The Biggest Cryptocurrency Thefts Ever Copy
As much as cryptocurrencies are secure, like every other financial instrument, they are also liable to thefts. Decentralisation and use of powerful cryptographic techniques bolsters the security architecture of Blockchain based crypto tokens. Thus, making manipulation of cryptographic records next to impossible. However, supporting infrastructure such as some unreliable and unsafe crypto exchanges are weak links in the chain.
Attesting to this, crypto exchange hacks contribute about 90% to the total value of stolen coins till date. Further, most of these hacks targeted the hot wallets of exchanges (wallets connected to the internet and maintained by exchanges that facilitate quick trade). Over $1.1 billion worth of cryptocurrencies have been stolen so far.
Cryptocurrencies pride themselves on features of anonymity and immutability (makes transactions irreversible). These are double edged swords when it comes to thefts. Once you lose your crypto token to a hack, it is very hard to recover your funds. Though recovery can be done by identifying the entity behind the hack and forcing it to send back the coins, hackers easily mask their identity on Blockchains. Recovery can also be done if a majority of members of the cryptocurrency network agree to reverse the specific transaction(s) on the Blockchain. Building consensus among members who run nodes (Blockchain storage servers) is a herculean task and reversal of transaction has been done only once so far on the Ethereum Blockchain, that too, to much criticism. This is because the crypto community highly values immutability. Any attempt to alter the Blockchain raises apprehensions about the ability of power structures to influence and control cryptocurrencies.
Except for Ripple (which isn’t strictly decentralised), all the other coins in this picture have been stolen by hackers.
Here’s a look at some of the biggest cryptocurrency thefts and what you can do to secure your cryptocurrencies against hacks.
$530 million hack on Coincheck Inc. (2018)
- The biggest crypto exchange hack till date, hackers made away with NEM coins worth ¥58 billion ($530 million) from Coincheck Inc., a Japanese crypto exchange, in January 2018.
- NEM is a widely popular cryptocurrency in Japan, second only to Bitcoin.
- Though Japan has laws and regulations to ensure the safety of cryptocurrencies held in exchanges, requiring crypto exchanges to store user funds in offline wallets (wallets not connected to internet, also called cold wallets), Coincheck Inc. flouted these rules, resulting in theft of the NEM coins from its online (hot) wallet.
- Following the massive theft of funds, Coincheck Inc. apologised to users who lost their coins and promised to return 90% of the stolen funds, though the crypto exchange didn’t detail how it would recover lost funds.
- It has now emerged that the stolen NEM tokens have been exchanged for other tokens by the hacker on the dark Web, making recovery a lost cause. What’s more, the dark web exchange site cheekily displayed a picture of Kim Jong Un, the North Korean dictator, smiling in front of wads of cash once the exchange was complete. The NEM foundation which was previously tracking the stolen coins has given up and stopped tracking.
- Japan has responded by cracking down on unregulated exchanges, launching enforcement drives to make crypto exchanges comply with regulations and laws.
$450 million hack on Mt. Gox (2014)
- Mt. Gox, the biggest Bitcoin exchange until 2014, which at one point handled nearly 70% of worldwide Bitcoin transactions, shut down its trading platform abruptly in February 2014 after a purported hack.
- The exchange reported that around 850,000 Bitcoins were stolen from the exchange’s hot wallet, amounting to $450 million in value then (Equivalent value if one Bitcoin is priced at $10,000 – $8.2 billion).
- The exchange filed for bankruptcy and was eventually liquidated.
- CEO Mark Karpelès was found guilty of embezzlement of Bitcoin from investor deposits in an unrelated case and was jailed in 2015. He has since been released on bail and has pled not guilty to the charge.
- Tokyo-based security company WizSec presented its findings on the hack in 2015, suggesting most or all of the Bitcoins lost were siphoned from the hot wallet by hackers over time, starting as early as 2011.
- Though the case against Mark Karpelès is still ongoing, the courts have directed Mt. Gox to pay just $400 to users for each stolen Bitcoin, based on 2014 Bitcoin prices. This would leave Mark Karpelès with well over $1 billion (at a price of $10,000 per Bitcoin) in Bitcoin even after the reparative payment.
$60 million hack on Bitfinex (2014)
- The August 2016 hack on Bitfinex, one of the world’s largest cryptocurrency exchanges, resulted in nearly 120,000 Bitcoins worth $60 million (worth $1.2 billion at a price of $10,000 per Bitcoin) being stolen.
- Though the exact cause of the breach has not been identified, it is suspected that the storage of investor funds in hot wallets and the faulty implementation of multi signature authentication (a security measure where multiple keys held by more than one entity are needed to access funds) made the exchange vulnerable to hacking.
- The hack saw Bitcoin’s price fall by 20%.
- Bitfinex has since then returned all stolen funds to investors in phases. The return was complete by 2017.
$53 million Ethereum hack (2016)
- In May 2016, a hacker exploited a bug in software and siphoned off over $53 million in Ether from a DAO (Decentralised Autonomous Organisation – a program that allows investors to vote on and fund proposals) named ‘The DAO.’
- Since more than 15% of the total Ethereum was invested in the DAO that got hacked, Ethereum underwent a hard fork (change in protocol governing a cryptocurrency) with majority approval (89%) from the community that resulted in reversal of the transfer of stolen funds.
- Funds were thus returned to investors in the DAO who were able to withdraw their ether from the DAO.
- The move to reverse the transaction generated a lot of controversy as it involved altering the Ethereum Blockchain.
- Still, an overwhelming majority voted in favour of altering the Blockchain.
- This resulted in a split of the original Ethereum Blockchain into two – Ethereum and Ethereum Classic, as a section of miffed users voted down the proposal to alter the Blockchain and kept following the original Ethereum protocol.
$30 million Parity wallet hack (2017)
- This July 2017 hack resulted in the theft of 150,000 Ether tokens amounting to $30 million.
- The hack exploited a vulnerability in multi signature wallets (wallets with enhanced security where multiple keys are required to access funds) powered by Parity, a popular Ethereum service provider.
- Another 377,000 Ether tokens in the vulnerable wallets were saved by vigilante hackers calling themselves ‘White Hat Hackers’ who promised to return the tokens to Parity.
Another vulnerability was detected by a coder in DAOs (Decentralised Anonymous Organisations) powered by Parity who then accidentally locked up around $280 million in Parity’s wallets. The funds can’t be retrieved without altering Blockchain code.
Many other hacks have taken place over the years, mostly on exchanges and wallet service providers, starting from as early as 2011. Notable thefts include:
- a ponzi scheme named Bitcoin Savings and Trust that made away with over 750,000 Bitcoins in 2012. The man behind the ponzi scheme, Tendon Shavers, was eventually arrested and prosecuted.
- hack of Ether tokens amounting to $7 million on CoinDash, a cryptocurrency trading platform, by an unknown hacker. The hacker changed the deposit address in an ICO (Initial Coin Offering)that was underway.
- 13,000 Bitcoins and 3,000,000 Litecoins were stolen by now defunct crypto exchange Cryptsy’s CEO Paul Vernon, who converted the cryptocurrencies to fiat and fled to China. Class action lawsuits were filed in the USA.
Keep your crypto assets safe
Now that you have an idea of how prevalent crypto hacks are, make sure you follow these measures to protect your coins.
- Save the majority of your coins in an offline wallet (cold wallet). Only keep that amount of coins you’re actively trading in an online wallet.
- Never give out your private key to anyone. Use multi signature wallet addresses (requires multiple private keys to transfer coins from your account) for enhanced security.
- Use a wallet that supports two factor authentication if you trade crypto tokens on exchanges.
- Don’t fall for schemes that promise unrealistic returns.
- Don’t invest in ICOs until you can make sure they aren’t scams. Look for investor protection measures employed by ICOs such as refunds if the project fails.
For more information, read this Unoversity tutorial on how to keep your Cryptocoins safe.
Though many exchanges worldwide have experienced a number of significant hacks, leading Indian exchange Unocoin has had no major hacks, thanks to implementation of strong security measures such as offline storage of most of the investments, strong encryption, two factor authentication, automatic transaction limits etc. For more information on security measures adopted by Unocoin to protect your crypto holdings, visit Unocoin.com/security.