Concerned about the security of your Bitcoin, Litecoin, Ethereum, or altcoin? You should be, particularly if you’re not using cold storage for security. Not convinced? Here are seven of the largest and most significant cryptocurrency hacks in history.
Why Hack Cryptocurrency?
Since mid-2017, the total market capitalization (coin price x number of coins) of the crypto space has bounced between roughly $250 billion and $750 billion.
That’s a lot of money. It makes all the different currencies extremely attractive to hackers and cyber-criminals.
But hackers had already been interested in coins and tokens for a long time before 2017’s remarkable bull run. In fact, cryptocurrency hacks are almost as old as the technology itself. Your money might not be as safe as you think it is.
1. 2010: 92 Billion Bitcoin Out of Thin Air
We all love money for nothing. And with the current price of bitcoin, it’s fair to say we’d all love some cryptocurrency for nothing as well.
Back in August 2010, that’s precisely what happened.
In what is still the only major security flaw that’s been found and exploited in bitcoin’s code, a hacker managed to create 92 billion bitcoin out of thin air. At today’s prices, it would have made the hacker the wealthiest person on the planet. A number overflow error made the hack possible.
You can still see the forum thread where early bitcoin enthusiasts discovered the problem.
Luckily, the community was able to cancel all transactions following the hack and rollback the blockchain to its pre-hack state.
2. 2016: Bitfinex
Bitfinex is one of the most popular cryptocurrency exchanges in the world. It has about two million users and sees billions of dollars’ worth of transactions take place every day.
In August 2016, the company was the victim of a hack. At the time, it was the second largest hack in cryptocurrency history. Thieves stole 120,000 bitcoins. They were worth $72 million. In today’s prices, that would be several orders of magnitude larger.
Bitfinex’s usage of multi-signature wallets made the hack possible. Ironically, the company had only introduced the wallet’s 12 months previously in a bid to make users’ coins more secure.
The wallets were poorly coded. In theory, Bitfinex would hold two keys, and BitGo would store one. All parties would have to independently sign off on a transaction to verify it.
In practice, BitGo would simply mirror whatever Bitfinex did. As such, there was only one point of failure. As soon as hackers got into Bitfinex’s servers, the game was up.
The hack caused bitcoin’s value to drop 20 percent in the markets.
3. 2014: Mt Gox
The Mt Gox story is well-known in the crypto world. It is the largest bitcoin hack to date, and one of the most significant cryptocurrency hacks in history.
In case you’re not familiar, Mt Gox had grown to become the world’s principle crypto exchange; it was handling more than 70 percent of all bitcoin transactions.
In February 2014, it was discovered that hackers had stolen 850,000 bitcoins over a period of three years. 750,000 of them were from Mt Gox’s customers. Transaction malleability was to blame; someone could edit transaction details to make it seem like the transaction never took place.
In what proved to be a lesson in how not to handle a PR disaster, the Mt Gox board relocated the company’s headquarters to avoid protesters, deleted it’s Twitter accounts, and took its website offline.
4. 2011: Mt Gox… Again
Frankly, the writing had been on the wall at Mt Gox for a long time. While the 2014 hack is the one that still garners headlines, fewer people know the exchange had already been hacked once before three years previously. With hindsight, it was a sign of things to come.
So, what happened?
A computer belonging to one of the company’s auditors was comprised. A hacker, who therefore had access to the exchange, altered the nominal value of bitcoin to one cent.
The change created a huge “ask” order at any price, thus initiating a mass selloff. Accounts with values in the millions were affected, and the still-unknown hacker walked away as a rich man.
5. 2016: The DAO
The four hacks we’ve looked at so far have all affected bitcoin. But the world’s second-largest coin—Ethereum—has also been a victim. The hack happened in The DAO.
In simple terms, The DAO was a smart contract on the Ethereum blockchain that operated like a venture capital fund. Buyers could invest in The DAO through crowdfunding which would them allow them to vote on which companies the fund should invest in.
The original crowdfunding phase raised 12.7 Ether ($150 million), making it the largest crowdfunding project in history. It had control of 14 percent of all ether in circulation.
In June 2016, a hacker took advantage of a loophole in The DAO which allowed someone to create a “Child DAO.” They put a recursive function into the withdrawal request; the code made The DAO keep handing over more ether for the same DAO tokens. $50 million was lost.
The hack resulted in a soft fork and the splitting of the Ethereum community. The old Ethereum is now called Ethereum Classic; the forked version goes by the name of Ethereum.
6. 2018: Coincheck
The Coincheck breach is the most recent hack on this list. It only happened in January 2018.
Coincheck is a cryptocurrency exchange in Tokyo. The hack affected popular altcoin, NEM.
The theft has replaced the Bitfinex hack as the second-largest of all time. When valued in dollars, it could yet prove to be even larger than current record holder, Mt Gox.
The 500 million lost NEM coins were worth about $550 million at the time of the hack, but the value dropped more than 20 percent after the news broke. The 500 million coins represented about five percent of the total supply of NEM.
It seems that a simple network hack was responsible. The cybercriminal was able to remain undetected inside the network for eight hours, giving them enough time to siphon off the money into 11 separate accounts. All the accounts holding the money now have the coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker tag.
Thankfully, the Coincheck hack does have a slightly happier ending—at least from an end-user perspective. The company said it would use its own capital to reimburse all 260,000 customers who lost out. They will receive ¥ 88.549 per NEM coin.
7. 2017: NiceHash
In December 2017, NiceHash—a Slovenian crypto-mining marketplace—announced it had been a hacking victim.
The precise amount stolen is not known, but a bitcoin wallet that’s under suspicion holds 4,736.42 coins, the equivalent of about $70 million.
To be fair to NiceHash, it handled the loss well. Users thought the site would be gone for good, but a surprise announcement around the turn of the year said its customers would get their money back:
“We are happy to announce we have been able to reserve the funds required to restore balances from a group of international investors. Old balances will, therefore, be restored by January 31, 2018. We need this interim period to ensure all legal paperwork is processed correctly, so please be patient while we do this.”
Protect Yourself from Cryptocurrency Hacks
Of course, the hacks we covered are far from being the only examples of crypto hacks.
Reuters estimates that criminals have stolen 980,000 bitcoins from exchanges since 2011. Today, the stolen coins would be worth more than $6 billion. And that’s before you consider other coins that have also been a victim.
There are also countless examples of crypto scams that you need to watch out for.
If you have money invested in the crypto space, it’s more important than ever to make sure it’s secure. If you’re not sure where to start, we have you covered. Check out our list of the best crypto wallets.
Image Credit: fergregory/Depositphotos