure crypto wallets from cybercriminals?
Keeping your crypto wallet safe is not the cryptocurrency exchangers’ task. Investors must follow proper security procedures to protect their digital assets. The nature of blockchain technology that does not have a centralised authority to oversee transactions has put more duties on users to save their digital money.
In technical terms, crypto wallets hold your digital assets, and the user’s private key authorises online transactions. If cybercriminals succeed in compromising the key, they can –in addition to stealing your money- impersonate user identity to conduct other types of online frauds.
The following suggests best practice security precautions to secure online investor wallets.
- Protect your computer to safeguard your crypt transactions: A strong antivirus and antimalware should be installed on an investor’s computer. A personal firewall is also good; most premium antivirus packages include a firewall. Nevertheless, you can install a free firewall such as the Comodo firewall. Numerous varieties of malware may capture user keystrokes, allowing them to steal cryptographic private keys.
- Keep everything up to date: Keep everything up-to-date: The operating system, apps, and security solutions (Firewall, antivirus, antimalware) of all users must be kept up to date to prevent a vulnerability that might lead to a security breach.
- Encrypt sensitive data: Ensure you employ encryption to safeguard your digital assets. This stops fraudsters from accessing your data even if they get access to your system.
- Use a strong password: Use a strong password to safeguard your wallet and other online accounts. A user can use a password manager, such as KeePass Password Safe, to generate complicated passwords and store them safely in an encrypted vault to facilitate the usage of strong and complex passwords.
- Set a strong password for your mobile system: If you are using your online wallet from mobile devices such as a laptop, tablet, or smartphone, be careful to safeguard them with a strong password.
- Utilise Two-Factor Authentication: Activate Two-Factor Authentication if you use an online wallet so that even if an enemy obtains your crypto account details, he cannot access your wallet.
- Use offline digital wallet storage: This protects your wallet from internet threats. For example, you can store your offline wallet on a separate USB stick. Hardware wallets, such as those offered by Ledger or Bitlox, provide a high level of security since they allow users to separate their private keys from their vulnerable devices, such as computers or smartphones.
- Disable automatic logins on your device: Having your computer remember your login information is a helpful way to avoid entering passwords whenever you wish to access a protected resource. Be cautious about disabling these functions so that no one can access your online wallet if your computer gets into the wrong hands.
- Use a VPN service: Use a VPN service from a reputable provider before accessing online wallets or doing cryptocurrency transactions.
- Avoid phishing websites: When connecting to the website of your cryptocurrency exchange provider, ensure that you are inputting the correct URL. Cybercriminals imitate legal crypto exchange websites to deceive unwary customers into divulging their passwords and stealing their cryptocurrency accounts.
- Use multiple wallets: Never put all your eggs in one basket! You should utilise numerous wallets if you have everyday transactions and a substantial amount of cash in your wallet. Put a modest amount of money in a hot wallet and use it for daily transactions while storing most of your funds in one or more cold wallets. It is advisable to safeguard each wallet with a strong password.
The security measures above help secure cryptocurrency accounts and the end-user devices that use them. However, before registering for a specific cryptocurrency exchange account, the investor must ensure that the crypto provider follows the highest security standards for protecting users’ funds and personal data. Here are some considerations for your possible cryptocurrency exchanger service.
- What is its insurance coverage if a successful hacking attempt or data breach leads to the theft of client funds or other sensitive data?
- Choose a blockchain-powered bitcoin exchange provider. As a result, they maintain transaction data.
- What security measures have the crypto exchange provider implemented to prevent and mitigate cyberattacks?
- Can the crypto exchange’s workers access sensitive client information, such as personal data? Always choose a service that can conceal important client information from its staff.
- It is a plus if the service already adheres to recognised security standards, such as ISO 27002:2013.
- Does the crypto exchange comply with data protection requirements, such as the GDPR and PCI Data Security Standard?
- Examine the service provider’s website and read feedback from former consumers. Verify that real individuals are behind this provider.
- Consider thoroughly reviewing the provider’s privacy policies and terms of service before utilising its services.
- Lastly, ensure that the exchange platform is registered in its nation of residence.
Frequently Asked Questions
How Many Crypto Exchanges Were Hacked?
According to our investigation, up to 50 exchanges have been hacked, resulting in the loss of user funds or personal information. Though it was reported that the number of compromised exchanges dropped by 60% between 2020 and 2021, several exchanges were compromised on many occasions.
Can Binance Be Hacked Again?
Since the Binance Exchange hack on May 7, 2019, no more security breaches or events have been reported. The world’s largest platform by trading volume has an insurance fund to pay clients in the event of a future security breach. However, there are no assurances, and you should never put their entire balance on Binance.
Is it possible for Coinbase to be hacked?
Coinbase is one of the most well-known crypto trading platforms. However, like with other platforms, there are risks involved. In 2021, at least 6,000 Coinbase users had funds stolen from their accounts, according to the platform’s disclosure to clients.
What’s the Latest Crypto Exchange Hack?
The latest crypto exchange to be hacked is FTX, with a loss of about $400 million.
Conclusion
Cryptocurrencies are reasonably secure, but be sure the exchange you use is not on our list! Crypto exchange platforms are always vulnerable to assault, particularly when they do a great deal of commerce. Hence, they need to take security seriously and implement various preventative steps to avoid security breaches.
Any respectable bitcoin exchange should disclose its security measures. If they do not and cannot adequately justify their reasons for withholding the information, this is a red flag that you would be wise to heed.
Hackers will continue to target cryptocurrency exchanges as long as it is profitable. Though a reputable crypto exchange would have many security measures, customers must also conduct their research. Perform due research before joining any crypto exchange to avoid being a victim.
