No matter what is: inside the digital world, every kind of service can be hacked sometimes. Sadly, custodial cryptocurrency exchanges and some related services aren’t the exceptions. The blockchains are generally safe, and it’s almost impossible to break them. However, when huge amounts of cryptocurrencies are controlled by only one company, the biggest crypto-hacks are bound to happen.
According to the blockchain security firm SlowMist, the total amount stolen by hackers from crypto platforms and services is over $17.4 billion since 2012. And they’re not even including the numerous incidents inside the Binance Smart Chain (BSC). But talking about the biggest ones, they’ve happened to cryptocurrency exchanges for several years.
How biggest crypto-hacks are made
Most of them were possible either because of a leak of the exchange’s private keys or due to unauthorized changes inside the company’s database. A little explanation: once you send them your funds, they mix them with all the others in a sole or few cryptocurrency wallets, fully controlled by the company.
Then, the balance you can see in your account is barely an “IOU” registered in a huge internal database. So, if someone manages to break the security of this database (which is much easier than “hack” a blockchain), they can trick the system to register that their accounts actually have an amount of money that they don’t.
The hacker(s) withdraw the funds quickly, and the robbery is completed then. Probably, the custodial exchange will notice it too late. That’s why is very advisable not to leave cryptocurrencies for long inside custodial exchanges. On the other hand, the users can also appeal to non-custodial exchanges (like Alfacash), where they can keep full control of their money.
With this said, let’s check the biggest crypto-hacks in history!
It was a bad day for the Nano (XRB) community. On February 9, 2018, the Italian crypto-exchange Bitgrail published a bad announcement on its webpage. While checking its internal platform, they noticed that someone, at some point, was able to steal 17 million XRB, equivalent to over $192 million back then.
Francisco Firano, the Bitgrail founder, blamed Nano developers for the incident, alleging vulnerabilities in the blockchain. He was proven wrong by the court, with legal expenses paid partly by the Nano team. The police investigations established that the exchange had the funds inside a vulnerable hot wallet, and Firano failed to secure them properly. As a result, he was responsible to pay for the losses, and all his assets were seized.
Sadly, that wasn’t enough to cover the losses. The victims are still waiting for full refunds. Meanwhile, Bitgrail doesn’t exist anymore, and the XRB/NANO price has decreased by over 63% since then.
This one is the more recent on the list. Back on September 25, 2020, the Singaporean crypto-exchange KuCoin announced a high-profile hack involving Bitcoin, ERC-20 tokens, and other assets. In the beginning, they didn’t mention the exact amount, but some sources calculated over $150 million. Not long after, the total amount stolen was confirmed as $285 million.
A malicious third party attacked their hot wallets, but the exchange assumed the responsibility and promised to make refunds to the users if necessary. They worked quickly with other crypto exchanges, the community, and the authorities to track and recover the funds. Surprisingly, this story has a happy ending. From all the mentioned ones in this list, KuCoin was the only one to actually recover most of the funds from the hackers.
According to a letter by Johnny Lyu, KuCoin CEO, they successfully recovered 78% of the stolen funds by working with other exchanges and partners. They tracked the funds via blockchain, and other exchanges blocked the transactions made by hackers and seized the tokens. Another 16% was covered by insurance, and the remaining 6% was recovered by law enforcements and security institutions. KuCoin keeps working normally now.
Probably, this attack might be considered by some as the biggest crypto hack in history. However, due to the change in the value of the cryptocurrency involved and the consequences, we’ve reserved that place for others here. That doesn’t mean it wasn’t big, though. It was huge: over $530 million was stolen in NEM (XEM) overnight.
They made the same mistake as Bitgrail: keep the funds inside hot wallets, instead of cold wallets (out of the Internet). Unlike the first case, though, the Japanese Coincheck assumed full responsibility for the breach. They suspended all its activities since the event, in January 2018. By March, they resumed their activities and started the refund plan for the victims. The total amount stolen was 526 million XEM. Since then, the token price has decreased by over 90%.
The Coincheck attack marked a turning point for Japanese crypto-companies. After the event, the regulations around cryptocurrencies tightened in this country. For some other reasons, private cryptocurrencies were banned, and the operating requirements for service providers increased.
August 2, 2016, was the day nearly 120,000 BTC were stolen from this Hong Kong-based crypto exchange due to a breach on its security systems. After the event, there were not a few who thought that the company was done. By then, the amount ascended to over $75 million, but it’s been moved only a few times in all these years. The hackers still have around 118,000 BTC in their wallets, which now worth over $3.7 billion, nothing less. One of the biggest crypto-hacks, indeed.
But back in 2016, Bitfinex ceased all operations for several days and socialized the losses (which left all its users with 36% less in their balances). They also created the BFX tokens, which would remain in each portfolio until the exchange concluded paying the debt, or until the client decided to exchange them for shares of the company.
The first reimbursements to customers began in September 2016. After eight months, the losses were covered, although a minuscule amount of the total stolen has been recovered. The hackers seem to have problems laundering and exchanging them as well, at least.
The biggest crypto-hack ever: Mt. Gox
This Japanese exchange had a 2013 full of emotions. It became the world’s leading Bitcoin exchange since it was handling over 70% of total transactions by April. And precisely because it wasn’t too capable to manage this large volume, the same month halted the operations for several days after a BTC crash of -52% in 6 hours. And that’s only the beginning of the end.
On 7 February 2014, Mt. Gox halted all bitcoin withdrawals and started to make systematic excuses for it. Its CEO, Mark Karpelès, resigned from the board of the Bitcoin Foundation and deleted all his tweets. The rest of the trading operations was suspended, and, finally, the site went offline by the end of the month.
The concerned users would soon discover the awful truth. The company was insolvent in the wake of a hack that robbed 744.408 BTC (around $473 million at the time and +$23.8 billion today). Mt. Gox signed for bankruptcy in Tokyo by the end of February, and right there started its old customers’ odyssey to recover their funds (and it goes on to date).
The Mt. Gox attack was a turning point for Bitcoin and the cryptocurrency world. From then on, crypto exchanges started to improve their security, their reserves, and their regulations. We have better options now, and non-custodial exchanges as well.
Wanna trade Bitcoin and other tokens? You can do it safely on Alfacash! And don’t forget we’re talking about this and a lot of other things on our social media.