Security
The Biggest Crypto Hacks Of All Time
Hacking crypto and running away with the bounty is enormously lucrative. That’s why a large number of crypto exchanges have been targeted by cyber criminals. Below is compiled list of the biggest crypto hacks of all times, keep in mind that what listed in this list are the reported hacks as some security breaches were not reported to the public. Update: I added the recent BitPoint hack.
July 12, 2019 The Japanese exchange BitPoint lost $32 million in a hack attack.
June 27, 2019 Bitrue, Singapore-based cryptocurrency exchange Bitrue has been hacked for around $4.2 million in user assets.
May 7, 2019 Binance, World’s largest exchange loses $40 million via a single transaction in a large scale security breach.
April 1, 2019 Bithumb, the South Korean crypto exchange Bithumb was hacked for the third time and lost around $13 million in the EOS and XRP
March 25, 2019 Coinbene lost Over $100 Million in crypto a security breach.
March 24, 2019 DragonEx, had a security breach and lost unknown amount of crypto.
February 15, 2019 Cryptopia, suffered a security breach and lost 19,391 (ETH) tokens worth nearly $2.44 million and around 48 million centrality (CENNZ) tokens worth about $1.18.
September 14, 2018 Zaif the Japanese based cryptocurrency exchange has been hacked, about $60 million worth of cryptocurrency.
July 9, 2018 Bancor was hacked and lost around $23 million of cryptocurrency.
June 19, 2018 Bithumb the South Korean crypto exchange got hacked for the second time and lost around $31 million in cryptocurrency.
June 10, 2018 Coinrail the South Korean crypto exchange lost $40 million in hack attack.
February 8, 2018 BitGrail lost 17 million coins of Nano (XRB) in a hack attack.
January 26, 2018 Coincheck the Japanese exchange lost $500 million in crypto as a result of a security breach.
January 26, 2018 LocalBitcoins lost USD 27,000 in a hack attack.
December 19, 2017 YouBit was breached, unknown amount of crypto was stolen.
June 27, 2017 Bithumb the South Korean crypto exchange got hacked and all of it’s clients data (including their names, mobile phone numbers and email addresses) where stolen.
April 26, 2017 Yapizon the South Korean exchange lost 3831 BTC in a hack attack.
October 13, 2016 Bitcurex Polish bitcoin exchange got hacked and lost $1.5m in crypro. At that time Bitcurex was the biggest bitcoin exchanges serving the European market.
August 2, 2016 Bitfinex lost $72 million in a hack attack.
June 30, 2016 ShapeShift was hacked three times in two weeks and lost around $200K in crypto.
May 9, 2016 Gatecoin lost 185,000 Ether and 250 BTC in a security breach.
May 22, 2015 Bitfinex Hong Kong based crypto exchange lost 1400 in a hack attack.
February 18, 2015 KipCoin lost 3000 BTC in a hack attack.
February 14, 2015 BTER the Chinese based crypto exchange lost lost 7170 BTC in a security breach.
January 4, 2015 Bitstamp lost 19000 BTC in a security breach.
July 29, 2014 Cryptsy lost 13,000 BTC and 300,000 LTC in a security breach.
July 14, 2014 MintPal lost uknown amount of crypto in a hack attack.
March 11, 2014 Crypto Rush lost 950 BTC and 2500 LTC in a security breach
March 4, 2014 Poloniex lost 97 BTC in a hack attack.
March 2, 2014 Flexcoin lost 896 BTC in a security breach.
February 17, 2014 Picostocks lost 5896 BTC in a hack attack.
February 7, 2014 Mt.Gox got hacked for the second time and lost 740,000 BTC (6% of all bitcoin in existence at the time).
October 23, 2013 Inputs.io 4100 BTC were stolen.
May 10, 2013 Vircurex lost 1454 BTC 225,263 TRC 23,400 LTC in a single hack attack.
September 3, 2012 Bitfloor lost 24,000 BTC in a hack attack.
July 2012 Bitcoinica got hacked for the third time and lost 40,000 BTC.
May 2012 Bitcoinica got hacked for the second time and lost 38,000 BTC.
March 2012 Bitcoinica got hacked and lost 43,554 BTC.
October 5, 2011 Bitcoin7 exchange was hacked and it’s clients data were stolen.
June 19, 2011 Mt.Gox got hacked and lost $8,750,000 in crypto.
In the world of cybersecurity, claims of data breaches can cause significant concern and speculation. Recently, a ransomware group named FSOCIETY claimed to have successfully hacked several organizations, including the cryptocurrency exchange Bitfinex. However, Bitfinex’s Chief Technology Officer (CTO), Paolo Ardoino, has dismissed these rumors, stating that a thorough analysis of their systems revealed no evidence of a breach.
According to Ardoino, who is also the CEO of Tether, less than 25% of the email addresses allegedly stolen from Bitfinex’s servers match legitimate users. This casts doubt on the validity of FSOCIETY’s claims regarding the supposed hack.
The ransomware group, styled after the fictional hacking group from the TV show “Mr. Robot,” claimed to have breached several victims, including Rutgers University, consulting firm SBC Global, and a cryptocurrency exchange they referred to as “Coinmoma,” which is likely a misspelling of Coinmama.
Ardoino expressed skepticism about the group’s claims, stating that if they had indeed hacked Bitfinex, they would have demanded a ransom through the exchange’s bug bounty program, customer support channels, emails, or social media accounts. However, Bitfinex received no such requests from FSOCIETY.
Furthermore, Ardoino shared a message from a security researcher suggesting that the real motivation behind the alleged hacks might be to promote FSOCIETY’s ransomware tools, which they reportedly sell access to in exchange for a subscription fee and a commission on stolen profits. Ardoino questioned the group’s need to sell their tools for $299 if they had truly hacked a major exchange like Bitfinex.
It’s worth noting that Bitfinex has previously fallen victim to a significant hack in 2016, resulting in the theft of a substantial amount of Bitcoin. Two individuals, including crypto rapper ‘Razzlekhan,’ pleaded guilty to money laundering charges in connection with that incident.
While the claims made by FSOCIETY have yet to be verified by the alleged victims, Bitfinex’s CTO remains firm in his stance that no breach has occurred. As cybersecurity threats continue to evolve, it is crucial for organizations to remain vigilant and take proactive measures to protect their systems and users’ data.
A former senior security engineer was sentenced to three years in prison for executing sophisticated hacks against two decentralized cryptocurrency exchanges, stealing over $12 million worth of digital assets.
Shakeeb Ahmed, 34, of New York, pleaded guilty to computer fraud charges related to the July 2022 hacks. He exploited vulnerabilities in the smart contracts governing the exchanges to artificially inflate fees and purchase crypto tokens at manipulated prices.
Damian Williams, the U.S. Attorney for the Southern District of New York, announced the sentencing and first-ever conviction for hacking a blockchain smart contract. “No matter how novel or sophisticated the hack, this office is committed to following the money and bringing hackers to justice,” Williams stated.
The Two Crypto Exchange Hacks In the first hack, Ahmed exploited a pricing flaw in an unnamed decentralized exchange. He inserted fake data to generate around $9 million in inflated fees, which he then withdrew as cryptocurrency. Ahmed later agreed to return most of the funds to avoid prosecution.
Weeks later, Ahmed struck again by hacking Nirvana Finance, a decentralized exchange for the ANA token. He used a flash loan to purchase ANA at an artificially low price through a smart contract exploit. Ahmed then immediately sold the ANA back to Nirvana at the higher market rate, netting $3.6 million – virtually all of Nirvana’s funds.
After the attacks, Ahmed searched online for information about the hacks, potential criminal liability, and how to flee the country to avoid charges.
Sophisticated Money Laundering Techniques To cover his tracks, Ahmed employed advanced crypto money laundering methods. These included swapping tokens, “bridging” funds between blockchains, converting to privacy coin Monero, using overseas exchanges, and leveraging “mixers” like Samourai Whirlpool.
In addition to his prison sentence, Ahmed was ordered to forfeit the $12.3 million in stolen cryptocurrency. He must also pay over $5 million in restitution to the victim exchanges.
NFT Trader, a peer-to-peer (P2P) trading platform, recently experienced a security breach leading to the unauthorized transfer of significant NFT assets. The attacker, identified as 0x90…8fda, successfully made off with 37 Bored Ape Yacht Club (BAYC), 13 Mutant Ape Yacht Club (MAYC), 4 World of Women, and 6 VeeFriends NFTs, collectively valued at 1,080 ETH (approximately $2.4 million). Users are strongly advised to promptly revoke any authorization granted to the platform.
Initial reports, shared by Chinese crypto news reporter Colin Wu on social media, indicate that the pilfered NFTs were sent to the address 0x909F2159780e64143CF08f32dBBF56Ed19478fda (link to tweet). An on-chain message from the address holder, claiming the role of a “scavenger,” refutes allegations of hacking the P2P trading platform. Instead, they assert rescuing the NFTs with the intention of returning them.
Further information reveals that the alleged real hacker’s address is 0x3dc115307c7b79e9ff0afe4c1a0796c22e366a47b47ed2d82194bcd59bb4bd46.
NFT Trader has acknowledged the security incident and disclosed that the attack targeted old smart contracts. In response, the platform is advising users to remove delegations via Revoke.cash from the following addresses:
- 0xc310e760778ecbca4c65b6c559874757a4c4ece0
- 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af
Despite being relatively unknown among NFT traders, NFT Trader’s website identifies its CEO as John Pak, collaborating with co-founders Mattia Migliore and an individual using the pseudonym “Bruckzr” (link to tweet).
On social media, an NFT collector (@dingalingts) has urged traders to “revoke approval to their contract ASAP” for those who have engaged with NFT Trader previously. The stolen digital assets, which exceed $2 million in value, include 37 BAYC, 13 MAYC, 4 World of Women, and 6 VeeFriends.
Binance Delists Four Major Cryptocurrencies: What You Need to Know
LocalMonero Announces 6-Month Shutdown Plan
Telecom Giant Vodafone Bringing Crypto to the Masses Via SIM Cards
No Evidence of Hack, Says Bitfinex CTO Amid Ransomware Gang’s Allegations
Indian Police Seize 268 Bitcoins Worth $17 Million in Crypto Bust
Smart Contract Hacking Costs Ex-Engineer $12M and His Freedom
Project Review: Pi Network, a New Scam Project in Town
Bitcoin Worth $1.2M Seized From Arrested Indian Hacker
Review: Play Arcade Games Inside ARK Wallet And Win Some Free Cryptocurrency
A Full Review: Utopia A New Decentralized P2P Blockchain
Another Exit Scam: NovaChain Shuts Down
Crex24 Will Require KYC Verification
-
Altcoins4 years agoProject Review: Pi Network, a New Scam Project in Town
-
Bitcoin4 years agoBitcoin Worth $1.2M Seized From Arrested Indian Hacker
-
Altcoins5 years agoReview: Play Arcade Games Inside ARK Wallet And Win Some Free Cryptocurrency
-
Blockchain5 years agoA Full Review: Utopia A New Decentralized P2P Blockchain
-
Bitcoin5 years agoAnother Exit Scam: NovaChain Shuts Down
-
Exchanges5 years agoCrex24 Will Require KYC Verification
-
Bitcoin5 years agoJohn McAfee Has Gone Missing
-
Altcoins5 years agoElrond Partners With ChainLink