A Huge List of Cryptocurrency Thefts

Any cryptocurrency exchange hack adversely affects the rate of cryptocurrency, which makes the price to restore only after a few months. Hackers carry out attacks not only to steal money. Many hacks are performed for the sake of pumping or dumping the cryptocurrency exchange rate, some are insider’s job, and some are simple exit scams. After all, inexperienced market players (who are now the majority) begin to withdraw tokens to fiat when hearing bad news quickly.

The likelihood of such well-designed tactical attacks will only grow with the development of the market and fierce competition on it. Coins and tokens can disappear even from the largest and seemingly protected exchanges. However, does the problem always lie on a hacker?

ROKKEX decided to create a timeline of cryptocurrency exchange frauds, and biggest crypto exchange hacks to find out whether only the hackers are to blame.

Spoiler: Sometimes, the owners or employees are guilty as well.

2011

June

What: Mt.Gox
Amount: 2643 BTC

Mt.Gox opens the list of cryptocurrency hacks. In the distant 2011, a hacker managed to hijack auditor account with administrative rights. Through phishing, he or she took possession of the administrative account, stole hot wallet private keys from wallet.dat file., changed the BTC price to 1 cent, obtained accounts of Mt.Gox users, created the sell orders, and bought 2643 BTC at the artificially created price for customers’ money.

July

What: Bitomat
Amount: 17,000 BTC

A cryptocurrency exchange based in Poland was the 3rd largest exchange platform at that time. One day, due to the accidental wallet destruction during the server reboot, they lost keys to all BTC wallets, resulting in loss of 17k BTC.

In a few words, Bitomat was using Amazon Web Services Elastic Cloud Computing to host virtual machines; the AWS warning goes that if an instance is taken offline all the data stored can be lost permanently. It appeared that Bitomat happened to be storing backups and current state of their wallet in an EC2 virtual machine, so it’s possible that they had little chance of recovering the old funds from the wallet.

October

What: Bitcoin7
Amount: 11,000 BTC

On October 6, Bitcoin7 posted a message on their website that informed the users that Russian and Eastern European hackers attacked cryptocurrency exchange. The hackers breached Bitcoin7 servers and gained full access to the main BTC depository and 2 of the 3 backup wallets.

Today, Bitcoin7 domain offers a scammy service of multiplying the amount of BTC. Maybe, it’s still possessed by hackers?

What: Mt.Gox
Amount: 2609 BTC

The bad luck of Mt.Gox was gaining traction on October 2011. The exchange lost other 2609 BTC due to a programming error. To put it simply, Mt Gox accidentally created transactions that can never be redeemed. To understand the issue more deeply, go here.

2012

March

What: Linode
Amount: 3000 BTC from Slush and 43000 BTC from Bitcoinica

On March 1, web hosting provider Linode was hacked, resulting in a theft of 3000 BTC from Slush and 43000 BTC from Bitcoinica. There have been two major BTC heists before, one 25,000 BTC theft in June and a 17,000 BTC theft from the BTC exchange Bitomat in August, resulting in the exchange being bailed out and acquired by MtGox.

At that moment, security has become a major concern of the BTC community. Although people wanted to carry out their economic activity in cryptocurrency, the question of whether their money was safe disturbed them.

May

What: Bitcoinica
Amount: 18,457 BTC

The 43,000 BTC Linode theft was not enough, and another 18,457 BTC was stolen from Bitcoinica’s reserves. The CEO Zhou Tong was barely able to prevent the loss of 30,000 more. The site was immediately shut down for security reasons.

Vitalik Buterin, being a writer and co-founder of Bitcoin Magazine at that time, wrote:

“Unfortunately, given the financial stress that Bitcoinica was already in after the Linode theft two months ago, even this smaller loss turned out to be the straw that broke the camel’s back.”

July

What: BTC-e
Amount: 4,500 BTC

Here comes the first proven story when exchange operators are becoming greedy and peculate money that doesn’t belong to them. Alexander Vinnik, the operator of BTC-e, was arrested mainly for money laundering but also computer hacking. He was one of the staff members who performed DDoS attacks, stole API creds, initiated Liberty Reserve deposits, and injected large amounts of USD into the system which were quickly sold for BTC.

BTC-e.com was considered a golden standard of reliability and had a chance to change the reputation of Russia being the money-laundering country.

September

What: BitFloor
Amount: 24,000 BTC

BitFloor had been operating since 2011 when on September 4, 2012, the operator of BitFloor reported a security breach that resulted in 24K BTC being stolen. The site was shut down, and access to customer funds denied as the exchange’s reserves were insufficient to accommodate all funds deposited.

2013

May

What: Vircurex
Amount: 1,454 BTC

In 2014, the exchange announced it was almost bankrupt after losing significant amounts of its reserve funds. Part of the loss came from “two purported hacks the exchange experienced in mid-2013.”

As a result, the Vircurex froze withdrawals of BTC, LTC, FTC, and TRC. At the time, the company declared it would begin paying users back using the profits. The exchange refunded small amounts of cryptocurrencies to a few of its customers, but most of the funds owed remained with the exchange.

October

What: Silk Road (marketplace)
Amount: ~1,606 BTC

It won’t be a list of cryptocurrency fraud if we don’t mention Silk Road and Mr.Ulbricht criminal activity.

Silk Road, located in the Tor network, can be called an alternative eBay or Amazon but for selling illegal goods, such as heroin, weapons, pornography, etc. All payment transactions were made in BTC, and the Silk Road was a middleman connecting the users and taking a commission for their illegal trades. For two years of the marketplace existence, the total volume of transactions amounted to 9.5 mln BTC.

Soon the FBI got interested in Silk Road. In 2015, the founder of the company Ulim Ross Ulbricht was sentenced to life imprisonment for many crimes including hacker attacks and collusion in money laundering.

The story doesn’t finish there, as secret service agent, who had been conducting the case, eventually stole the dirty BTC himself.

November

What: BitCash
Amount: 484 BTC

On November 11, Czech-based cryptocurrency exchange experienced hacker attack emptying 4,000 users’ wallets.

The website servers were hacked to conduct a phishing attack with fraudulent emails on behalf of BitCash to fool users. The emails claim BitCash resorted to their US recovery company to get back the BTC that have been stolen. Recipients were asked to send 2 BTC to a wallet address for their BTC to be returned. However, the BTC address listed in the email text hadn’t been used online and had no transactions.

2014

March

What: Mt.Gox
Amount: 850,000 BTC

In 2013 MtGox was one of the most popular cryptocurrency exchanges (47% of transactions in BTC were made through this platform). In total it lost 850,000 BTC, which is currently a record amount.

As you might remember from the above, our list of cryptocurrency exchange hacks began exactly with Mt.Gox which private keys were stolen. The hacker(s)/insider(s) gained access to a large number of BTC, began to control the input and output of funds, as well as deposits. During 2 years (2012–2013), a hacker was emptying wallets, but the Mt. Gox systems was interpreting the spending as deposits, crediting some users with up to about 40,000 extra BTC.

Today, 5 years later, Mt.Gox is still the biggest hack ever happened (and we hope it’ll remain like this).

What: Poloniex
Amount: 12.3% of all BTCs (97 BTC)

Poloniex, a US-based cryptocurrency exchange, was hacked in the summer of 2014. The hackers managed to exploit an incorrect withdrawal code of Poloniex.

The company did not report the exact number of BTC stolen, but you can check a detailed explanation of the hack on the Bitcointalk forum. Moreover, Poloniex might have been hacked a few other times as some unofficial source like this, this, and this has claimed.

July

What: Cryptsy
Amount: 13,000 BTC and 300,000 LTC

In July 2014, the attacker under the nickname Lucky7Coin inserted the Trojan code into the code of Cryptsy — a cryptocurrency exchange. A hacker got access to BTC and LTC keys. As a result, a criminal(s) got 13,000 BTC and 300,000 LTC.

Interestingly, exchange administrators were familiar with the fraudster. The attacker sent an awkward letter two months before the hack introducing oneself as Jack and reporting that the previous owner of the nickname died.

The owner of the company, Paul Vernon, was accused of destroying evidence of illegal activities and stealing 11,000 BTC. Cryptsy clients believe that the currency could be laundered through another exchange — Coinbase.

December

What: Mintpal
Amount: 3,894 BTC

MintPal was considered one of the best trading platforms until the time when management changed in the fall of 2014. The company was sold to Executive Director of Moopay, Ryan Kennedy, known under the pseudonym Alex Green.

During the internal work, he stole 3,894 BTC and bankrupted the exchange. It is noteworthy that several months later, after the withdrawal of funds, Kennedy was sentenced to 11 years in prison for rape and the sentence did not contain a clause about stealing $1.5 million in BTC.

2015

January

What: Bitstamp
Amount: 19,000 BTC

The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Supervisory Authority in Finance (CSSF), was hacked in January 2015. Hackers sent a malicious file to the internal mail of employees. One of the Bitstamp’s employees neglected security rule №1 — do not open files from strangers, and followed the link on the device that has access to the BTC wallet of the exchange. As a result, 19,000 BTC was stolen, or about $5,100,000 at the day of the theft.

What: LocalBitcoins
Amount: ~17 BTC

17 BTC is seemingly not a large sum compared to the compromised exchanges above; nevertheless, it’s one more argument in favor of paying attention (and allocating money) to cybersecurity.

Nikolaus Kangas, the vice-president of Local Bitcoins, explained:

“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

Three users lost funds during the hack. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Again, 2FA is a reliable security measure that should be in place on every cryptocurrency exchange platform.

What: 796
Amount: 1,000 BTC

What seemed like a mistake, appeared to be a well-calculated and precise attack. At the end of January, the server of Chinese cryptocurrency exchange, 796, was compromised. According to the explanation, a hacker gained access to a sub-module and tampered customers’ withdrawal addresses with one’s own.

February

What: Bter
Amount: 7,000 BTC

Another attack that is related to employees mistake occurred in China. A small cryptocurrency exchange Bter was hacked several times. Employees of the exchange organized the largest heist. In February 2015, 7000 BTC was stolen from a cold wallet. After that, all the activities of the company were suspended, and only a couple of years later the Bter management resumed withdrawing funds from their assets.

What: KipCoin
Amount: 3,000 BTC

Being the owner of an exchange platform, will you admit the breach immediately or halter the news until the investigation gives you more details? The owners of KipCoin chose the second option.

Remember Linode? In 2015 it became clear that it was hacked again in June 2014 causing a breach of KipCoin server. The hackers changed Linode account password excluding the owners from accessing it; this entailed KipCoin Linode root password to be changed as well, as the hacker(s) gained control of the entire platform.

For a month, the administration of the exchange tried to regain control, and they succeeded (surprisingly, nothing malevolent had happened during this month). That didn’t mean that hackers went away, they lurked. In October 2014, hackers gained access to funds as the exchange didn’t change their BTC private keys.

KipCoin decided to not disclose this information immediately in light of BitStamp losing many coins and has taken all the necessary steps to file an official complaint with the police.

2016

March

What: Cointrader
Amount: Unknown

A hack or an exit scam? That’s the question users often ask when an exchange unexpectedly shuts down.

On March 28, Cointrader joined the graveyard of allegedly hacked cryptocurrency exchanges having sent their users the following message:

Dear Cointrader Customer,

A recent internal audit revealed a deficiency of Bitcoin in our wallets causing a delay in withdrawals. This issue is currently under investigation and it is our intention to have the balance of your account settled as soon as possible. We sincerely apologize for this unfortunate inconvenience and will keep you posted on the progress of this issue. In the meantime, we have halted deposits, withdrawals and trading activity until this matter has been resolved.

Sincerely,

Cointrader.net Support

The shut down was followed with a low daily trading volume of only 81.43 BTC over the next 6 months. The number of affected users has never been reported.

April

What: ShapeShift
Amount: 469 BTC + 5,800 ETH + 1,900 LTC

ShapeShift story is an excellent example of an insider job or a disloyal employee. On March 14, an employee stole from the company 315 BTC. When the theft was uncovered, he got fired. However, the losses didn’t stop on that: on April 7 additional 97 BTC, 3,600 ETH, and 1,900 LTC disappeared. The site was taken offline, and incident response measures were in place, and then additional 57 BTC and 2,200 ETH were taken!

The report stated:

“Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.”

May

What: GateCoin
Amount: 4,320 BTC (250 BTC and 185,000 ETH)

Gatecoin was one of the first regulated cryptocurrency exchange platforms to spring up. It offered purchases of ETH-based tokens to vote on and fund development proposals during crowdsale for The Dao, and in the aftermath of the hack, it promised to build a portal for withdrawing DAO-related tokens and fiat currencies. The exchange was well-known and prominent at that time, so there is no wonder that it attracted the attention of malefactors.

Gatecoin stated:

“We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.”

August

What: Bitfinex
Amount: 120,000 BTC

The Hong Kong company claimed to be the most reliable and secure cryptocurrency exchange, where wallets with multiple identifiers are selected for each client. It turned out to be just a matter of marketing. In August 2016, cybercriminals kidnapped 120,000 BTC. The main leak of funds occurred through the BitGo processing service with which Bitfinex cooperated.

2017

June

What: QuadrigaCX
Amount: 67,000 ETH

Some errors don’t bring harm to the users of a cryptocurrency exchange but to the owners. Due to programmers error, a Canadian-based exchange platform lost 67k of ETH. In the official statement, QuadrigaCX explained that the mistake happened after a Geth upgrade. Talking in technical terms:

“The programmer called a function in the splitter smart contract with a corrupted transaction data payload, which was the result of failing to prefix a certain value with 0x (which is necessary to indicate a string is hex-encoded).”

December

What: Nicehash (a marketplace for mining hashing power.)
Amount: 4,000 BTC

Nicehash wasn’t an exchange but a cryptocurrency hash power broker with integrated marketplace; nevertheless, the story also belongs to the list of cryptocurrency thefts. People rented their computing power to those who wanted to mine cryptocurrency without investments in hardware. It turned out that people were paying to mine coins which went directly to hackers’ pockets.

The Slovenia-based company gave further comment:

“Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency.”

In August, the company announced paying back 60% of stolen coins.

2018

January

What: Coincheck
Amount: 523,000,000 NEM

Another major hack occurred at CoinCheck, the leading Japanese crypto trading platform. Hackers outside the country infected the internal network of the exchange with a virus that was transmitted through email, and it allowed them to steal private keys. As a result, 523 mln NEM coins were stolen for $533 million at the time of the theft.

The incident occurred due to the neglect of the storage of this cryptocurrency, as the exchange did not use smart contracts with multi-signatures, and all coins were stored on the same wallet.

February

What: BitGrail
Amount: 17,000,000 NANO

More than $170 million in 2018 was stolen from the Italian cryptocurrency exchange Bitgrail.

According to the owner Francesco Firano, 17 million XRB (Nano / RaiBlock) was withdrawn from the accounts as a result of “unauthorized transactions.” Nano representatives denied this information and stated that there were no errors. 😏

It is worth noting that the rest of the tokens stored on the exchange did not suffer. After the attack, Bitgrail declared itself bankrupt.

April

What: CoinSecure
Amount: 438 BTC

As we already know, employees of the exchange can take advantage of their position and peculate considerable sums. In April 2018 an Indian exchange Coinsecure lost 438 BTC or $3.5 million at the rate. The owners of the company assume that CoinSecure CSO (Chief Security Officer) committed a hack when extracting BTG. The suspect denied his guilt and claimed that the funds “had been stolen in the process of some kind of attack”.

June

What: Coinrail
Amount: 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins + significant amounts of six other tokens

Despite Coinrail being a small exchange in South Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it and stole 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins, and significant amounts of six other tokens.

The authorities didn’t give many details and called the attack a “cyber intrusion,” which resulted in many ERC-20 tokens stolen from the exchange.

September

What: Zaif
Amount: 5,966 BTC

Japanese based exchange Zaif was hacked on September 14. This resulted in $60 million in BTC, BCH, and MonaCoin being stolen. Oddly enough, the exact amount of stolen BCH is unknown, which does inspire Zaif to improve their security measures in the future.

Zaif has already filed a criminal case with local authorities; apparently due to the way a hacker got unauthorized access to the funds, possibly an employee went rogue?

October

What: MapleChange
Amount: 913 BTC

A small Canadian based exchange called MapleChange had a modest volume of around $67,000 per day since its launch in May 2018. In October they claimed being hacked or suffered a bug which resulted in all customers’ deposited funds being withdrawn.

On October 28, they made a strange claim that they had to delete all their social media accounts during an investigation. With no details on their team or whether they were legally allowed to operate, the “hack” reeks of an orchestrated exit scam.

November

What: Pure Bit
Amount: $30,000,000 (ICO + 13,000 ETH)

Pure Bit raised over $30,000,000 in an ICO to create a cryptocurrency exchange in South Korea, but then they executed an exit scam.

Pure Bit even tried to go further and sell a portion of stolen funds on UpBit. Luckily, UpBit promptly froze the account, knowing that the funds are fraudulent.

Pure Bit website is now offline, and their KakaoTalk account renamed to a phrase that roughly translates into “I’m Sorry.”

December

What: QuadrigaCX
Amount: 26 350 BTC

One of the most remarkable hacks in our list of cryptocurrency thefts happened in December 2018. The owner of QuadrigaCX, Gerry Cotten, suddenly passed away; he was the only one who had access to the cold wallets of the exchange. Interestingly, at the moment of announcement users have been trying to withdraw funds for several months already and bankruptcy rumors were spreading quickly.

When Ernst&Young started their audit, they found out that there had never been more than 100 BTC on a cold wallet. QuadrigaCX started bankruptcy procedure owning their customers more than 26,000 BTC.

There is a conspiracy theory that Gerry Cotten is still alive and that QuadrigaCX case is nothing more than just an exit scam.

2019

January

What: HitBTC
Amount: Unknown

It is vital to mention HitBTC behavior ahead of the annual Proof Of Keys event. Users were complaining across Reddit and other social media platforms reporting that HitBTC was blocking all attempts of withdrawing their funds.

What: Cryptopia
Amount: At least 19,390 ETH

On January 13, users of Cryptopia reported difficulties accessing and using their accounts. The first message from Cryptopia was that they were going into unscheduled maintenance to resolve a technical issue. Later the exchange clarified on Twitter that they had suffered a security breach.

Cryptopia stated that they had reported the breach to the relevant New Zealand’s authorities. The full amount of lost funds is unknown; however, 19,390 ETH has been seen transferred to an unknown wallet. As Cryptopia was quite a small exchange, the possibility of an inside job is one of the versions.

What: Cryptopia
Amount: 1,675 ETH

After being hacked on January 13, Cryptopia was hacked again 15 days later. This confirms that the exchange no longer had any control over their wallets.

February

What: Coinmama
Amount: 450,000k user emails and passwords

Coinmama is one of the largest crypto brokers, servicing a total of 1.3 million active users. On February 15th, their customer database was hacked, which led to over 450k user emails and passwords leakage. We can only assume how the sensitive data could have been used: to gain access to cryptocurrency exchange accounts or to sell on the black market for other aims.

May

What: Binance
Amount: 7,000 BTC

The latest case from crypto exchange hack history happened a month ago with Binance. The hackers withdraw 7,000 BTC (currently over $40 million) having used several tactics of phishing and malware, which allowed them to obtain a large number of user 2FA codes and API keys. They also mentioned other info had been jeopardized, which could potentially refer to customers private details being stolen as well. One of the possible solutions to restore funds was a hard fork of the BTC network.

The skills and knowledge of criminals are improving, and the methods by which thefts are committed become even more sophisticated. It is rather difficult to return the stolen cryptocurrency because unscrupulous experts who participate in frauds sometimes turn out to be among cryptocurrency exchange owners. Therefore, before each user starts investing money, it is worth becoming familiar with the companies’ team and security history.

Now you have an answer on the question “which crypto exchange was hacked”. We dived deep and tried to cover all the cryptocurrency exchange thefts and frauds that have ever happened since BTC origin. However, there is still a chance that we haven’t heard about other hacks, so please share with us the information, and we’ll add it to the list.

Remember, it’s a risky idea to put money into places where solvency isn’t transparent. The public addresses of the exchange wallet and monthly revenue numbers should always be public on the company’s website. So, if you do the math, you can always keep track of how the business is going. This is the blockchain spirit, spirit of transparency, and honesty.

Stay secured!