The blockchain industry is booming, and with it comes a wave of new investors and enthusiasts. What do you think? Can blockchains be hacked? Well, the quick answer is yes. As with any rapidly-growing industry, there are bound to be some bumps in the road. In the case of blockchains, these are security breaches and hacks. Understanding how these attacks work will allow us to be better equipped to protect our assets and investments.
In this week’s blog post, we’ll take a look at some of the worst hacks in crypto history. Moreover, if you want to know more about the losses, you can find our Youtube video about the top 10 Bitcoin losses!
- The biggest crypto hacks in history were the Bitfinex hack (2016) and Coincheck hack (2018).
- To minimize the risks, it is suggested to research the project, determine if the founders are credible, and keep your private keys in a non-custodial or cold wallet.
Mt. Gox Notorious Blockchain Hack
Our first one is probably the most well-known Bitcoin hack. It occurred in 2014 and resulted in the bankruptcy of the Japan-based Mt. Gox exchange, which at the time handled 70% of bitcoin trading. The reported loss in crypto was about 850,000 bitcoins, valued at 460 million USD at the time of the hack (As of January 2022, the amount would be over $35 billion).
The Bitfinex Hack
Next is the second largest breach of a Bitcoin exchange platform. Occurring in 2016, the hack also had an impact on multisig accounts, which allow multiple signatories to manage funds and mitigate risks. These require access to multiple keys in order to conduct transactions. In the case of Bitfinex, it held two of the secret keys, and the third one was with its partner BitGo. Hackers accessed these keys and withdrew about 120,000 BTC, which at the time amounted to 72 million USD.
The Biggest Crypto Hack: Coincheck
The biggest crypto robbery happened in 2018 on Coincheck, a Japanese cryptocurrency exchange. About 523 million NEM tokens were stolen from its hot wallets, estimated to be worth about 534 million USD at the time. The hackers appeared to have used phishing tactics to gain the necessary information from emails the employees used. Afterward, they installed malware and acquired everything they needed.
In 2018, one of the oldest cryptocurrency exchanges in Japan had a major breach when hackers accessed its hot wallets. Zaif only noticed the attack 3 days later, resulting in the loss of about $60 million. Afterward, the exchange signed a deal with Fisco, a Japanese investment firm, which helped raise $44.5 million in exchange for giving majority ownership to Fisco. The raised funds were used to cover the users’ losses. Thanks to the deal, Zaif restored its deposit and withdrawal services in 2019.
How to Protect Yourself From Crypto Hack
By now you are probably wondering how to protect yourself from crypto hacks. So, before moving on, let’s see what YOU can do to minimize the risk of your funds being taken.
- Do your research: You should look into the website of the project or token, where you can purchase it, its white paper, and the listed developers and founders before investing. Information about this can reveal things that were not obvious at first glance.
- Understand reputation risks: Determining if the founders of a project are trustworthy and credible is essential, especially since there have been cases of founders abandoning a project and leaving with the invested money. Also, you should be careful not to invest simply because a celebrity said that a service/product is good.
- Look into the smart contract: Although this step is probably too technical for the average investor, it is advised to check out the smart contract of a project. Especially since an issue with the developer’s code could become a potential weakness within the project. One of the easiest to spot “red flags” is if the application does not share its code or ignores the community’s concerns.
- Keep your wallet safe: You probably noticed that the funds were often taken out of hot wallets, which is why it is crucial to keep your wallet secure. And, be mindful not to disclose your private keys to others. As you may know from one of our articles, Centralized Finance platforms often keep your private keys in their custodial wallets, which is why in case of an attack, your funds also become vulnerable. However, with DeFi, you use non-custodial wallets that allow you to control your private keys and crypto holdings, which is considered one of the safest options.
The Issue with Centralized Finance (CeFi)
You can find a more thorough analysis of Centralized and Decentralized Finance in our blog. But the main difference between the two is that DeFi allows you to be the sole owner of your private keys that hold your funds. On the other hand, with CeFi your funds are secured within the CeFi platform, and in case of a breach, your funds also become vulnerable.
Now back to the hacks.
Upbit, a South Korea-based cryptocurrency exchange that became the largest in terms of daily transactions in 2018, got hit by a cyberattack a year later. The hackers were able to steal more than $45 million in a single transaction. The hackers transferred most of the cryptocurrency to other wallets within a few days after the attack, making it more difficult for authorities to follow them.
The Binance Hack
In 2019, one of the most famous CeFi platforms, Binance, got hacked, resulting in a loss of about $40 million. However, during this large-scale security breach, hackers also stole some API tokens and user 2-factor authentication codes. In addition, they were able to compromise multiple high-net-worth accounts that had their bitcoin in Binance’s hot wallet (connected to the internet).
At the beginning of 2019, hackers managed to hack into the New Zealand-based crypto exchange and take digital assets worth over $10 million, estimated to be more than 9% of Cryptopia’s holdings. Due to this breach, the brand was tarnished, and it got forced into liquidation 2 months after the incident.
This Singapore-based exchange was considered to be in the top 10 in the world by crypto trading volume. However, in 2019, it got attacked and lost over $105 million in cryptocurrencies. Interestingly, unlike the other exchanges on this list, CoinBene announced that it was closing for maintenance and hid that it got attacked. The coins appeared to have moved to various exchanges, such as Binance, and are yet to be recovered.
Other Bitcoin Losses
What Happens When You Don’t Have Your Keys
In 2019, the CEO of Quadriga CX, a cryptocurrency exchange in Canada, told in court filings that it could not repay at least $250 million to its clients because the CEO was the only one who knew the security keys and passwords required to access the funds. As such, many questioned whether the CEO had died or faked his death to pull off an “exit scam.”
Knowing When to Stop
A journalist from Australia decided to pour all of his retirement money (about $70,000) into cryptocurrencies in 2017. And at one point, his assets had reached about $7 million. However, when recommended to cash in, he declined, and after continuing to use leverage, soon lost everything. Be careful not to get too greedy.
Bad Timing: Founder of Softbank
Our next story shows the importance of timing. Masayoshi Son, the founder of SoftBank Group Corp., had the unfortunate timing of buying and selling Bitcoin at the worst times possible. He bought Bitcoin at the end of 2017 when its price had risen tenfold, and sold it when the price plummeted in early 2018. Reportedly, this cost him a loss of about $130 million.
How Co-Founder of Ripple Lost $44 Billion
Even the co-founder of Ripple, Chris Larson, is not immune to losses. When Ripple’s cryptocurrency, XRP, was trading at about $3.6, he started 2018 with about $60 billion. However, in mid-January that same year, the XRP token price went down to almost $1. And because of this, Larson’s assets in XRP went down $44 billion in just a few weeks.
Pizzas Bought with Bitcoin
In 2010, Laszlo Hanyecz offered to pay anyone who brings him two pizzas 10,000 Bitcoins. A British man accepted his offer and received about $41 worth of crypto. However, with each year, the price of Bitcoins continues to rise, and now they are worth over $420 million. So, Hanyecz may have lost
IT Worker Lost $146 Million
James Howells, a British IT worker, was mining bitcoin between 2009 and 2013. Later he sold the laptop he used to mine the 7,500 Bitcoins but kept the hard drive in case a miracle happened. Unfortunately, later that year, he unintentionally threw out the drive during a clean-up, and it ended up in a landfill in Wales. The bitcoins on that hard drive would have been valued at more than $146 million at the peak of Bitcoin.
“Dragon Coin” Scam
Anyone is vulnerable to scams, even businesspeople. Finnish millionaire investor Aarni Otava Saarimaa was approached to purchase a cryptocurrency named “Dragon Coin” and shares in some high-profile companies. Little did he know that his Bitcoin investment world would get immediately sold and distributed among the group of scammers.
$1.2 Million Lost in Crypto Scam
An “experienced investor in crypto” from New Jersey was contacted and tricked into investing his life savings. The scam apparently went on for 18 months, and the scammer had promised that his returns would be 15 times his initial investment. Unfortunately, the bank was unable to reverse the transactions and recover his money.
Loss in Past, Gain in The Present
In 2012, the Winklevoss brothers, famous for their court case with Facebook, decided to buy 120,000 bitcoins (that cost $10 each at the time) with a part of their court winnings. However, in 2018, everyone thought that Cameron and Tyler had lost $1.62 billion because their holdings became worth only 720 million instead of the $2.3 they would be valued during Bitcoin’s previous peak. However, Bitcoin’s value has soared in the last year, so as of mid-January 2022, its assets are worth about $5 billion. This case clearly shows the unpredictability of crypto coins’ values.
To reiterate, the crypto industry is not immune to hacks either. However, technology continues to advance, and exchanges are trying to find better ways to protect their users’ funds. Remember to mitigate the risk by keeping the private keys connected to your funds in a non-custodial or cold wallet. But even without hacks, there are other ways you can gain and lose money in the crypto space. So, be attentive!