Once in a while, news emerges of an individual has lost their money in a cryptocurrency investment due to CryptoCurrency Hack. In most cases, investors lose money after a digital currency loses value overnight.
But there are shocking cases where a cryptocurrency exchange loses millions of dollars owing to a hacking incident. This article looks at the most devastating hacking incidents that have occurred in the cryptocurrency industry.
#1: The Mt. Gox CryptoCurrency Hack
In 2013, one of the first and most high profiles CryptoCurrency Hack incidents hit the crypto world. The world’s biggest cryptocurrency exchange at the time, Mt.Gox, was breaking trade volume records.
Max Karpeles, the company’s CEO, was one of the most prominent figures in the industry. However, while Mt. Gox enjoyed great success, it had some unsettling weaknesses:
- The company lacked VCS (Version Control Software) – a feature that enables people to check a company’s code, monitor it for changes or identifies who made the changes.
- Everything about the company’s code had to be approved by Karpeles.
- The company lacked proper management.
- Mt. Gox had already been a victim of a previous hacking attack – in 2011; hackers violated the exchange’s system and forced a sale of a huge chunk of bitcoins into their wallets.
Mt. Gox may have managed to crawl back from the 2011 attack, but it was the 2014 hacking incident that changed the way people looked at cryptocurrency exchanges. Read here to learn in full detail how the Tokyo based exchange got hacked.
- Approximately $473 million was stolen.
- Bitcoin’s value crushed within days.
- Alex Vinnik became the potential suspect and was arrested in Greece, but he is yet to face charges in the US.
2: The DAO Hack
The DAO CryptoCurrency Hack is the most infamous crypto hacking incident associated with Ethereum. To keep things clear, this hacking attack occurred on a platform that ran on the Ethereum smart contracts. Ethereum had nothing to do with the attack.
What was DAO?
DAO or Decentralized Autonomous Organization was an Ethereum smart contract that allowed members to have a say on the Decentralized apps made on Ethereum.
DAO members were supposed to buy DAO coins using Ethereum and DAO would fund applications made through the Ethereum smart contracts. Members would then benefit from the sponsored applications based on their financial contributions.
What went wrong?#
To enable members to exit the DAO program, DAO had an exit plan that only allowed people to get their Ethereum back after holding them on the platform for 28 days. However, the exit plan had a loophole.
Hackers could make a request to exit DAO, but before it was registered on the DAO network, they could make a second request. Hackers recognized this loophole and took advantage.
On June 17th, 2016, it was discovered that a hacker had stolen $50 million of ether owing to this loophole.
- $50 million worth of ether was lost
- DAO users panicked with some blaming Ethereum for the attack.
- The Ethereum community split, leading to the creation of Ethereum classic.
#3: The Bitfinex Attack
After the Mt. Gox CryptoCurrency Hack incident, many exchanges tightened their systems to prevent getting hacked. However, this didn’t stop hackers from successfully hacking one of the biggest cryptocurrency exchanges in the crypto market.
On August, 2nd, 2016, Hong Kong-based cryptocurrency exchange, Bitfinex, announced that their system had been violated and 120,000 bitcoins had been stolen. At the time, the bitcoins stolen were worth $72 million.
How it happened
In 2016, Bitfinex relied on a multi-signature wallet to hold users’ bitcoins. Basically, a multi-signature wallet consists of 2 or more security keys and a user needs at least two of the keys to make a transaction request. With Bitfinex’s multi-sig wallet:
- Bitfinex held one security key.
- The user held another key and had the option of holding a third key for backup.
- To increase security, Bitfinex partnered with a company, BitGo, which would hold one security key.
- Bitfinex took hold of the security keys earlier held by customers.
While Bitfinex had a great idea, they were overconfident of their security measures. As it turned out, Bitfinex were holding 120000 bitcoins in their hot (online) wallets.
- Their servers were violated. The hackers were able to get through BitGo’s servers as well.
- 120,000 bitcoins were lost.
- Bitcoin prices went down by 20%.
- Bitfinex suffered for a while but crawled back into business within months.
#4: Nice Hash Cyber Attack
On December 6th, 2017, a Slovenian based bitcoin mining company suffered a cyber-attack that resulted in the loss of $80 million (4700 BTC). The company’s CEO, Marko Kobal, announced through a Facebook Live feed that a computer belonging to one of his employees had been compromised. The attack occurred just when the value of a bitcoin was surging, reaching its highest peak of $19,000 three weeks after the attack.
#5: The Coincheck Attack
On January 26th, 2018, Tokyo based cryptocurrency exchange announced that their system had been hacked and $483 million worth of bitcoin had been stolen. It was one of the biggest CryptoCurrency Hack incidents since the Mt.Gox attack.
Although Coincheck was reluctant to disclose the details of the attack, they revealed that:
- A security breached had made their systems vulnerable.
- Coincheck stored their customers’ cryptocurrencies in a hot wallet, the same mistake made by Bitfinex in 2016.
- Coincheck lacked a multi-signature wallet security system, making their website even more vulnerable.
- $483 million worth of NEM coins were stolen.
- Coincheck reported to the Japanese security officials.
- Coincheck published all 11 addresses associated with the heist.
- ShapeShift announced one week later they had blocked all the addresses.
- The hackers are yet to be identified.
Every once in a while, a cryptocurrency exchange is hacked. When it happens, almost every user who stored their coin on the exchange loses their digital assets as well. To prevent such incidents, always store your cryptocurrency in a safe, third party wallet such a hardware wallet.