Unfortunately, not everyone that was paying attention had the best intentions in mind when they entered the space. Hackers of all types found cryptocurrency scams to be especially fruitful for a number of reasons. The immutable nature of the blockchain and the ease at which the coins could be exchanged made hacking cryptocurrency ideal. They also found that the majority of crypto exchange owners where new to the market and therefore could be more easily swindled out of their crypto.
Scams and hackers are, and probably always will be, a part of the crypto exchange space. While many of these scammers only focus on pulling off medium-sized thefts that are usually focused on individuals; there are still some upper echelon hackers who go after entire platforms. Exchanges are the obvious week link in the blockchain community as they are one of the main places where centralization occurs. These billion dollar exchange platforms can provide a hacker with a lifetime supply of Satoshis if they are successful in their efforts. Below are 5 of the largest crypto exchange hacks of all time.
The now infamous Mt.Gox hack occurred on June 20th, 2011. The hacker was able to infiltrate a weakness in the business systems of Mt.Gox via the Gox auditor’s computer. After compromising the computer, the unnamed individual was able to temporarily adjust the BTC prices down to one cent.
Immediately after doing this, the hacker made a huge purchase order and then transferred the coins out of the exchange. Following this attack, the hacker then sent 2,609 BTC to burn addresses. These are addresses that have no private key and therefore cannot be accessed. This hack sent shockwaves throughout the market which subsequently crashed for months following this attack.
Mt.Gox would be successfully hacked again on February 14th 2013. This time it was discovered that a hacker had infiltrated the network years prior and was siphoning coins the entire time. This missed infiltration resulted in the theft of 850,000 BTC; 100,000 of which were directly from Mt.Gox’s company wallet. The hack was so brutal that the exchange had to file for bankruptcy. It was later reported that these hackers made off with 7% of all the BTC in circulation at the time.
The Decentralized Autonomous Organization or DAO platform functioned as a venture capital fund for emerging blockchain-based projects. This platform was hugely popular as it utilizes blockchain technology to provide any organization with exact consensus capabilities. If this sounds familiar, it should, it is the same DOA used to achieve consensus on BTC network upgrades.
The DAO platform operates via smart contracts that live on the Ethereum blockchain. These allow a user to provide predetermined instructions that are automatically carried out upon the receipt of a certain amount of ETH being set to the block.
On June 18th, 2016, a hacker was able to exploit a coding error in the DAO smart contracts. This allowed the hacker to recode the smart contracts to send repeat payments through a “child DOA” network that the hacker had created. In total the hacker escaped with 3.6 million ETH. This incident is the reason that we now have ETH and Ethereum Classic. The ETH developers decided that it was in their best interests to hard fork the currency and reimburse those affected.
The Parity Wallet hack occurred in July 2017. This hack included the removal of 153,037 ETH; making it the second largest hack in crypto history. The hacker was able to exploit a zero-day opening in the Multi-Sig wallets created by Parity. A two-part attack was used with the first transaction gaining control over the wallets features and the second, sending the funds to the hacker’s wallet destination. The hack was so severe that Parity was forced to move all of their funds to another wallet provider.
The popular exchange Bitfinex was the victim of one of the largest BTC hacks of all time on August 2016. Hackers were able to exploit a Multi-Sig wallet flaw to send 119,756 BTC from the platform to their personal addresses. The wallet provider of the platform, BitGo has never fully explained how the hackers were able to pull off such a huge heist without setting off any preventative measures. Security experts believe it has something to do with the way that BitGo and Bitfinex utilized their wallet keys.
This has led many in the cryptocommunity to think that the Parity Wallet hack and the Bitfinex incident could be related. There is some ground to this argument as this would explain why Bitfinex and BitGo never released the details of the hack. It would have made them look ridiculous if they had not corrected the issues that became evident during the Parity incident.
Bitcoinica has been the victim of two large hacks in recent times. The first hack occurred in 2012 when a hacker was able to gain access to the Bitcoinica customer service portal and use it to steal 46,703 BTC. In a second hack, this exchange lost 18,547 BTC after a hacker was able to gain access to their online storage wallet. This second hack had a resounding influence on the market and this is the reason why most exchanges now utilize a cold storage method for their holdings.
The Battle Continues
Cryptocurrencies are growing in popularity and as the market expands, so does the opportunity for hackers to exploit these new technologies. You can expect to see efforts increased from both sides of this battle as the market continues to influx with new investors. In the future, there may be more regulatory requirements that exchanges must meet and many countries have already begun this journey. For now, the safest option is to keep your coins in your wallet until you decide to trade.
What do you guys think? How can exchanges improve their security in the future? Let us know in the comments below.
Guest post by the Blockchain Industry Group (BIG)