A Huge List of Cryptocurrency Thefts

Any cryptocurrency exchange hack adversely affects the rate of cryptocurrency, which makes the price to restore only after a few months. Hackers carry out attacks not only to steal money. Many hacks are performed for the sake of pumping or dumping the cryptocurrency exchange rate, some are insider’s job, and some are simple exit scams. After all, inexperienced market players (who are now the majority) begin to withdraw tokens to fiat when hearing bad news quickly.

The likelihood of such well-designed tactical attacks will only grow with the development of the market and fierce competition on it. Coins and tokens can disappear even from the largest and seemingly protected exchanges. However, does the problem always lie on a hacker?

ROKKEX decided to create a timeline of cryptocurrency exchange frauds, and biggest crypto exchange hacks to find out whether only the hackers are to blame.

Spoiler: Sometimes, the owners or employees are guilty as well.

2011

June

• What: Mt.Gox
• Amount: 2643 BTC

Mt.Gox opens the list of cryptocurrency hacks. , a hacker managed to hijack auditor account with administrative rights. Through phishing, he or she took possession of the administrative account, stole hot wallet private keys from wallet.dat file., changed the BTC price to 1 cent, obtained accounts of Mt.Gox users, created the sell orders, and bought 2643 BTC at the artificially created price for customers’ money.

July

• What: Bitomat
• Amount: 17,000 BTC

A cryptocurrency exchange based in Poland was the 3rd largest exchange platform at that time. One day, due to the accidental wallet destruction during the server reboot, they lost keys to all BTC wallets, resulting in loss of 17k BTC.

In a few words, Bitomat was using Amazon Web Services Elastic Cloud Computing to host virtual machines; the AWS warning goes that if an instance is taken offline all the data stored can be lost permanently. It appeared that Bitomat happened to be in an EC2 virtual machine, so it’s possible that they had little chance of recovering the old funds from the wallet.

October

• What: Bitcoin7
• Amount: 11,000 BTC

On October 6, Bitcoin7 posted a message on their website that informed the users that Russian and Eastern European hackers attacked cryptocurrency exchange. The hackers and gained full access to the main BTC depository and 2 of the 3 backup wallets.

Today, Bitcoin7 domain offers a scammy service of multiplying the amount of BTC. Maybe, it’s still possessed by hackers?

• What: Mt.Gox
• Amount: 2609 BTC

The bad luck of Mt.Gox was gaining traction on October 2011. The exchange lost other 2609 BTC due to a programming error. To put it simply, Mt Gox accidentally created transactions that can never be redeemed. To understand the issue more deeply, .

2012

March

• What: Linode
• Amount: 3000 BTC from Slush and 43000 BTC from Bitcoinica

On March 1, web hosting provider Linode was hacked, resulting in a theft of and . There have been two major BTC heists before, one 25,000 BTC theft in June and a 17,000 BTC theft from the BTC exchange Bitomat in August, resulting in the exchange being bailed out and acquired by MtGox. At that moment, security has become a major concern of the BTC community. Although people wanted to carry out their economic activity in cryptocurrency, the question of whether their money was safe disturbed them.

May

• What: Bitcoinica
• Amount: 18,457 BTC

The 43,000 BTC Linode theft was not enough, and was stolen from Bitcoinica’s reserves. The CEO Zhou Tong was barely able to prevent the loss of . The site was immediately shut down for security reasons. Vitalik Buterin, being a writer and co-founder of :

“Unfortunately, given the financial stress that Bitcoinica was already in after the Linode theft two months ago, even this smaller loss turned out to be the straw that broke the camel’s back.”

July

• What: BTC-e
• Amount: 4,500 BTC

Here comes the first proven story when exchange operators are becoming greedy and peculate money that doesn’t belong to them. Alexander Vinnik, the operator of BTC-e, was arrested mainly for . He was one of the staff members who performed DDoS attacks, stole API creds, initiated Liberty Reserve deposits, and injected large amounts of USD into the system which were quickly sold for BTC.

BTC-e.com was considered a golden standard of reliability and had a chance to change the reputation of Russia being the money-laundering country.

September

• What: BitFloor
• Amount: 24,000 BTC

BitFloor had been operating since 2011 when on September 4, 2012, the operator of BitFloor reported a security breach that resulted in . The site was shut down, and access to customer funds denied as the exchange’s reserves were insufficient to accommodate all funds deposited.

2013

May

• What: Vircurex
• Amount: 1,454 BTC

In 2014, the exchange announced it was almost bankrupt after . Part of the loss came from “two purported hacks the exchange experienced in mid-2013.”

As a result, the Vircurex froze withdrawals of BTC, LTC, FTC, and TRC. At the time, the company declared it would begin paying users back using the profits. The exchange refunded small amounts of cryptocurrencies to a few of its customers, but most of the funds owed remained with the exchange.

October

• What: Silk Road (marketplace)
• Amount: ~1,606 BTC

It won’t be a list of cryptocurrency fraud if we don’t mention Silk Road and Mr.Ulbricht criminal activity. Silk Road, located in the Tor network, can be called an alternative eBay or Amazon but for selling illegal goods, such as heroin, weapons, pornography, etc. All payment transactions were made in BTC, and the Silk Road was a middleman connecting the users and taking a commission for their illegal trades. For two years of the marketplace existence, the total volume of transactions amounted to 9.5 mln BTC.

Soon . In 2015, the founder of the company Ulim Ross Ulbricht was sentenced to life imprisonment for many crimes including hacker attacks and collusion in money laundering.

The story doesn’t finish there, as secret service agent, who had been conducting the case, eventually .

November

• What: BitCash
• Amount: 484 BTC

On November 11, Czech-based cryptocurrency exchange emptying 4,000 users’ wallets.

The website servers were hacked to conduct a phishing attack with fraudulent emails on behalf of BitCash to fool users. The emails claim BitCash resorted to their US recovery company to get back the BTC that have been stolen. Recipients were asked to send 2 BTC to a wallet address for their BTC to be returned. However, the BTC address listed in the email text hadn’t been used online and had no transactions.

2014

March

• What: Mt.Gox
• Amount: 850,000 BTC

In 2013 MtGox was one of the most popular cryptocurrency exchanges (47% of transactions in BTC were made through this platform). In total it lost 850,000 BTC, which is currently a record amount.

As you might remember from the above, our list of began exactly with Mt.Gox which private keys were stolen. The hacker(s)/insider(s) gained access to a large number of BTC, began to control the input and output of funds, as well as deposits. During 2 years (2012–2013), a hacker was emptying wallets, but the Mt. Gox systems was , crediting some users with up to about 40,000 extra BTC.

Today, 5 years later, Mt.Gox is still the biggest hack ever happened (and we hope it’ll remain like this).

• What: Poloniex
• Amount: 12.3% of all BTCs (97 BTC)

Poloniex, a US-based cryptocurrency exchange, was hacked in the summer of 2014. The hackers managed to exploit an incorrect withdrawal code of Poloniex.

The company did not report the exact number of BTC stolen, but you can check a detailed explanation of the hack on the . Moreover, Poloniex might have been hacked a few other times as some unofficial source like , , and has claimed.

July

• What: Cryptsy
• Amount: 13,000 BTC and 300,000 LTC

In July 2014, the attacker under the nickname Lucky7Coin into the code of Cryptsy — a cryptocurrency exchange. A hacker got access to BTC and LTC keys. As a result, a criminal(s) got 13,000 BTC and 300,000 LTC.

Interestingly, exchange administrators were familiar with the fraudster. The attacker sent an awkward letter two months before the hack introducing oneself as Jack and reporting that the previous owner of the nickname died. The owner of the company, Paul Vernon, was accused of destroying evidence of illegal activities and stealing 11,000 BTC. Cryptsy clients believe that the currency could be laundered through another exchange — Coinbase.

December

• What: Mintpal
• Amount: 3,894 BTC

MintPal was considered one of the best trading platforms until the time when management changed in the fall of 2014. The company was sold to Executive Director of Moopay, Ryan Kennedy, known under the pseudonym Alex Green.

During the internal work, he stole 3,894 BTC and bankrupted the exchange. It is noteworthy that several months later, after the withdrawal of funds, Kennedy was for rape and the sentence did not contain a clause about stealing $1.5 million in BTC.

2015

January

• What: Bitstamp
• Amount: 19,000 BTC

The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Supervisory Authority in Finance (), in January 2015. Hackers sent a malicious file to the internal mail of employees. One of the Bitstamp’s employees neglected security rule №1 — do not open files from strangers, and followed the link on the device that has access to the BTC wallet of the exchange. As a result, 19,000 BTC was stolen, or about $5,100,000 at the day of the theft.

• What: LocalBitcoins
• Amount: ~17 BTC

17 BTC is seemingly not a large sum compared to the compromised exchanges above; nevertheless, it’s one more argument in favor of paying attention (and allocating money) to cybersecurity. Nikolaus Kangas, :

“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

Three users lost funds during the hack. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Again, 2FA is a reliable security measure that should be in place on every cryptocurrency exchange platform.

• What: 796
• Amount: 1,000 BTC

What seemed like a mistake, appeared to be a well-calculated and precise attack. At the end of January, . According to the explanation, a hacker gained access to a sub-module and tampered customers’ withdrawal addresses with one’s own.

February

• What: Bter
• Amount: 7,000 BTC

Another attack that is related to employees mistake occurred in China. A small cryptocurrency exchange Bter was . Employees of the exchange organized the largest heist. In February 2015, 7000 BTC was stolen from a cold wallet. After that, all the activities of the company were suspended, and only a couple of years later the Bter management resumed withdrawing funds from their assets.

• What: KipCoin
• Amount: 3,000 BTC

Being the owner of an exchange platform, will you admit the breach immediately or halter the news until the investigation gives you more details? The owners of KipCoin .

Remember Linode? In 2015 it became clear that it was hacked again in June 2014 causing a breach of KipCoin server. The hackers changed Linode account password excluding the owners from accessing it; this entailed KipCoin Linode root password to be changed as well, as the hacker(s) gained control of the entire platform.

For a month, the administration of the exchange tried to regain control, and they succeeded (surprisingly, nothing malevolent had happened during this month). That didn’t mean that hackers went away, they lurked. In October 2014, hackers gained access to funds as the exchange didn’t change their BTC private keys.

KipCoin decided to not disclose this information immediately in light of BitStamp losing many coins and has taken all the necessary steps to file an official complaint with the police.

2016

March

• What: Cointrader
• Amount: Unknown

A hack or an exit scam? That’s the question users often ask when an exchange unexpectedly shuts down. On March 28, Cointrader joined the graveyard of allegedly hacked cryptocurrency exchanges having sent their users :

Dear Cointrader Customer,

A recent internal audit revealed a deficiency of Bitcoin in our wallets causing a delay in withdrawals. This issue is currently under investigation and it is our intention to have the balance of your account settled as soon as possible. We sincerely apologize for this unfortunate inconvenience and will keep you posted on the progress of this issue. In the meantime, we have halted deposits, withdrawals and trading activity until this matter has been resolved.

Sincerely,

Cointrader.net Support

The shut down was followed with a low daily trading volume of only 81.43 BTC over the next 6 months. The number of affected users has never been reported.

April

• What: ShapeShift
• Amount: 469 BTC + 5,800 ETH + 1,900 LTC

ShapeShift story is an excellent example of . On March 14, an employee stole from the company 315 BTC. When the theft was uncovered, he got fired. However, the losses didn’t stop on that: on April 7 additional 97 BTC, 3,600 ETH, and 1,900 LTC disappeared. The site was taken offline, and incident response measures were in place, and then additional 57 BTC and 2,200 ETH were taken! The report stated:

“Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.”

May

• What: GateCoin
• Amount: 4,320 BTC (250 BTC and 185,000 ETH)

Gatecoin was one of the first regulated cryptocurrency exchange platforms to spring up. It offered purchases of ETH-based tokens to vote on and fund development proposals during crowdsale for The Dao, and in the aftermath of the hack, it promised to a portal for withdrawing DAO-related tokens and fiat currencies. The exchange was well-known and prominent at that time, so there is no wonder that it . Gatecoin stated:

“We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.”

August

• What: Bitfinex
• Amount: 120,000 BTC

The Hong Kong company claimed to be the most reliable and secure cryptocurrency exchange, where wallets with multiple identifiers are selected for each client. It turned out to be just a matter of marketing. In August 2016, . The main leak of funds occurred through the BitGo processing service with which Bitfinex cooperated.

2017

June

• What: QuadrigaCX
• Amount: 67,000 ETH

Some errors don’t bring harm to the users of a cryptocurrency exchange but to the owners. Due to programmers error, a Canadian-based exchange platform . In the official statement, QuadrigaCX explained that the mistake happened after a Geth upgrade. Talking in technical terms:

“The programmer called a function in the splitter smart contract with a corrupted transaction data payload, which was the result of failing to prefix a certain value with 0x (which is necessary to indicate a string is hex-encoded).”

December

• What: Nicehash (a marketplace for mining hashing power.)
• Amount: 4,000 BTC

Nicehash wasn’t an exchange but a cryptocurrency hash power broker with integrated marketplace; nevertheless, the story also belongs to the list of cryptocurrency thefts. People rented their computing power to those who wanted to mine cryptocurrency without investments in hardware. It turned out that people were paying to mine coins which went directly to hackers’ pockets.

The Slovenia-based company :

“Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency.”

In August, the company announced .

2018

January

• What: Coincheck
• Amount: 523,000,000 NEM

Another , the leading Japanese crypto trading platform. Hackers outside the country infected the internal network of the exchange with a virus that was transmitted through email, and it allowed them to steal private keys. As a result, 523 mln NEM coins were stolen for $533 million at the time of the theft.

The incident occurred due to the neglect of the storage of this cryptocurrency, as the exchange did not use smart contracts with multi-signatures, and all coins were stored on the same wallet.

February

• What: BitGrail
• Amount: 17,000,000 NANO

from the Italian cryptocurrency exchange Bitgrail.

According to the owner Francesco Firano, 17 million XRB (Nano / RaiBlock) was withdrawn from the accounts as a result of “unauthorized transactions.” Nano representatives denied this information and stated that there were no errors. 😏

It is worth noting that the rest of the tokens stored on the exchange did not suffer. After the attack, Bitgrail declared itself bankrupt.

April

• What: CoinSecure
• Amount: 438 BTC

As we already know, employees of the exchange can take advantage of their position and peculate considerable sums. In April 2018 an Indian exchange Coinsecure lost 438 BTC or $3.5 million at the rate. The owners of the company assume that CoinSecure when extracting BTG. The suspect denied his guilt and claimed that the funds “had been stolen in the process of some kind of attack”.

June

• What: Coinrail
• Amount: 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins + significant amounts of six other tokens

Despite Coinrail being a small exchange in South Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it and , and significant amounts of six other tokens. The authorities didn’t give many details and called the attack a “cyber intrusion,” which resulted in many ERC-20 tokens stolen from the exchange.

September

• What: Zaif
• Amount: 5,966 BTC

Japanese based exchange Zaif . This resulted in $60 million in BTC, BCH, and MonaCoin being stolen. Oddly enough, the exact amount of stolen BCH is unknown, which does inspire Zaif to improve their security measures in the future. Zaif has already filed a criminal case with local authorities; apparently due to the way a hacker got unauthorized access to the funds, possibly an employee went rogue?

October

• What: MapleChange
• Amount: 913 BTC

A small Canadian based exchange called MapleChange had a modest volume of around $67,000 per day since its launch in May 2018. In October they or suffered a bug which resulted in all customers’ deposited funds being withdrawn.

On October 28, they made a strange claim that they had to delete all their social media accounts during an investigation. With no details on their team or whether they were legally allowed to operate, the “hack” reeks of an orchestrated exit scam.

November

• What: Pure Bit
• Amount: $30,000,000 (ICO + 13,000 ETH)

Pure Bit raised over $30,000,000 in an ICO to create a cryptocurrency exchange in South Korea, but then they . Pure Bit even tried to go further and sell a portion of stolen funds on UpBit. Luckily, UpBit promptly froze the account, knowing that the funds are fraudulent.

Pure Bit website is now offline, and their KakaoTalk account renamed to a phrase that roughly translates into “I’m Sorry.”

December

• What: QuadrigaCX
• Amount: 26 350 BTC

One of the most remarkable hacks in our list of cryptocurrency thefts happened in December 2018. The owner of QuadrigaCX, Gerry Cotten, suddenly passed away; he was the only one who had access to the cold wallets of the exchange. Interestingly, at the moment of announcement users have been trying to withdraw funds for several months already and bankruptcy rumors were spreading quickly.

When Ernst&Young started their audit, they found out that there . QuadrigaCX started bankruptcy procedure owning their customers more than 26,000 BTC. There is a conspiracy theory that Gerry Cotten is still alive and that QuadrigaCX case is nothing more than just an exit scam.

2019

January

• What: HitBTC
• Amount: Unknown

It is vital to mention HitBTC behavior ahead of . Users reporting that HitBTC was blocking all attempts of withdrawing their funds.

• What: Cryptopia
• Amount: At least 19,390 ETH

On January 13, users of Cryptopia reported difficulties accessing and using their accounts. The first message from Cryptopia was that they were going into unscheduled maintenance to resolve a technical issue. Later the exchange clarified on that they had suffered a security breach.

Cryptopia stated that they had reported the breach to the relevant New Zealand’s authorities. The full amount of lost funds is unknown; however, 19,390 ETH has been seen transferred to an unknown wallet. As Cryptopia was quite a small exchange, the possibility of an inside job is one of the versions.

• What: Cryptopia
• Amount: 1,675 ETH

After being hacked on January 13, Cryptopia was . This confirms that the exchange no longer had any control over their wallets.

February

• What: Coinmama
• Amount: 450,000k user emails and passwords

Coinmama is one of the largest crypto brokers, servicing a total of 1.3 million active users. On February 15th, , which led to over 450k user emails and passwords leakage. We can only assume how the sensitive data could have been used: to gain access to cryptocurrency exchange accounts or to sell on the black market for other aims.

May

• What: Binance
• Amount: 7,000 BTC

The latest case from crypto exchange hack history happened a month ago with Binance. The hackers withdraw 7,000 BTC (currently over $40 million) having used several tactics of , which allowed them to obtain a large number of user 2FA codes and API keys. They also mentioned other info had been jeopardized, which could potentially refer to customers private details being stolen as well. One of the possible solutions to restore funds was .

The skills and knowledge of criminals are improving, and the methods by which thefts are committed become even more sophisticated. It is rather difficult to return the stolen cryptocurrency because unscrupulous experts who participate in frauds sometimes turn out to be among cryptocurrency exchange owners. Therefore, before each user starts investing money, it is worth becoming familiar with the companies’ team and security history.

Now you have an answer on the question “which crypto exchange was hacked”. We dived deep and tried to cover all the cryptocurrency exchange thefts and frauds that have ever happened since BTC origin. However, there is still a chance that we haven’t heard about other hacks, so please share with us the information, and we’ll add it to the list.

Remember, it’s a risky idea to put money into places where solvency isn’t transparent. The public addresses of the exchange wallet and monthly revenue numbers should always be public on the company’s website. So, if you do the math, you can always keep track of how the business is going. This is the blockchain spirit, spirit of transparency, and honesty. Stay secured!

You may also Like

8 Ways to be Tricked when Buying Cryptocurrency on P2P Platforms

At , we take security extremely seriously, and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise :)

If you have any ideas and suggestions, contact us at  .  .  .  .  .  .  . <a href="//medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href">//medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href</a>