The largest crypto hacks in history
In recent years, the cryptocurrency realm has encountered frequent cyber assaults, frequently directed at exchanges and trade platforms. This presents a substantial hazard to user funds, resulting in multimillion-dollar losses. Yet, it's important to question the validity of such a reputation.
During the early phases, cryptocurrencies were indeed targets of attacks. A notable instance is the breach at Mt. Gox exchange, where approximately $400 million worth of bitcoins vanished due to carelessness and lack of competence.
Presently, there's a positive shift owing to government intervention and efforts toward self-regulation, significantly boosting security measures across major cryptocurrency exchanges.
However, this doesn't imply investors should entrust their funds to exchanges. Despite fortified safeguards, they remain comparatively more vulnerable than, for instance, cold wallets.
Even in the aftermath of successful breaches, collaboration within the industry, expertise, and asset insurance often lead to reimbursements or recompense for incurred losses. Let's delve into the most substantial cryptocurrency thefts in history and their aftermath.
Hack Poly Network
On August 10, 2021, Poly Network, a protocol for cross-chain cryptocurrency operations involving Bitcoin (BTC), Ethereum (ETH), Neo (NEO), and others, suffered a hack. This incident marked the largest known cryptocurrency theft in history, resulting in the loss of approximately $610 million. The protocol enables users to transfer assets between different blockchains without relying on exchanges. Computer programmer Kelvin Fichter explains that the protocol establishes self-managed vaults on two different blockchains, requiring coordination between them for transactions. Hackers managed to exploit a vulnerability, bypassing this mechanism and stealing over $610 million. However, thanks to the prompt response from the Poly Network team, they were able to establish communication with the hacker and recover the stolen assets.
In January 2018, unidentified hackers targeted the major Japanese cryptocurrency exchange, Coincheck. Approximately 523 million NEM (XEM) tokens were illicitly withdrawn from the exchange's address, amounting to around $530 million, causing a drastic reduction in its balance. Coincheck acknowledged that technical issues and a shortage of staff contributed to this breach, violating security standards. The stolen NEM was stored in a network-connected hot wallet instead of a more secure offline cold storage. In response to the incident, Japan's Financial Services Agency (FSA) demanded Coincheck enhance its security measures. Despite this, the exchange resumed operations, using its own resources to reimburse stolen funds to its users. This approach enabled the exchange to maintain activity and stability, becoming one of the largest trading platforms, with a daily turnover of nearly $100 million by August 2021.
Tragedy of Mt. Gox
Founded by Jed McCaleb in 2007, Mt. Gox was initially designed for trading Magic: The Gathering Online cards but later emerged as a leading Bitcoin exchange. After McCaleb sold it to Mark Karpeles, the company faced mounting issues, including technical deficiencies and a slowdown in internal system development. This vulnerable state attracted hacker attention.
Insiders at Mt. Gox emphasized in an interview with Wired that the exchange's software development lacked even basic elements like version control and testing, leading to delays in updates and leaving vulnerabilities open for weeks. Exploiting these weaknesses, hackers managed to steal 744,408 bitcoins, valued at $460 million at the time of the attack or $37 billion at current rates. This continued for several years, starting in 2011.
Mt. Gox closed for good in February 2014 after declaring bankruptcy, and customers were never fully reimbursed for their losses. This incident marked the largest crypto theft at the time until Coincheck surpassed this record four years later. It underscored that in the cryptocurrency industry, safeguarding client assets should be a top priority.
KuCoin, yet another notable platform for cryptocurrency exchange, encountered an attack on September 25, 2020, resulting in the loss of approximately $275-$285 million in user funds. However, the exchange's prompt response, collaboration within the cryptocurrency industry, allowed it to recover post-event. Within a week, Chainalysis, specializing in blockchain analysis, traced all stolen funds using their crypto forensic tool, Reactor, despite attempts by hackers to obfuscate transactions through mixers and decentralized exchanges (DEX), typically untraceable. With blockchain tools and partnerships with other exchanges, KuCoin managed to retrieve 84% of the stolen tokens, covering the remaining losses internally and through insurance reserves. Post-attack, the exchange introduced the Safeguard Program, offering other crypto firms access to their expertise in handling such incidents. KuCoin's adept management post-incident garnered client respect, maintaining its position as the sixth-largest cryptocurrency exchange, with a daily trade volume nearing $1.92 billion as of August 2021.
The hacker group CryptoCore, also known as Lazarus, has conducted a series of attacks on cryptocurrency exchanges, starting from 2018 and persisting until today. These incidents, bearing some similarities to the Mt. Gox story, unfolded gradually and affected no less than five exchanges, resulting in losses ranging from $200 million to $1.75 billion in cryptocurrency.
An investigation conducted by ClearSky in June 2020 revealed that the CryptoCore hacker group has been utilizing phishing attacks to breach exchanges since May 2018, resulting in a loss of funds of at least $200 million. They identified that this group might be based in Russia, Ukraine, or Romania, with their attacks primarily targeting exchanges in Japan and the USA.
Further research by ClearSky in May 2021 identified a connection between CryptoCore's attacks and the hacking group Lazarus, believed to be based in North Korea and associated with the country's government. According to ClearSky's findings, these collective attacks rank among the largest cryptocurrency theft operations. Chainalysis, in February 2021, also estimated losses from Lazarus' attacks at $1.75 billion, starting from January 2018. The hacker group remains unidentified and at large.
Bitgrail stands as a glaring example of failure, a stark contrast to the success of platforms like KuCoin and Bitfinex. The attack on this exchange occurred in early 2018, resulting in the loss of 17 million Nano (NANO) tokens, valued approximately between $140 to $195 million.
The founder and head of the company, Francesco Firano, made a series of missteps, caught in the aftermath. Despite hackers initiating their maneuvers in January, the exchange continued operations without alerting authorities until February, a late cry for help that turned catastrophic. Following the incident, Firano attempted to shift blame onto the Nano team, albeit unsuccessfully.
During the investigation, Italian authorities found evidence linking Firano directly to the attack. While the extent of his involvement—whether active participation or criminal negligence—remained unclear, Firano faced charges of computer fraud, fictitious bankruptcy, and money laundering.
The situation remains unresolved: the court ordered Bitgrail to reimburse the stolen funds, yet Italian authorities continue to review the claims from the victims.
Bitfinex, another cryptocurrency exchange, faced an attack in August 2016 when hackers managed to steal about $78 million, equivalent to roughly 120,000 bitcoins, from user wallets.
Immediately upon discovering the breach, the exchange halted BTC withdrawals and all trading activities. The stolen funds were blacklisted to prevent their liquidation through other crypto platforms. Despite efforts, the hackers were never traced, and the stolen assets remained unrecovered.
To compensate client losses, Bitfinex issued BFX tokens, distributing them to owners according to their losses. These tokens were promised to be redeemed by the exchange at their full value in the future using profits. In April 2017, Bitfinex successfully completed the full redemption of BFX, fulfilling its commitments to the affected users.
This graceful approach helped Bitfinex bounce back and maintain its popularity among cryptocurrency exchanges. By August 2021, it remained the eighth-largest trading platform, with daily trading volumes reaching around $900 million.
The mysterious incident involving Africrypt, an investment firm from South Africa, rattled the cryptocurrency sphere. Brothers Raees and Ameer Cajee, the company's founders, announced on April 13, 2021, the cessation of operations, citing a breach in the system's security and the compromise of client wallets. They even advised clients against seeking legal means for compensation, raising suspicions.
Victims of the attack, disregarding this advice, sought assistance from Hanekom Attorneys and lodged a complaint with the police, claiming losses of up to $3.6 billion in bitcoins. They suspect an exit scam, a simple disappearance of clients' funds.
The Cajee brothers obtained their own lawyer, who denies their involvement in the robbery, attributing it to their youth and lack of experience. Soon after the incident, Africrypt's website was shut down, and the founders disappeared. As of now, there is no compelling evidence to support the claimed $3.6 billion losses, but if confirmed, Africrypt would top the list of the largest cryptocurrency thefts in history.