Cybercriminals target cryptocurrency exchanges due to the huge amount of digital assets they hold. The attacks range from the theft of millions of dollars to the exposing of vulnerabilities in smart contracts. Such breaches cut across the various types of cybercrimes and underline a gap regarding security within the global digital ecosystem.
In this article we cover the top 10 breaches of cyber attacks on Cryptocurrency exchanges, explaining the methods and tools used, the impact to the industry and what lessons were needed to be learned from the breaches.
1. Mt. Gox Hack (2014)
In 2014 one of the most infamous cyber attacks on cryptocurrency exchanges was from the Mt. Gox Hack. Mt. Gox was the largest Bitcoin exchange at the time and for good reasons; its user base was widespread. However, it suffered a catastrophic attack where nearly 850,000 BTC were stolen from it at the time valued at over $450 million, today its value is beyond the billion dollar mark) and has since been remembered as one of the greatest hacks of all times in Cryptocurrency’s timeline.
The aftermath didn’t just stop at Mt. Gox; the entire cryptocurrency industry was left devastated. Cryptocurrency exchange platforms suffered a destructive hit to their reputation, resulting in plenty of users doubting the security of crypto assets. This eventually led to a dip in the price of Bitcoin. The crypto industry struggled for years to restore the level of trust it had lost.
As time passed, regulators started focusing more on exchanges dealing with cryptocurrencies. The Mt. Gox hacking incident played a major role in pushing other countries to enforce stricter policies regarding digital currency and its associated platforms.
The cyber attack on cryptocurrency exchanges not only increased regulations, but it also highlighted the need to enhance security regarding the multi-signature wallets, forever changing the landscape of crypto security.
2. Bitfinex Hack (2016)
In 2016, Bitfinex, one of the leading digital asset exchanges, was the victim of one of the most notorious cryptocurrency hacks in existence. The hackers were able to take off with an estimated value of 72 million dollars which at that time was valued at around 120,000 BTC. The hacking was made possible due to the vulnerabilities with multi signature wallets that duplicated signatures which allowed the hackers to breach security and access user funds.
This hack impacted not only Bitfinex, but the entire cryptocurrency ecosystem at large. The exchange seized all withdrawals and instituted an infamous socialized loss policy where all users would cap 36% losses to their balances which would eventually be compensated in BFX tokens. Although some tokens were redeemed for BTC, this cryptocurrency scandal led to a barrage of civil and state security and regulatory oversight over the market.
This strategy of Bitfinex to recover the cryptocurrency was based on a wide range of collaboration with law enforcement agencies, tracking the spending of where the stolen assets were largely BTC. Some of these assets were reclaimed due to sophisticated tools in blockchain tracing that were developed in the remaining years afterwards.
This Bitfinex example, like all other cryptocurrency-related cases, showcases the industry wide lack of basic security practices across all cryptocurrency exchanges. While these exchanges struggle to strengthen their security measures, the ongoing danger of hacking attacks on various crypto exchange services continues to roam freely.
3. NiceHash (2017)
In December 2017, hackers stole 4,700 BTC, which was worth around $64 million at the time. The initial attack was executed via spear phishing which easily breached the user’s account. The hackers then systematically drained NiceHash’s Bitcoin accounts, crippling operations and making headlines across the world.
As is customary in similar cases, the aftermath was detrimental to the company’s image. Users were unable to access their accounts while not knowing if the money lost would ever be recovered. Given the circumstances, it was easy to assume that this would join the legacy of consumer-issued nightmares in the crypto space.
Unlike other exchanges that suffered and never recovered from such breaches, NiceHash made the uncommon promise of repaying every single user impacted by this attack. Against all odds, within three years, the company came through. By the end of December 2020, the company had fully reimbursed every single cent in stolen funds which is a first in the history of cryptocurrency.
This attack is a sharp reminder that even indirect services operating within the perimeter of crypto are at risk. From an investment and user perspective this highlights the need for better credential security and active defense against social engineering attacks.
4. Coincheck (2018)
In January of 2018, the Japanese cryptocurrency exchange, Coincheck, which was one of the biggest in Japan at the time, lost around 523 million NEM tokens, an amount valued at roughly $530 million dollars. Why? The exchange had stored a staggering amount of user funds into a single hot wallet, which is easily accessible through the Internet and considerably more susceptible to breaches, rather than cold wallets. Once hackers got access, they drained the tokens in a matter of minutes.
This was not only one of the largest cyberattacks in history pertaining to cryptocurrency exchange, it also marked a shift. The cyberattack revealed the inadequate user security policies placed by exchanges. In response, Japan’s Financial Services Agency (FSA) tightened regulations, mandating stricter security protocols and better segregation of assets.
5. Gate.io (2018)
Early 2019 marked a year where Gate.io, a prominent crypto exchange at that time, fell victim to a rare and highly dangerous blockchain exploit known as the 51% attack. If you’re wondering what more in the cyber threat world of crypto is besides the generic hacking, this is it.
You could consider this a sort of worst case scenario for the Ethereum Classic(ETC) blockchain. Attackers managed to gain possession of more than 51% of the Ethereum Classic(ETC) blockchain mining power. From there, they were capable of not only reversing transactions but also performing double spends, which in layman’s terms means to fool a network into believing a transaction was never executed after it had been cashed out.
Gate.io noted the fraudulent withdrawal of ETC at about $234,000. In a curious turn of events, the attacker later returned approximately $100,000, claiming it was an attempt to bring attention to the “failing” security of blockchain systems.
This event marked a turning point. It was perhaps the foremost example of the more popularized 51% attack hitting a major exchange, demonstrating in particular how less powerful blockchains are more vulnerable due to lower mining power. Later, Coinbase disclosed that during that time, well over $1.1 million in ETC was claimed to be affected in multiple exchanges.
6. Bithumb –Multiple incidents (notably 2018)
In June 2018, South Korean cryptocurrency exchange Bithumb was hacked for over $30 million worth of cryptocurrency. They were targeted due to a phishing attack which gave hackers direct access to a hot wallet. A wallet connected to the internet, referred to as a hot wallet, is where user funds are stored. Regardless of claiming it moved assets to cold wallets prior to the breach, the loss remained largely overshadowed by the concern of the attack.
This is not the first attack for Bithumb. It had fallen victim to the deceitful claws of hackers in 2017 and went on to face several attacks after 2018. Imagine the uproar from the public. They were met with the intervention of Korean regulators, and Bithumb had no choice but to lock their doors temporarily. The bigger issue was why such a big exchange came up empty handed so many times.
These unending breaches will always highlight why there is a need for security when working with crypto platforms. Ensure to check how your exchange manages the secured assets as not all wallets offer the same security.
7. Binance (2019)
In one of the world’s largest crypto exchanges, Binance, their services suffered from a critical security attack back in 2019. It is one of the greatest cyberattacks in history and it targeted the company through phishing, viruses, and elaborate dodging of security features.
The attackers successfully stole 7,000 BTC valued at $40 million at that time. This was accomplished through an elaborate coordinated attack. Bypassing security usually takes a lot of effort and time; however Binance’s system suffered from phishing emails, malicious software, and social engineering scams. What posed an even greater risk was the fact that all stolen funds came from the exchange’s hot wallet which held about 2% of Binance’s total Bitcoin reserves.
But herein lies the truth that sets Binance apart. The company made a secure decision to use their Secure Asset Fund for Users (SAFU) instead of passing on the burden to users. In this emergency fund regarded as unprecedented events, this action not only replaced the incurred losses but further elevates user trust on such critical situations.
8. KuCoin (2020)
In September 2020, one of the world’s leading cryptocurrency exchange platforms, KuCoin, suffered a significant security breach. An unauthorized party accessed the exchange’s hot wallets and their accompanying private keys, allowing for the theft of approximately $281 million in various tokens. If you were ever curious about why cybersecurity is paramount in crypto economics, this is a honeypot.
The KuCoin incident alarmed the entire industry. Positively, however, in the eyes of the public, what set KuCoin apart is that instead of going into hiding like other exchanges or trying to point fingers, the exchange moved clearly and quickly. According to Johnny Lyu, KuCoin’s CEO, because of close collaboration with blockchain projects and partner exchanges, over 84% of the funds were recovered.
For those observing cyber attacks on cryptocurrency exchanges, this incident turned into a masterclass of the balance between silencing public outcry and minimizing reported damages through active communication and community involvement.
This is the ideal case of crisis response. KuCoin not only came out of the attack alive, but managed to restore a considerable amount of public trust by showcasing effective response to the incident through rapid response and coordination, community, and solid technology partnerships.
9. Liquid (2021)
In August of 2021, a prominent Japanese cryptocurrency exchange, Liquid, suffered a considerable security breach. Hackers took advantage of Liquid’s warm wallets, which are digital stores on the internet ranging from automated transactive storage to linked zones, and purloined around $97 million worth of different cryptocurrencies such as Ethereum and Bitcoin.
Following the breach, Liquid quickly relocated its remaining assets to more secure cold wallets which are offline and much more difficult to hack into. To stabilize operation and calm users, Liquid took out a loan from FTX, another major player in the cryptocurrency exchange market, amounting to $120 million.
However, the turn of events became ironic when FTX was hit with massive financial misconduct allegations in 2022 and collapsed, bankrupting and drowning countless stakeholders in debt.
There is no doubt that more precautionary steps need to be adopted when running such a volatile market because it’s quite apparent there are no security measures set for these cryptocurrencies.
10. Poly Network (2021)
In the history of Decentralized Finance, there are not many events that compare to the $611 million Poly Network hack in August 2021. This hack, which gained notoriety as the biggest DeFi heist at the time, uncovered a serious flaw in the platform’s smart contract security.
The Poly Network breach which allowed cross-chain token transfer among Ethereum, Binance Smart Chain, and Polygon enabled an attacker to exploit gaps within the cross-chain messaging protocol. As per Elliptic, the hacker “genuinely” managed to smart contract call logic to siphon off huge amounts of digital assets onto their self-controlled wallets.
The aftermath of these events shocked the cryptographic economy as a whole. In a strange turn of events, the hacker started retrieving the money, and, to almost everyone’s surprise, gave back over 95% of the assets. The hacker claimed they were trying to show off the vulnerabilities in the system, which is why they deemed themselves ‘white hat’ hackers instead.
Although the lost funds were returned, this additional reminder put emphasis on why smart contracts should be paired with exhaustive security auditing. With the explosion in hacking and data breaches, this event brilliantly highlights, for both users and developers, why smart contracts broke Poly Network, the need for transparency, code authentication, trustless governance, and understanding.
Conclusion
The ongoing cyber attacks on cryptocurrency exchanges represent a significant risk to investors, the platforms themselves, and the entire ecosystem of digital finance. While assessing these top 10 incidents and their consequences, crypto platforms can increase user confidence and improve brand trust while reinforcing their security protocols in the ever-changing landscape.
About The Author
