Hackers have been targeting crypto exchanges and wallets for years. While writing about the best ways to keep your cryptocurrency safe, I started digging into massive crypto hacks. According to data from Chainalysis, hackers breached into 11 crypto exchanges in 2019, stealing more than $283 million worth of cryptocurrencies. But hackers don’t just stop at exchanges. They also target investors, traders, and other users. Data from CipherTree shows that hackers have stolen a total of $4.26 billion in 2019. Here we take a look at the top 10 biggest crypto hacks of all time.
Cryptocurrency exchanges have significantly improved their authentication systems and other security features. But criminals always find new ways to steal money. These are the biggest crypto hacks of all time based on the estimated market value of the coin at the time.
Biggest Crypto hacks ever
10- Binance, $41 million
Binance, a popular crypto exchange, was attacked by hackers in May 2019. The malicious actors managed to steal 7,000 Bitcoins, estimated to be worth $41 million at the time. Hackers also stole customer data, which came to light when someone started sharing the customer verification details from Binance on a Telegram channel in August 2019.
According to experts, the data of up to 60,000 users was compromised in the hack. The attackers managed to breach Binance’s servers using a combination of phishing and malware attacks. Binance announced that it would cover all the lost money to ensure that customers don’t lose anything. It also promised to step up its security.
9- Upbit, $49 million
Upbit is one of the more recent crypto hacks. In November 2019, the South Korean crypto exchange lost 342,000 Ethereum worth $49 million in a massive attack. Users didn’t lose their money because Upbit decided to cover the losses. The Korean exchange had suspended all functions for a couple of weeks after the hack and rolled out a major security update. Meanwhile, the stolen money has been moving between the wallets.
8- DAO, $50 million
The Decentralized Autonomous Organization (DAO) was established in 2016. It was supposed to be a venture fund for decentralized crypto projects. Its crowdfunding campaign was incredibly successful, raising about $150 million worth of Ethereum.
A vulnerability in DAO’s code caught the attention of hackers, who managed to steal approximately 3.6 million Ethereum worth $50 million in just a few hours. It was one of the biggest crypto hacks. After the event, the Ethereum community tried to recover the lost funds. They began with a soft fork, but right before implementing it, the community discovered a bug in the code.
So, they decided to use a hard fork, which is not compatible with its previous version. It led to the split of Ethereum community into Ethereum Classic and Ethereum.
7- Zaif, $60 million
In September 2018, the Japanese crypto exchange sent out a press release announcing that its servers were breached. Hackers managed to steal 5,966 Bitcoins, some Bitcoin Cash, and an undisclosed amount of MCO. In total, approximately $60 million worth of crypto was lost in the attack. Zaif had to halt all the deposits and withdrawals after the attack. All the money lost was held in hot wallets.
6- NiceHash, $62 million
Slovenia-based NiceHash is a cryptocurrency mining marketplace launched in 2014. It allows miners to buy and sell their hash rate. In December 2017, hackers breached into NiceHash’s payment system, stealing about 4,700 Bitcoins worth $62 million from users’ Bitcoin wallets. The attack took place when Bitcoin prices were hitting all-time highs.
NiceHash said it was a highly organized and sophisticated attack that involved social engineering. NiceHash had to shut down its platform for 24 hours. It also asked users to change their passwords. In February 2018, NiceHash announced that it would return the stolen funds to users.
5- Bitfinex, $72 million
In August 2016 took place one of the biggest crypto hacks of all time. Hackers stole 119,756 Bitcoins from the Hong Kong-based exchange. The coins worth $72 million at the time were drained from users’ accounts. The attack was so massive that the Bitcoin price fell as much as 20% after the hack.
Notably, hackers managed to steal cryptocurrencies from multi-signature accounts, which are considered more secure. In multi-signature accounts, at least two people have to authenticate a transaction before it goes through. Bitfinex itself held two keys while the third key was held by BitGo, the company that created the multi-signature system for Bitfinex. Hackers were able to obtain all the three keys by identifying a vulnerability in the multi-signature system itself.
4- CoinBene, $100 million
This was a mysterious crypto hack. In March 2019, the crypto exchange noticed that funds were disappearing from its hot wallet. CoinBene’s platform was down for maintenance around the same time, which further confused users and analysts. Crypto exchanges often go in the maintenance mode after an attack.
Even though CoinBene tried to assure users that nothing had gone wrong, its platform was down for about a month. It’s not clear exactly how much crypto was stolen by hackers. But various estimates put the losses at $100 million.
3- Bitgrail, $195 million
Bitgrail is an Italian crypto exchange. In February 2019, its founder Francesco Firano announced that Bitgrail was hacked and at least $195 million worth of Nano was stolen. Nano is the cryptocurrency that was previously called RaiBlocks. However, many Bitgrail employees denied any such hack. It caused speculations that Firano might have siphoned off the money. Some experts also blamed the Nano development team for the loss of money.
2- Mt. Gox, $460 million
The infamous Mt. Gox attack was the biggest crypto hack at the time. It was the world’s largest crypto exchange. Mt. Gox was not attacked just once, but over a long time. The first attack happened in June 2011, when hackers obtained Mt. Gox’s auditor’s login credentials and transferred 2,609 Bitcoins. The crypto exchange shut down operations after the attack.
The malicious actors also stole some private keys. Between 2011 and 2014, they stole more than 850,000 Bitcoins worth an estimated $460 million. And due to an error in the exchange’s systems, Mt. Gox was interpreting all these withdrawals as deposits. Mt. Gox was forced to shut down after the breach.
The exchange’s lack of coding security was blamed for the hacking. If two programmers were working on the same file, one could override the other’s code. Mt. Gox was also accused of using untested software. Bitcoin prices fell by more than a third after Mt. Gox filed for bankruptcy.
1- Coincheck, $534 million
Coincheck currently holds the crown of the world’s biggest crypto hack. In January 2018, the Japanese crypto exchange announced that 523 million NEM tokens were stolen from a hot wallet. The value of the stolen coins was $534 million at the time. Coincheck remains operational despite the hack.
In March of the same year, Coincheck said it would compensate the affected users. People who lost money would get $0.83 per NEM token. The refund would cost Coincheck a little over $400 million. Previously, the attack was believed to be carried out by North Korea. But a report from Japanese newspaper Asahi Shimbun claims the malicious code found on Coincheck’s employee computers was linked to Russian hackers.