Here you will find a documented list of cryptocurrency exchange hacks
Year of Cryptocurrency Exchange Hack:
- 2013 (Silk Road)
- 2014 (MtGox, Cryptsy, Mintpal)
- 2015 (Bitstamp, Bter)
- 2016 (Bitfinex)
- 2017 (Nicehash)
- 2018 (Coincheck, BitGrail, CoinSecure, Coinrail, Zaif, MapleChange, Pure Bit)
- 2019 (HitBTC, Cryptopia, Coinmama, Binance)
- Exchange: Silk Road
- Amount: $270,000,000 (171,955 BTC)
Although not a cryptocurrency exchange, but instead a marketplace that accepted cryptocurrency, Silk Road was nonetheless a place where people stored their money. When the FBI managed to track down the exchange's owner they have confiscated all of the BTC that was deposited on the website's account.
- Exchange: MtGox
- Amount: $700,000,000 (850,000 BTC)
It is no surprise that by far the biggest hack in the history of cryptocurrencies happened to Bitcoin in the days of its infancy. The world's most popular exchange, MtGox, finally admitted its insolvency due to ongoing hacks. MtGox employees failed to protect the private keys of its wallet where it stored all the customer's deposits, and hackers would routinely drain this wallet into their own pockets. Everybody who had money stored on the exchange lost it. This amount of Bitcoin is currently worth more than 6 billion USD.
- Exchange: Cryptsy
- Amount: $9,500,000 (13,000 BTC and 300,000 LTC)
The attacker – famous for developing Lucky7Coin – inserted a Trojan malware into Cryptsy’s code so that he could access precious information and transfer cyber currencies – mainly bitcoin and litecoin – out of the exchange’s wallet.
- Exchange: Mintpal
- Amount: $3,200,000 (3,894 BTC)
At one time the cryptocurrency exchange Mintpal was one of the top trading platforms. In the fall of 2014 customers were told Mintpal was going to have new ownership. The exchange was sold to a Moopay executive “Alex Green” who many believe was a shady scammer. Most likely the vulnerability already existed at the time of sale and the new owner just failed to detect and patch it. However, many suggest that it was simply an inside job and Alex Green "hacked" himself.
- Exchange: Bitstamp
- Amount: $5,100,000 (19,000 BTC)
Hackers sent a malicious file to exchange employees. One of the system administrators has neglected security rule #1: "Don't open files from strangers" and opened the file on the machine that had access to the exchange's BTC wallet. 19,000 BTC were stolen.
- Exchange: Bter
- Amount: $1,750,000 (7,000 BTC)
Bter has been hacked before for a smaller amount of money in NXT equivalent. They haven't learned their lesson (as a number of other hacked exchanges don't) and got hacked again in 2015. The real question is, why do they still have customers after being repeatedly hacked again and again?
- Exchange: Bitfinex
- Amount: $72,000,000 (120,000 BTC)
Bitfinex, the exchange most known for the creation of Tether and for sharing executives with the largest active ICO project, EOS, hasn't been infallible itself. Bitfinex advertised itself as having multisignature wallets for each customer. Somehow this multisignature technology didn't help them prevent losing 120,000 of their customer's bitcoins. Instead of repaying their customers from their reserves or going out of business, Bitfinex issued BFX tokens to the hacked customers and promised to buy back these tokens at a later date. Bitfinex is still in business and is doing well, but you should read this blog to learn more about its corrupt history.
- Exchange: Nicehash
- Amount: $60,000,000 (4,000 BTC)
Nicehash wasn't an exchange per se. It was a cloud mining service. It allowed people to rent out their computing power to those who wanted to be involved in cryptocurrency mining without having to invest in hardware. Turns out, these people ended up paying to mine all these coins in favor of Nicehash's hackers.
- Exchange: Coincheck
- Amount: $534,800,000 (523,000,000 NEM)
While Coincheck exchange managed to use cold wallets for its Bitcoin trading operations, they have neglected security measures on the up-and-coming Asian crypto, NEM. All of NEM deposits on the exchange were stored in one wallet. Whether it was a hack or an inside job - I guess we will never know. And it doesn't matter to those who have lost their money.
- Exchange: BitGrail
- Amount: $195,000,000 (17,000,000 NANO)
Nano is an interesting new 0-fee cryptocurrency that's based on a block lattice architecture as opposed to using a traditional blockchain. As with everything new and shiny, people were eager to get their hands on it. Unfortunately though, no reputable exchange would list the cryptocurrency until it reached some adoption levels. As such, a number of new exchanges emerged that allowed to trade NANO (at that time called RaiBlocks), and users were essentially forced to use insecure exchanges. BitGrail failed to secure its coin storage and an astronomical amount of money was stolen from it. Remember, using a centralized exchange is always a risk. Using a new an unproven centralized exchange is an even greater risk!
- Exchange: CoinSecure
- Amount: $3,300,000 (438 BTC)
CoinSecure has reported that hackers managed to steal 438 bitcoin of their customer's money from exchange's wallets. Exchange owners have now filed a lawsuit against one of exchange's employees, claiming that the hack was instead an inside job.
- Exchange: Coinrail
- Amount: $40,000,000 (in various tokens)
Despite Coinrail being one of the smaller exchanges in Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it as such and the new attack proves that even the smaller exchanges are not safe. In this case, the amount stolen is at $40 million, taken from the exchange in various altcoins.
The most-affected token is NPXS of which around $19.5 million was stolen. The tokens were originally issued by project Pundi X’s Initial Coin Offering (ICO). In addition to this, the hackers stole $13.8 million from another ICO project called Aston X, who are creating a platform that would help decentralize various documents.
Smaller amounts were taken from other cryptos, including Dent’s $5.8 million and $1.1 million that was taken from TRON.
- Exchange: Zaif
- Amount: $60,000,000 (5,966 BTC)
Japanese based exchange Zaif was hacked on September 14th, when access to one of their hot wallets was compromised. This resulted in $60 million in bitcoin, bitcoin cash and MonaCoin being stolen. Oddly enough the exact amount of stolen bitcoin cash is actually unknown, which does not inspire much confidence for Zaif to improve their security measures in the future.
A criminal case with local authorities has already been filed by Zaif, apparently due to the way unauthorized access to the funds was achieved - possibly an employee gone rogue? We can only speculate.
- Exchange: MapleChange
- Amount: $6,000,000 (913 BTC)
The small Canadian based exchange called MapleChange which was seeing a modest volume of around $67,000 USD per day since its launch in May 2018 claimed they were hacked or suffered a bug which resulted in all customer's deposited funds being withdrawn. They then made a strange claim on October 28th that they had to shutdown and delete all their social media until an investigation was made into how this happened but also advised they were sorry it had to end like this. Seemingly insinuating that the investigation had already come to an end and there was nothing they could do?
With no details on their team or how they were legally allowed to operate, this "hack" reeks of an orchastrated exit scam by the exchange.
- Exchange: Pure Bit
- Amount: $30,000,000 (ICO + 13,000 ETH)
After raising over $30,000,000 in an ICO selling their tokens to create a cryptocurrency exchange in South Korea, Pure Bit defrauded their initial investors and customers by executing an exit scam which started on November 9th. Over 13,000 ETH has been moved from Pure Bit's address, and they even went so far as trying to sell a portion of it on UpBit (a large local exchange in South Korea). Luckily, UpBit was made aware these funds were fraudulent and promptly froze their account.
Their website is now offline, social media handles have been deleted and their KakaoTalk channels were emptied by force with their official account being renamed to a phrase that roughly translates into "I'm Sorry."
- Exchange: HitBTC
- Amount: Unknown (A daily volume over $200 million)
Not really a hack per-se, but we felt it was important to include HitBTC on the list following their repeated freezing and blocking of withdrawals on their trading platform. This became especially relavent early this month ahead of the annual Proof Of Keys event.
Users flocked across Reddit and various social media platforms advising that HitBTC was blocking all attempts of withdrawing their funds. A scary thought to think that HitBTC may not really even have your funds available to be withdrawn - so where are they? Remember if you do not have access to your private key, then it is not crypto!
- Exchange: Cryptopia
- Amount: Significant losses (Atleast 19,390 ETH)
On January 13th, users of Cryptopia exchange started to report difficulties accessing & using their accounts. The initial message from Cryptopia was that the exchange had gone into an unscheduled maintenance mode to resolve the problem, at this point it appeared to be a technical issue. Their twitter account later clarified that Cryptopia had been hacked & suffered a security breach, once a staff member realized the exchange was put in maintenance mode to suspend all trading activity.
Cryptopia has issued a statement that they are currently still investigating the hack and have reported the breach to the relevant NZ authorities. At this time, the full amount of lost funds is unknown, however, 19,390 ETH has been seen transferred to an unknown wallet. Given that in the grand scheme of things Cryptopia is quite a small exchange, the possibility of an inside job will definitely be on everyone's mind - especially given the current bear market we are witnessing that causes numerous small exchanges to close their doors. Time will tell?
- Exchange: Cryptopia
- Amount: 1,675 ETH
Well, I believe this is the first time this ever happened? Cryptopia after being hacked on the 13th January were then hacked once more just 15 days later. This confirms what had been dreaded: Cryptopia no longer has any control over its wallets. The attacker is definitely the same hacker who struck just 15 days prior, which means they have access to all of Cryptopia's private keys.
And it just begs the question, where was Cryptopia's plan to save customer's remaining funds? Why did they not have a process in place? Another hack that shows centralized exchanges only operate with their profit line in mind and never with ensuring customer security.
- Exchange: Coinmama
- Amount: 450,000k user emails and passwords
Coinmama is one of the world's largest crypto brokers, boasting a total of 1.3 million active users but this does not mean they are immune to security breaches. On February 15th, their customer database was hacked which led to over 450k user emails and passwords being leaked.
This type of hack can have devastating consequences for any Coinmama users, as it can potentially mean the loss of their saved personal details. This could include favourite payment methods such as credit cards & billing addresses, or could even be their KYC details (ID cards or passports). All details that a hacker will be happy to sell on the dark web.
- Exchange: Binance
- Amount: 7,000 BTC
Binance experienced a major breach on May 7 and the hackers were able to withdraw 7,000 bitcoins (currently over USD $40 million). Essentially the hackers were able to steal funds from Binance's hot wallet and seemingly was done in a way to bypass all of Binance's security checks. After the transaction was detected, all withdrawals and deposits were immediately suspended while Binance investigates.
According to Binance's own announcement, the hackers used several tactics of phishing and viruses - which allowed them to obtain a large amount of 2FA codes and API keys. They also mentioned other info had been jeopardised, which we can fathom could potentially refer to customers private details being stolen also.
Lost funds will be covered by Binance's SAFU scheme where they allocate 10% of all trading fees to protect user funds following extreme cases. And though being prepared to cover stolen user funds is is a good initiative, the reality means we are going to see a huge dump of BNB by Binance to cover this USD $40 million.
Remember it is not crypto if you do not have control of your private key!
Have information about a hack that we haven't listed? Leave a comment below and we'll update the article.
Let this be a reminder to everybody that the world of cryptocurrency is a wild west and you shouldn't trust your money to everyone. Instead, trade on decentralized exchanges, and store funds in one of these wallets.
Ironic name for a hacked exchange. ↩︎