7 Huge Hacks That Might Make You Think Twice About Cryptocurrency | Tech News
Investors aren’t the only ones interested in cryptocurrencies. Hackers like them, too. South Korean Bitcoin exchange Bithumb is the latest victim; this week, it reported a breach that may have stolen $31 million from its digital coffers.
But it’s not the first. Over the years, cybercriminals have looted billions in virtual currencies, sending shockwaves through the market. Exchanges have been shut down, prices have sunk, and investors have lost fortunes. Below, we take a look at the biggest heists to hit cryptocurrency institutions, how they occurred, and if any lessons can be learned.
Coinrail – June 2018
Amount stolen: $30 million to $40 million in various tokens
South Korean exchange Coinrail was attacked earlier this month. Hackers may have looted as much as $40 million, but the incident caused a chain reaction that resulted in the overall cryptocurrency market losing about $40 billion to $50 billion, according to Coinmarketcap.com.
Details about the hack remain thin, but the incident occurred as North Korean hackers have been preying on cryptocurrency providers across the globe, typically via phishing emails sent to those in charge of these exchanges.
As of today, Coinrail remains down and investors are growing impatient. The good news is that 70 percent of the exchange’s holdings were held in a “cold wallet,” a digital coffer kept offline, and it plans to compensate investors.
Bitgrail – February 2018
Amount stolen: At least $150 million in Nano tokens
This heist at an Italian cryptocurrency exchange has brought out the conspiracy theorists. In February, Bitgrail reported a breach involving a digital currency called Nano. It blamed the heist on bad software provided by Nano’s developer, but the team behind Nano claims Bitgrail was actually insolvent and trying to scam users.
The bickering has left investors with nothing and compelled some to take Bitgrail and Nano’s developers to court. The whole controversy underscores the risks when investing in cryptocurrencies: the technology can be immature, parties involved can be shady, and much of the market remains unregulated. Proceed with caution.
Coincheck – January 2018
Amount stolen: $500 million in the NEM currency
It’s never a good idea to keep all your eggs in one basket. That’s what appears to have happened at Japanese cryptocurrency exchange Coincheck; it stashed over 523 million NEM coins in what’s known as a “hot wallet,” a digital coffer connected to the greater internet.
As a result, a bad actor in January somehow gained access to the wallet, and stole all the funds inside. According to Coincheck, 260,000 investors were affected.
Fortunately, the exchange has been providing refunds, but the hack may have helped sink NEM’s price; since the breach, its value has dropped about 80 percent.
NiceHash – December 2017
Amount stolen: $70 million in Bitcoin
NiceHash isn’t a traditional exchange, but a digital marketplace for cryptocurrency enthusiasts to buy and sell computing power to mine the digital gold. But in December it went offline after a hacker stole 4,700 bitcoins from the Slovenian company in a mere two hours.
According to NiceHash, a hacker using an IP address outside the European Union compromised a company computer, stole an engineer’s credentials, and infiltrated NiceHash’s internal network to loot funds from user accounts.
At the time, NiceHash’s CEO called the attack “incredibly coordinated,” but clearly the company had a major hole in its security. Since then, NiceHash has redesigned the marketplace’s payment system to include the manual confirmation of every cryptocurrency transaction that leaves its systems.
Bitfinex – August 2016
Amount stolen: $70 million in Bitcoin ($800 million in today’s value.)
Though Bitfinex upgraded to a new wallet system several years ago with the help of Bitgo, which specializes in securing digital currencies, the overhaul failed to stop a hacker from stealing 120,000 bitcoins from the exchange.
Critics claim Bitfinex’s system was essentially storing its Bitcoin into hot wallets. Supposedly, the wallets were secured with multiple cryptographic keys, but still the hacker managed to break in. Bitfinex now says it stores 99.5 percent of user funds in cold wallets.
Bitstamp – January 2015
Amount stolen: $5 million in Bitcoin (or $120 million in today’s value)
The details of this hack emerged when a Reddit user posted what appears to be Bitstamp’s internal incident report about the breach. It details how a hacker launched a phishing campaign on company employees and stole over 18,866 bitcoins from the exchange.
For several weeks, the hacker targeted six employees, including Bitstamp’s CTO, over Skype and email with promises of free concert tickets, a job, or membership in a computing society. Eventually, the hacker tricked a company system administrator into opening a document loaded with malware, opening access to the company’s hot wallet.
Fortunately, the stolen funds were only a small portion of Bitstamp’s total Bitcoin reserves, according to the incident report, since the exchange used a hot and cold wallet system to store its cryptocurrency.
Mt. Gox – January 2014
Amount lost: $470 million ($5.7 billion in today’s value.)
Perhaps the most notorious cryptocurrency hack, the Mt. Gox exchange lost 850,000 bitcoin in a heist that secretly occurred over the span of two years. Cryptocurrency experts have traced the breach back to September 2011 when the private keys for Mt. Gox’s hot wallet were stolen, possibly by a Russian hacker named Alexander Vinnik, who was arrested in Greece last year for Bitcoin laundering.
By mid-2013, Vinnik may have stolen about 630,000 bitcoin from the Mt. Gox exchange by secretly emptying its wallet. Unfortunately, Mt. Gox’s internal systems were shoddy enough that they failed to detect the theft, leading it to shut down and declare bankruptcy.