In the past year, over seven crypto exchanges have fallen victim to large-scale hacking attacks, losing out on tens of millions of dollars. Unfortunately, this form of criminal theft isn’t anything new. According to a recently released report by cybersecurity research firm Carbon Black, cryptocurrencies worth $1.1 billion have already been stolen so far in 2019. The great majority of that amount, roughly $1 billion, was taken straight from crypto exchanges.
So what are the most insane cryptocurrency hacks that accured through 2018 and 2019 ? And what can we learn from them? This may lead one to wonder- how can crypto exchanges prevent another attack? we recommend reading GK8’s article on “Tips for improving cybersecurity posture” .
Most of the biggest cryptocurrency thefts were stolen from low-security, hot wallets. These are wallets that are constantly maintaining an Internet connection. Also, most of the high-profile attacks took place due to security vulnerabilities of the service providers. It is also worth noting that, six out of eight hacks were exchanges, which further proves that these services remain highly targeted by hackers. Unfortunately though, most of the victims of these attacks never got their funds back. That’s why everyone has to be extra careful with where funds are stored. One devastating blow was the Binance hack of 7,000 BTC, which you can read GK8’s analysis on why it was hacked
Here are some of the biggest cryptocurrency breaches:
Bitfinex (BitGo): $72M
In August 2016, nearly $72 million worth of BTC (almost 120,000 Bitcoins) was stolen from Bitfinex. The $72M in theft was the second biggest security breach in cryptocurrency space. Due to the magnitude of the attack and the fact that Bitfinex did not publish the details of their internal investigation, the hack created a strange confusion in the crypto community at the time. The hack not only hurt Bitfinex’s reputation but was also a huge financial loss. Bitfinex used the Bitcoin wallet provider BitGo for additional security of the funds held on the exchange. Despite the multi-signature wallets, the exchange used it was clear that improvement concerning managing risk was needed
Coinrail was subject to an attack which took place in June 2018 . The South Korean cryptocurrency exchange ended up losing approximately $40 million of different ERC-20 tokens during the attack.Soon after the hack, the community discovered that the hacker was trying to sell 26 million of the stolen NPXS tokens on the decentralized exchange IDEX. As the addresses of the hacker were discovered, they were quickly flagged in an attempt to freeze the stolen digital assets.
Sadly, After the hack, Coinrail suspended its system and data on the exchange, that previously should on CoinMarketCap, is not available. This example shows that also smaller exchanges are targeted and vulnerable to hacks.
In September 2018, the company published a press release, in which they announced that the exchange was breached, netting the attackers approximately $60 million. Responding to the attack, Zaif has halted all the service’s withdrawals and deposits. In the hack, 5,966 BTC, and an unknown amount of MCO and Bitcoin Cash was stolen. According to the company, they discovered unauthorized access to the service taking place between 7 pm and 9 pm on September 14, 2018. During this time, the hackers were able to steal the cryptocurrencies, which were held in the exchange’s hot wallets. Zaif added that they were planning to restart the server along with a security update and that they had notified the authorities about the case.
On December 6, 2017, Nicehash was hacked, netting attackers a $60 million “prize.” The attack was discovered by the community who reported that a large amount of funds was moved from the internal addresses of the users to BTC wallets controlled by an unknown party. Soon after the hack, the mining service announced it had been breached. Despite the attack, Nicehash assured its users that they were planning to resume operations with increased security measures. In August 2018, Nicehash was reportedly returning 60% of the stolen funds to the victims. After resuming its service two weeks after the attack, the owners of the service pledged that they would return all of the stolen funds to the victims, paid back to them on a monthly basis.
This is one of the most know hacks in the cryptocurrency industry. On February 7, 2014, the cryptocurrency exchange temporarily stopped all BTC withdrawals, which was extended to all trading activities on February 24. Before the hack almost seven out of every 10 Bitcoin transaction were handled by the exchange. After that hack, the website went offline and in
Mt.Gox took these steps due to a hack, which resulted in the loss of the customers’ 744,408 Bitcoins as well as 100,000 BTC belonging to the company. At the time, the total amount the hackers stole was valued at approximately $473M.
On January 26, 2018, the Japanese cryptocurrency exchange Coincheck froze all withdrawals on its platform. It turned out that the reason for the suspension of withdrawals on the exchange was due to a hack, which resulted in the loss of $534 million worth of NEM. This attack is still considered the largest heist in the crypto industry. In a press conference hosted soon after the hack, Coincheck provided the details of the attack, stating that the attackers succeeded because the stolen NEM was stored in a hot wallet. The hackers managed to steal the private keys for the wallet, successfully draining the funds into their own wallets.
The above-mentioned hacks collectively painted a gloomy picture of the security of blockchain-related services. Many of them had a huge impact on the industry as a whole. The need for higher security standards is evident. Without the support of the right cybersecurity measures, no one is safe from the theft of cryptocurrencies. That even includes the toughest and the strongest players in the industry. In fact, according to CoinTelegraph,
“The worrying trend in the crypto exchange market is that, within the first six months of 2019, the industry has seen the same number of hacking attacks as in the whole of the previous year, and the security breaches in 2019 were mainly experienced by large-scale exchanges. In the upcoming months and years, the methods and technologies utilized by hackers will continue to become more sophisticated and advanced.”
So what can be done to funds to stay safe and secure? Here at GK8, we are bridging the gap between cold and hot wallets, using an innovative management system that provides “uni-dirrectional” “air-gapped” technology with automatic reconciliation that enables exchange to manage their risks in an ideal, secure and practical way. Read more about it on our product page, and stay tuned here for further developments!