In recent years, numerous cryptocurrency exchanges have suffered huge hacker attacks, resulting in significant losses to the exchanges and their customers. But how did the exchanges behave? How did they react? What are the main effects?
The exchanges had to cover the losses through their investment funds and possibly using insurance funds. This resulted in a considerable loss of money, bad image and loss of customers short and long term. Over time, exchanges can lose the trust of crypto-investors, as their system is not secure but vulnerable to often simple hacks and general cybercrime. Below is an overview of the biggest and most significant hacks (so far) – the top 10 crypto hack attacks and the effects on exchanges and their clients.
1: COINCHECK $534.8 M STOLEN
260,000 investors involved in the biggest cryptocurrency fraud ever, after the hacking carried out against the company in 2018: the damages amount to 46.3 billion yen, equal to 534.8 million dollars. In the afternoon of the attack, following the discovery, the company had decided to suspend trading, causing the NEM value to drop by as much as 20%. At the end of a busy day, the top management of Coincheck had admitted that likely they would not be able to repay customers, recognizing leaks in the NEM cryptocurrency storage system. In the update of the following Sunday, the Tokyo-based company has announced that the refunds will be in Japanese currency and will be calculated based on the last quotations before the stop to the transactions, attributing a value of 88,549 yen for each of the vanished currencies.
2: MT.GOX $460.0 M STOLEN
From 2013 until 2014, MT.GOX managed over 70% of all Bitcoin transactions in the world. In February 2014 the disaster: Mt. Gox suspends the transactions, closes the site and the service declaring bankruptcy.
In April 2014 the company begins the liquidation procedures. On February 23, 2014, Mark Karpelès resigned from the Bitcoin Foundation’s board of directors, deleting all his tweets. The next day the site closed the transactions, went offline and a statement announced the loss of 744,408 Bitcoins (about $450,000). Later the figure was corrected to 850,000 Bitcoins lost of which 200,000 were later recovered. In this period (from the beginning of February to the end of March) the value of BTC dropped by 36%. Karpelès stated that technical problems had paved the way for fraudulent withdrawals. It has not yet been understood whether it was theft, fraud, bad management or a combination of them. Several lawsuits began and the company applied for bank protection in the United States. The creditors of Mt.Gox were around 130,000.
3: BITGRAIL $195.0 M STOLEN
Bitgrail has officially failed. On 9 February 2018, the Italian exchange announced the “disappearance” of 17 million Nano. Bitgrail tried to reopen the operations on May 02 by proposing to return the stolen funds through a specific plan. The plan that consisted of the creation of a cryptocurrency called “Bitgrail Shares” whose ownership would be attributed to users if they accepted the settlement agreement proposed by Firano, manager, and creator of BitGrail. The agreement provided for the renunciation of the return of 80% of the NANO taken from the wallets and the monthly repurchase by BitGrail of the BitGrail Shares at a fixed exchange rate with payment in BTC. The bankruptcy was sanctioned by a double sentence by the Court of Florence.
4: BITFINEX $72.0 M STOLEN
In 2016, Bitfinex, the largest exchange in the world to accept dollar deposits, told the news agencies it had been robbed of 119,756 bitcoins, for a historical value of about 72 million dollars. In August 2016, the exchange announced its intent to operate a real bail-in by withdrawing 36% of funds from all user portfolios, even those that had not been involved in what was referred to as a hacker attack. At the same time, to settle the losses, the exchange issued a payment token, the BFX – which could be exchanged on the exchange or converted into shares of iFinex, the company that controls the exchange – crediting each user with a quantity corresponding to decrease in the assets of each wallet. Not even a year later, Bitfinex declared that it had completely absorbed the consequences of the bitcoin theft, announcing that on 3 April 2017 it would proceed to convert, with a rate of 1 dollar for each BFX, all the tokens still in circulation.
5: ZAIF $60.0 M STOLEN
To understand the hot wallet attack, we need to go back in 2018, when the Korean Zaif exchange lost $60 million. A “hot wallet” is a term used to describe those wallets dedicated to cryptocurrencies and with security measures that are not too rigid, aimed at maintaining funds for immediate transactions. Such as the crypto-to-crypto, or crypto-to-fiat movements and vice versa. The opposite of a hot wallet is the cold wallet, in which an attacker must pass through multiple authentication systems to get real access to the funds, which is much more complicated. Zaif says that Bitcoin, Bitcoin Cash, and MonaCoin were stolen through this attack, for a total value of about 6.7 billion Japanese yen: 59.67 million dollars. Of the 6.7 billion stolen yen, 2.2 billion yen (32%) were Zaif funds, while 4.5 billion yen were the funds reserved for customers.
6: NICEHASH $60.0 M STOLEN
In 2017, NiceHash, a service that allows users to sell and buy computing power to “extract” new Bitcoins, was the victim of a hacker attack. At least 4.736 Bitcoins have disappeared, which at present means loot close to 60 million dollars. In 2018, NiceHash was able to put 60% of the stolen BTCs back on the market. The Slovenian company has promised to fully repay its customers and started doing it every month.
7: VIRCUREX $50.0 M STOLEN
In 2014, Vircurex announced the immediate halt of all withdrawal transactions due to the massive withdrawal of funds in recent weeks which led to a total emptying of the exchange portfolio. To empty the boxes of Vircurex would have been a hacker attack. Subsequently, Mark Karpeles, Vircurex CEO, filed for bankruptcy, acknowledging that many cryptocurrencies had disappeared and asking for protection from creditors. The exchange was reopened for a short period but only to allow users to access their portfolios and check their credit, but not to withdraw funds.
8: COINRAIL $40.0 M STOLEN
A few weeks earlier than the Bithumb attack, Coinrail, another famous Korean exchange, was robbed of about $40 million in cryptocurrencies. Hackers have stolen $19.5 million of NPXS tokens issued for the Pundi project, $13.8 million from Aston X, $5.8 million in tokens for ICO Dent, and over $1.1 million from Tron. In all cases, the companies that issued the tokens were not hacked, the tokens that were stolen belong to the users of Coinrail. It is not clear how Coinrail remedied the losses, but some ICOs have been temporarily blocked (Pundi first).
9: BITHUMB $31.5 M STOLEN
In 2018, Bithumb, the famous Korean exchange and the sixth-largest exchange in the world, suffered a $31.5 million theft. The main consequences were the suspension of the trading activity and the reduction of the prices of the main cryptocurrencies. Bitcoin declined from around $6.718 to $6.561 (it subsequently recovered and reached $6.650). The stolen millions were covered by Bithumb’s reserves and all user assets were transferred to a safer “cold wallet”. Unlike Cryptsy, Bithumb has not declared bankruptcy, and today it continues to be one of the most used exchanges by users.
10: CRYPTSY $9.5 M STOLEN
In early 2016, the Cryptsy exchange suffered an attack in which 13.00 BTC and 300,000 LTC were stolen, for a total value of $9.5 million. The attack occurred through the insertion of a Trojan malware within the code that allowed the cyber-criminal to reach sensitive information and transfer cryptocurrencies. Subsequently, Cryptsy declared bankruptcy due to strong insolvency. Customers started to withdraw funds from their portfolios and Cryptsy had outstanding liabilities of only 10,000 BTC ($ 4.15 million) which were not enough to cover the loss.
So how can exchanges protect themselves against all these types of attacks and hacks?
The most obvious way, is to start securing all your communications and data by using end-to-end encryption, to prevent any critical information from being leaked, hacked or stolen.
The majority of companies, such as crytocurrency exchanges, generally use unsecure communication and file sharing tools such as Google Suite, Telegram chat, Google Docs among others. These tools work great, but they are not end-to-end encrypted, as all the messages and files are stored in plain text on their servers, and thereby vulnerable to any type of internal theft or remote hacks.
FortKnoxster is a cyber-security company offering private and secure messaging, video calling and files storage as a complete all-in-one business suite where all communication & file sharing are secured by default with strong end-to-end encryption. FortKnoxster’s zero-knowledge architecture ensures, that no-one but the intended recipients have access to the data exchanged, not even FortKnoxster.
FortKnoxster is founded by skilled entrepreneurs and cyber-security experts, with an extensive experience in the field of online security and cyberdefence. By utilizing our advanced cryptographic solutions combined with the power of the blockchain’s decentralized structure, FortKnoxster makes the world a safer place.
What happens in FortKnoxster, stays in FortKnoxster.