News
The biggest cryptocurrency hacks so far
One of the barriers to mainstream adoption of digital currency has been hacking. Some high-profile thefts have occurred on various cryptocurrency exchanges and platforms, dissuading investors from investing their money.
It has been argued that blockchain projects are secure, but attacks over the years have shown this to be only partially true. According to blockchain data platform Chainalysis, more than $3.8 billion worth of cryptocurrencies were stolen from users in 2022. Take a look at some of the biggest crypto hacks to date.
Key points
- Hacking remains a major barrier to cryptocurrency adoption.
- Cryptocurrency exchanges are a major target for hackers, with over $3.8 billion stolen in 2022.
- The first major exchange to suffer a cyberattack was Mt. Gox, which lost 7% of all bitcoins at the time.
- Decentralized financial applications and smart contracts are also a favorite target for hackers.
- Some of the most important safety rules for long-term investors are to keep cryptocurrencies offline if you are not actively trading or spending them, and not using custodial accounts unless they provide insurance.
Ronin Network: $625 million
The largest cryptocurrency hack to date was conducted in March 2022 and targeted the network that supports the popular Axie Infinite blockchain gaming platform. Hackers breached the Ronin network and stole approximately $625 million in Ethereum and USDC stable currency. US officials said a North Korean state-backed hacker collective, Lazarus Group, was linked to the theft. Binance recovered $5.8 million of the stolen funds a month later, but as of December 2, 2023, it would still be the largest hack in history.
Poly Network: $611 million
In August 2021, a lone hacker pounced on a vulnerability in the Poly network decentralized finance platform and has earned over $600 million. The project’s developers appealed to X (formerly Twitter) for the stolen funds, which included $33 million Bind. The Poly Network then established several addresses to return the funds to, and the unknown hacker began cooperating. After just two days, approximately $300 million was recovered and it was discovered that the hacker had targeted the network “for fun” or as a dare.
FTX: $600 million
In November 2022, FTX, one of the most influential players in the cryptocurrency industry, declared bankruptcy. The day you applied Chapter 11 failure, more than $600 million was stolen from its crypto wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.
The cryptocurrency exchange confirmed the hack on its Telegram channel, saying: ”FTX has been hacked. FTX apps are malware. Eliminate them. The chat is open. Do not go to the FTX site as it may download Trojans.” FTX General Counsel Ryne Miller later tweeted that the cryptocurrency exchange was making “every effort to protect all assets, wherever they are located.”
Binance BNB Bridge: $586 million
In one of the highest profile attacks in cryptocurrency history, the The Binance exchange has been hacked for $570 million in October 2022. A crossed chain bridgeBSC Token Hub, was exploited by hackers, who created and withdrew another 2 million Binance Coins (BNB). A bug in a smart contract enabled hacking, highlighting the need for greater blockchain security.
$3.8 billion
The amount of cryptocurrency stolen from exchanges and other platforms in 2022.
Coincheck: $534 million
In January 2018, the Japanese stock exchange Coincheck suffered a theft of 523 million dollars NEM coins worth approximately $534 million. The vulnerability was created by a warm walletwhich is a live cryptocurrency wallet and not as secure as the offline one cold rooms wallet. At the time, the Coincheck hack was even bigger than the infamous one Mount Gox hack; NEM Foundation President Lon Wong described it at the time as “the largest theft in the history of the world.”
Coincheck survived the hack and continued to operate despite being purchased a few months later by Japanese financial services firm Monex Group.
Mt. Gox: $473 million
The first major attack on cryptocurrencies occurred in 2011, when the cryptocurrency exchange was launched Mount Gox lost 25,000 bitcoins worth about $400,000. At the time, the cryptocurrency exchange handled nearly 70% of all bitcoin transactions.
The attack did not stop and Mt.Gox was attacked again in 2014. It lost almost 650,000 of its customers’ bitcoins and around 100,000 of its own. At the time, it accounted for 7% of all bitcoin and was worth about $473 million. The initial reasons for the coins’ disappearance were unclear, but subsequent evidence showed that the coins had been stolen from the company’s hot wallet.
Wormhole: $325 million
The decentralized finance platform Wormhole was targeted in February 2022, with $325 million taken by hackers. The attack was made possible by an update to the project’s GitHub repository, which was then not deployed to the live project. The popular cryptocurrency bridge had to plug the hole in the project’s finances after the funds were not recovered. This was also the largest theft included Solana, one of the rivals to Ethereum’s dominance in the worlds of DeFi and NFTs. Up to $47 million was withdrawn into the blockchain’s native SOL token.
Euler Finance: 197 million dollars
Euler Finance is a lending and borrowing protocol platform based on the Ethereum blockchain. On March 13, 2023, hackers conducted a flash loan attack, seizing $197 million in Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staked ether (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan – an unsecured loan that must be paid in full in the same transaction, often used by traders in arbitrage – to withdraw large amounts, allowing thieves to manipulate prices.
However, in a strange twist, several days later the hackers began returning the stolen funds, saying they were worried about their safety.
Bitmart: $196 million
December 2021 saw a cyber attack on the centralized exchange Bitmart with losses of $196 million. The hack was first noticed by a security analysis firm, which noticed BitMart addresses being drained of their balance. Approximately $100 million in various cryptocurrencies was funneled through Ethereum, with another $96 million exiting via Binance Smart Chain. All tokens were moved to an address labeled by Etherscan as “BitMart Hacker.”
Nomad Bridge: 190 million dollars
Only a month before the Wintermute breach a more significant attack occurred, an attack on the Nomad Bridge. The hackers drained $190 million of the project’s funds. Nomad is a cryptocurrency bridge which allows users to exchange tokens between blockchains, but these have become the latest target for hackers. This is due to the considerable value of the assets they hold and the complexity of the smart contract code they are based on. Nomad Bridge subsequently recovered $36 million of the stolen funds.
Beanstalk: $182 million
This hack involved exploiting a decentralized finance (DeFi) platform using a flash loan. After borrowing $1 billion, the hacker took a 67% controlling stake in the project and approved the transfer of funds to his wallet before repaying the loan and disappearing. The entire process of performing the hack took just 13 seconds.
Winter silent: 162 million dollars
Wintermute, one of the main cryptocurrencies Market makerwas attacked in September 2022. The the project lost about $160 million in a hack, which made things worse for Wintermute because they owed $200 million to other market participants. The CEO offered a 10% reward to the hacker if he returned the funds.
Multichain: $125 million
Multichain claimed to be a cross-chain router protocol, which would theoretically allow almost all blockchains to communicate with each other and transfer assets across them, something that was and is necessary for Web 3 to continue to progress.
Multichain’s CEO, known as Zhaojun, was reportedly arrested in China and has disappeared, leaving analysts to believe that the theft was the result of a theft, where the owners/developers of the system create a product, lure funds and suddenly walk away with the money.
How do hackers steal from a cryptocurrency exchange?
Most cryptocurrency thefts occur due to compromised credentials, such as stealing a user’s password or private keys. In some cases, hackers might even use phishing, keylogger or SIM swap to access the user’s account. In larger attacks, hackers can directly target an exchange by exploiting weaknesses in its security protocols or trading software.
How to keep cryptocurrency safe from hackers?
The most important rule for storing bitcoin or other cryptocurrencies is to keep your digital assets in a offline wallet where you control the private keys. Most digital currency thefts occur because wallets or keys are left in an online device, making them vulnerable to malware. Apart from that, it is also important to use strong passwords and two-factor authentication for each account, especially those used for cryptocurrency trading.
What happened to the FTX cryptocurrency exchange?
THE failure of the FTX exchange it was one of the biggest scandals in the history of cryptocurrencies. While many factors contributed to the collapse, the biggest mistake was the decision to pool user assets with those of Alameda Research, a trading company nominally separate from FTX. Alameda took risky bets with FTX client funds, creating a liquidity crisis for both companies. Sam Bankman-Fried and other executives have been accused of a wide range of crimes, from securities fraud to money laundering.
The bottom line
With the addition of new products, the cryptocurrency industry has grown rapidly since the mid-2010s. The industry may even be advancing too fast, as the number of cyberattacks and thefts demonstrate exploitable weaknesses. Back-to-back cyber attacks have exposed the vulnerability of the cryptocurrency sector and undermined investor confidence. To avoid further damage to sentiment, developers need to provide greater security to blockchain networks.
The comments, opinions and analyzes expressed on Investopedia are for online information purposes. Read ours warranty and exclusion of liability for more information.