Here you will find a documented list of cryptocurrency exchange hacks
- Exchange: Silk Road
- Amount: $270,000,000 (171,955 BTC)
Although not a cryptocurrency exchange, but instead a marketplace that accepted cryptocurrency, Silk Road was nonetheless a place where people stored their money. When the FBI managed to track down the exchange's owner they have confiscated all of the BTC that was deposited on the website's account.
- Exchange: MtGox
- Amount: $700,000,000 (850,000 BTC)
It is no surprise that by far the biggest hack in the history of cryptocurrencies happened to Bitcoin in the days of its infancy. The world's most popular exchange, MtGox, finally admitted its insolvency due to ongoing hacks. MtGox employees failed to protect the private keys of its wallet where it stored all the customer's deposits, and hackers would routinely drain this wallet into their own pockets. Everybody who had money stored on the exchange lost it. This amount of Bitcoin is currently worth more than 6 billion USD.
- Exchange: Cryptsy
- Amount: $9,500,000 (13,000 BTC and 300,000 LTC)
The attacker – famous for developing Lucky7Coin – inserted a Trojan malware into Cryptsy’s code so that he could access precious information and transfer cyber currencies – mainly bitcoin and litecoin – out of the exchange’s wallet.
- Exchange: Mintpal
- Amount: $3,200,000 (3,894 BTC)
At one time the cryptocurrency exchange Mintpal was one of the top trading platforms. In the fall of 2014 customers were told Mintpal was going to have new ownership. The exchange was sold to a Moopay executive “Alex Green” who many believe was a shady scammer. Most likely the vulnerability already existed at the time of sale and the new owner just failed to detect and patch it. However, many suggest that it was simply an inside job and Alex Green "hacked" himself.
- Exchange: Bitstamp
- Amount: $5,100,000 (19,000 BTC)
Hackers sent a malicious file to exchange employees. One of the system administrators has neglected security rule #1: "Don't open files from strangers" and opened the file on the machine that had access to the exchange's BTC wallet. 19,000 BTC were stolen.
- Exchange: Bter
- Amount: $1,750,000 (7,000 BTC)
Bter has been hacked before for a smaller amount of money in NXT equivalent. They haven't learned their lesson (as a number of other hacked exchanges don't) and got hacked again in 2015. The real question is, why do they still have customers after being repeatedly hacked again and again?
- Exchange: Bitfinex
- Amount: $72,000,000 (120,000 BTC)
Bitfinex, the exchange most known for the creation of Tether and for sharing executives with the largest active ICO project, EOS, hasn't been infallible itself. Bitfinex advertised itself as having multisignature wallets for each customer. Somehow this multisignature technology didn't help them prevent losing 120,000 of their customer's bitcoins. Instead of repaying their customers from their reserves or going out of business, Bitfinex issued BFX tokens to the hacked customers and promised to buy back these tokens at a later date. Bitfinex is still in business and is doing well, but you should read this blog to learn more about its corrupt history.
- Exchange: Nicehash
- Amount: $60,000,000 (4,000 BTC)
Nicehash wasn't an exchange per se. It was a cloud mining service. It allowed people to rent out their computing power to those who wanted to be involved in cryptocurrency mining without having to invest in hardware. Turns out, these people ended up paying to mine all these coins in favor of Nicehash's hackers.
- Exchange: Coincheck
- Amount: $534,800,000 (523,000,000 NEM)
While Coincheck exchange managed to use cold wallets for its Bitcoin trading operations, they have neglected security measures on the up-and-coming Asian crypto, NEM. All of NEM deposits on the exchange were stored in one wallet. Whether it was a hack or an inside job - I guess we will never know. And it doesn't matter to those who have lost their money.
- Exchange: BitGrail
- Amount: $195,000,000 (17,000,000 NANO)
Nano is an interesting new 0-fee cryptocurrency that's based on a block lattice architecture as opposed to using a traditional blockchain. As with everything new and shiny, people were eager to get their hands on it. Unfortunately though, no reputable exchange would list the cryptocurrency until it reached some adoption levels. As such, a number of new exchanges emerged that allowed to trade NANO (at that time called RaiBlocks), and users were essentially forced to use insecure exchanges. BitGrail failed to secure its coin storage and an astronomical amount of money was stolen from it. Remember, using a centralized exchange is always a risk. Using a new an unproven centralized exchange is an even greater risk!
- Exchange: CoinSecure
- Amount: $3,300,000 (438 BTC)
CoinSecure has reported that hackers managed to steal 438 bitcoin of their customer's money from exchange's wallets. Exchange owners have now filed a lawsuit against one of exchange's employees, claiming that the hack was instead an inside job.
- Exchange: Coinrail
- Amount: $40,000,000 (in various tokens)
Despite Coinrail being one of the smaller exchanges in Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it as such and the new attack proves that even the smaller exchanges are not safe. In this case, the amount stolen is at $40 million, taken from the exchange in various altcoins.
The most-affected token is NPXS of which around $19.5 million was stolen. The tokens were originally issued by project Pundi X’s Initial Coin Offering (ICO). In addition to this, the hackers stole $13.8 million from another ICO project called Aston X, who are creating a platform that would help decentralize various documents.
Smaller amounts were taken from other cryptos, including Dent’s $5.8 million and $1.1 million that was taken from TRON.
- Exchange: Zaif
- Amount: $60,000,000 (5,966 BTC)
Japanese based exchange Zaif was hacked on September 14th, when access to one of their hot wallets was compromised. This resulted in $60 million in bitcoin, bitcoin cash and MonaCoin being stolen. Oddly enough the exact amount of stolen bitcoin cash is actually unknown, which does not inspire much confidence for Zaif to improve their security measures in the future.
A criminal case with local authorities has already been filed by Zaif, apparently due to the way unauthorized access to the funds was achieved - possibly an employee gone rogue? We can only speculate.
- Exchange: MapleChange
- Amount: $6,000,000 (913 BTC)
The small Canadian based exchange called MapleChange which was seeing a modest volume of around $67,000 USD per day since its launch in May 2018 claimed they were hacked or suffered a bug which resulted in all customer's deposited funds being withdrawn. They then made a strange claim on October 28th that they had to shutdown and delete all their social media until an investigation was made into how this happened but also advised they were sorry it had to end like this. Seemingly insinuating that the investigation had already come to an end and there was nothing they could do?
With no details on their team or how they were legally allowed to operate, this "hack" reeks of an orchastrated exit scam by the exchange.
- Exchange: Pure Bit
- Amount: $30,000,000 (ICO + 13,000 ETH)
After raising over $30,000,000 in an ICO selling their tokens to create a cryptocurrency exchange in South Korea, Pure Bit defrauded their initial investors and customers by executing an exit scam which started on November 9th. Over 13,000 ETH has been moved from Pure Bit's address, and they even went so far as trying to sell a portion of it on UpBit (a large local exchange in South Korea). Luckily, UpBit was made aware these funds were fraudulent and promptly froze their account.
Their website is now offline, social media handles have been deleted and their KakaoTalk channels were emptied by force with their official account being renamed to a phrase that roughly translates into "I'm Sorry."
Have information about a hack that we haven't listed? Leave a comment below and we'll update the article.
Let this be a reminder to everybody that the world of cryptocurrency is a wild west and you shouldn't trust your money to everyone. Instead, trade on decentralized exchanges, and store funds in one of these wallets.
Ironic name for a hacked exchange. ↩︎