12 Biggest Hacks in Crypto Exchange History by DailyCoin
Cryptocurrency is seen as the technology of the future, which is happening today, and its growing recognition has led to its adoption by over 300 million people worldwide. What’s more, cryptocurrency is designed to be transferred electronically and securely, with the blockchain recording all transactions made, thus reducing opportunities for fraud.
However, that expectation has not quite been the case in reality. Cryptocurrency exchange hacking has been a consistent thorn in the side of investors and exchanges alike. Even despite the measures used by exchanges to protect their assets, experienced attackers have still managed to find their way around them and breach the platform’s security walls.
It is also important to keep in mind that exchanges are often targeted due to their tendency to have open source libraries. A great many hacks have occurred in crypto’s short history, often leaving investors literally in tears. The most annoying part for exchanges is that such hackers are never satisfied and continue to attempt to hack even the most seemingly secure systems, often taking it as a challenge.
With that in mind, one begins to wonder how many crypto hacks have occurred, and how much has been stolen in the process. While we can’t cover them all, let’s take a look at the 12 biggest hacks in crypto exchange history.
12. Binance – $40 million stolen
Let’s start with Binance, one of the biggest names in the industry. In May 2019, the exchange was hit by a major security incident where hackers withdrew over 7,000 bitcoins from the hot wallet.
The exchange’s total loss amounted to approximately $40 million as the attackers breached the exchange’s security systems, obtaining key information sets including two-factor authentication codes, APIs and other data.
The hackers reportedly used a variety of techniques to carry out the attack, including phishing, virus injection and more. In the end, the exchange claimed that its Secure Asset Fund for Users (SAFU) covered all losses.
11. Upbit – $45 million stolen
Founded in 2017 in South Korea, Upbit cryptocurrency exchange quickly became the world’s largest crypto exchange in terms of daily transactions in 2018, making Upbit a mammoth in the crypto industry
In November 2019, however, the stock exchange was hit by a terrorist attack online. In the event, hackers broke into the exchange and stole over $45 million in a single transaction.
After the hack, the platform transferred all holdings from its hot wallets to more secure cold wallets. In 2020, Upbit updated the wallet’s security system, and introduced new addresses for deposits.
A few months later, the US Department of Justice was able to identify two Chinese nationals who had allegedly carried out the attack.
10. Zaif – $60 million stolen
Zaif has earned the title of the oldest crypto exchanges in Japan. In 2018, hackers targeted Zaif, stealing a ton of cryptocurrency worth $60 million at the time.
The hackers obtained , , and Monacoin from Zaif’s “hot wallets,” crypto wallets that have lighter security measures in place so they can be used for instant transactions.
While much of the stolen funds belonged to Zaif users, the exchange itself was also left out, as 32% of the cryptocurrencies taken came from its reserves.
The company reimbursed customers immediately, and even took out loans to ensure they could meet their obligations.
9. BadgerDAO – $130 million stolen
In late 2021, tragedy struck BadgerDAO, a decentralized autonomous organization (DAO) that enables bitcoin to be used as security for decentralized finance applications (DeFi).
The hack was discovered by blockchain security firm PeckShield, which tracked down the missing funds. The platform confirmed that hackers had used a malicious code snippet via Cloudfare, which enabled them to drain $130 million in funds.
However, around $9 million of the stolen funds were recovered, as they were not withdrawn.
8. Bitgrail – $150 million stolen
Bitgrail, a now insolvent Italian exchange that had traded in lesser-known cryptos such as Nano (XRB), suffered a hack that saw it lose $150 million.
Nano wallets took the brunt of the hit, as at least 17 million coins were stolen, resulting in an estimated loss of $150 million. An investigation later revealed that the coins had been stolen from cold wallets, suggesting an inside job due to their nature.
In 2019, an Italian court ruled that Francesco Firano, founder of the now-defunct Bitgrail cryptocurrency exchange, was responsible for the disappearance of $170 million, and ordered him to repay customers the full loss.
7. PancakeBunny – $200 million stolen
In May 2021, Pancake Bunny was victimized by a flash loan attack where hackers were able to drain $200 million from the platform.
A report revealed that the hacker had borrowed a large sum of (BNB), which they used to manipulate the price and eventually dumped it on PancakeBunny’s BUNNY/BNB market.
Fortunately, the hack did not result in any smart contract hacks and no vaults were compromised. Interestingly, after dumping his BUNNY tokens, the attacker paid back his flash loans in full.
6. KuCoin – $280 million
On September 26, 2020, KuCoin announced that it had been breached as a result of a pre-planned attack.
The losses incurred in the resulting theft of cryptocurrencies totaled approximately $280 million at the time, making the KuCoin incident one of the largest cryptocurrency exchange hacks to date.
Reports suggested that the funds had been stolen from the company’s hot wallets, and its cold wallets remained safe.
On October 7, 2020, the exchange announced that it had recovered around $204 million of the stolen crypto, and had even identified suspects with substantial evidence at hand.
5. Wormhole – $326 million stolen
In the first quarter of 2022, the Wormhole crypto exchange was hacked, losing $326 million and becoming the first major crypto heist of 2022.
The platform acts as a communication bridge between (an “Ethereum Killer” that has been hugely successful in the past year) and other decentralized financial networks.
On February 2, 2022, hackers managed to exploit a vulnerability, causing Wormhole to shut down its platform while it investigated the issue. Two days later, longtime backer Jump Trading stepped in to replenish the stolen funds, much to the relief of the exchange and its investors.
4. Mt. Gox – $480 million stolen
One of the most famous crypto heists was the theft of $480 million in Bitcoin from the Japanese exchange Mt. Gox in 2014.
In February of the same year, the stock exchange abruptly halted trading, stopped stock exchange services and filed for bankruptcy protection. Afterwards, it revealed that up to 850,000 Bitcoins were missing, believed to have been stolen. Since the transferred Bitcoin accounted for about 7% of the total Bitcoin in circulation at the time, the ill-gotten gains were valued at approximately $480 million.
Other major Bitcoin exchanges condemned Mt. Gox for its actions, calling them a tragic breach of user trust. To date, creditors are still seeking billions of dollars worth of cryptocurrency in damages.
3. Coincheck Hack – $534M Stolen
Coincheck, one of the top 20 exchanges in the world, faced hackers in January 2018, when it lost $534 million worth of crypto.
Immediately after identifying the breach, Coincheck froze all deposits and withdrawals on the platform. Unfortunately, the damage had already been done, and the exchange admitted that it would struggle to cover the losses suffered by users.
The hackers used a phishing attack to gain access to hot wallets. From there, they were able to spread the malware and siphon the funds.
The attack was followed by a thorough investigation led by Japanese authorities. Details of the attack were revealed in a 2021 report, where authorities stated that many of the people involved in the attack were in the high-income class.
2. Poly Network – $611 million stolen
At the time of the Poly hack, the crypto community was certain that it would be the biggest crypto hack of all time. Unfortunately, they were wrong. In 2021, Poly Network reported that a hacker had transferred $611 million worth of Poly Network tokens to three wallets under their control.
The illegal actor found a way to buy tokens on the Poly Network protocol without having to sell the corresponding tokens on other blockchains.
In a bizarre but positive twist, the attacker returned the stolen assets to the Poly Network within 15 days, claiming that the purpose of the theft had been to expose vulnerabilities, and catalyze the development of a more secure Poly Network.
1. Ronin Network () – $620 million stolen
In the biggest event to date, one that rocked the crypto industry, Ronin Network (a game-based crypto network) announced on March 29, 2022 that it had been hacked, resulting in total losses of a whopping $620 million.
The sum consisted of 173,600 ETH (worth approximately 595 million USD) and 25.5 million USD (USDC), making it the largest crypto heist.
It was reported that the hackers had infiltrated the network of Axie Infinity developer Sky Mavis by sending a spyware-filled PDF to an employee. The employee was under the impression that they were offered a well-paid job by another company, but it turns out that company never existed.
The US Treasury later attributed the theft to North Korea’s Lazarus group. Axie Infinity later stated that it would refund all victims of the $625 million Ronin bridge hack.
Final thoughts
So much money has been lost to cryptocurrency hacking, leaving many investors unable to recover.
The world of cryptocurrencies will certainly continue to expand in the coming years, but that can only mean one thing: the growth of the industry will undoubtedly attract the interest of even more malicious hackers. In other words, theft will continue to play a role in the crypto industry until exchanges and projects take the next step towards perfecting the security systems they use.
Continue reading at DailyCoin