Biggest Bitcoin Hacks Ever

Bitcoin is the world’s reserve cryptocurrency and is like digital cash or gold. It is a bearer instrument which is highly liquid and pseudonymous. These qualities highly incentivize dishonest people to steal bitcoin. They know that there is little that the victim can do, and if they the thief take the proper precautions, they can cash out anonymously with little chance of ever facing any consequences.

This combined with the reality that most law enforcement has been completely ignorant of cryptocurrency and there was literally no enforcement of thefts and hacks until very recently, and we have a perfect storm.

Nowadays law enforcement has become aware of the dark web markets and crimes involving crypto to launder proceeds, and they have developed chain analysis techniques, and several private companies have formed partnerships to track criminal elements through the blockchain.

Even with investigators trying to stop them, hackers still manage to make huge heists happen with a pretty regular frequency. Let’s take a look at some of the most famous Bitcoin hacks in history. It’s important to note that Bitcoin itself has never been hacked, it’s the user, the exchange operator, or wallet services, that are hacked due to poor security practices. This means that it’s possible to prevent being hacked by following good computer security practices.

The wild west of the online world

1. 92 billion bitcoin in one block

The amount of Bitcoin: 92 billion BTC

In 2010, someone was able to exploit the Bitcoin code to create a block which mined 92 billion bitcoin.

Amount in USD at the time of hack: $21,160,000,000

How did the hack happen? Someone exploited a vulnerability in the code.

This was catastrophic at the time due to Bitcoin’s hardcoded 21 million coin limit and monetary policy of block rewards for miners. Thankfully the exploit was noticed an hour and a half after the block was mined and a patch was released within hours.  This remains the only time anyone has found a vulnerability in the Bitcoin code base.

2. Allinvain becomes the first victim of a large Bitcoin hack

Amount of Bitcoin: 25,000 BTC

Allinvain was an early bitcoin miner, that had accumulated over 25,000 bitcoins mining on his computer in 2010-11. He was hacked and he realized the hackers had stolen almost of all of his 25,000 coins

Amount in USD at the time of hack: $500,000

Allinvain’s  BTC was worth half a million dollars at the time of the hack.

How did the hack happen?

Allinvain kept his wallet recovery seed in an unencrypted file on a computer that was infected with malware.

Amount recovered: none

He was able to track the coins on the blockchain after the hack, but with no success at recovering the funds. The thief wasn’t a complete scumbag and didn’t steal all the coins, they left Allinvain with a couple coins. It’s an insult to injury, however, as the current value of the coins would be $215,359,500 dollars.

3. MT.GOX

Amount of Bitcoin: 840,000 BTC

Mt.Gox lost 840,000 Bitcoins over 5% of the total supply at the time.

Amount in USD at the time of hack: $460 million

Mt. Gox was one of the world’s only exchanges for buying and selling bitcoin at the time, and certainly the largest and most popular.

How did the hack happen?

Nobody is sure exactly how the hack happened, because Jed McCaleb was the owner at the time of the alleged hack. He sold the Exchange to Mark Karpeles, and the inventory was already missing 80,000 BTC.

Amount recovered: 200,000 BTC were recovered but 650,000 were never recovered.

Mt. Gox is the most famous Bitcoin hack of all time. It shocked the Bitcoin world at the time and created the bear market of 2013-14.

Karpeles never could recover solvency to make up for this missing 80,000 coins from his inventory, leading to many issues causing concern among the platform’s users. Roger Ver the notorious Bitcoin Jesus turned Judas of Bcash, even gave his endorsement publicly claiming Mt. Gox was solvent.

It wasn’t.

The price on the exchange dropped from $32 a coin to pennies, causing many to lose everything which they had stored on the exchange. The hackers didn’t get as much coin as they wanted either, because they were stymied by the Mt. Gox $1000 limit on withdraws.

Mt. Gox users were burned a second time when the hackers used the passwords hacked from Mt. Gox on MyBitcoin, which many users also used and used the same passwords, causing them to be hacked a second time, weeks later.

The Mt. Gox hack is still causing issues today, as the bitcoin still held by the exchange is in the hands of a trustee who has been making controversial bulk sales, as recently as this last week.

4. Poloniex

Amount of Bitcoin: 97 BTC

Poloniex was able to overcome this hack and manage to stay in business, but they had to give a 12.3 percent haircut to all users of the platform to make up for the lost funds.

Amount in USD at the time of hack: $60,000

Not the largest hack dollar-wise but Poloniex was a leading exchange in the US at the time and it shook confidence in the markets.

How did the hack happen?

Hackers exploited faulty code in the Poloniex withdrawal screen.

Amount recovered: none recovered

Poloniex has since been elevated to the status of a regulatory compliant exchange, one of the first to see institutional investment, which speaks volumes about its reputation, and how they have managed to keep their brand intact even with the hack. There have been rumors about Poloniex being hacked again in 2017 but so far no evidence confirming this has been found to date, just speculation.

5. Bitfinex

Amount of Bitcoin: 119, 756 BTC

In August 2016 they were hacked for 119, 756 bitcoin, causing the price to plummet and creating shockwaves in the marketplace.

Amount in USD at the time of hack: $77 million USD

People did not think Bitfinex would be able to recover from a hack of this magnitude.

How did the hack happen?

There was a security breach with the customer’s segregated wallets implemented by Bitgo. Bitfinex did not utilize the proper features of Bitgo’s security platform.

Amount recovered: none recovered

Bitfinex was able to make users of their platform whole again and was lauded by many for how they handled the hack. They gave users a 36% haircut and released a special token on their platform the BFX token, which they then bought back from users of the platform with the revenues generated from their platform, effectively reimbursing the victims of the hack, and continuing to keep a large portion of their customer base.
This was a creative solution to a terrible problem that allowed Bitfinex to stay in business and remain one of the cryptocurrency exchanges with the most volume globally, and to keep its client base.

6. Bitstamp

Amount of Bitcoin: 19,000 BTC

Bitstamp a UK/Slovenia Bitcoin exchange was hacked in January 2015.

Amount in USD at the time of hack: $5.1 million

The hack had a significant impact on Bitstamp as evidenced by an internal report on the hack which said this:

“Bitstamp has lost customers, including major clients engaged in providing merchant services in bitcoin, and has suffered significant damage to its reputation, which we are unable to quantify exactly at this point, but which we believe exceeds $2 million.”

How did the hack happen?

The Attackers began contacting Bitstamp employees via Skype and email in an attempt to send them malware hidden in attachments. They disguised themselves as reporters and a variety of other organizations that might interest Bitstamp employees and entice them to click on a malware-containing file, thereby infecting the computer used by the employee.

At last, they tricked an employee into clicking an attachment he thought was sent by an organization seeking him out for membership. This allowed the attackers to gain access to his machine and also a server that contained a hot wallet for Bitstamp. (hot wallets are notoriously insecure for storing coins, and many hacks have happened due to this oversight). The attacker was able to empty the wallet allowing them to steal 19,000 BTC.

Amount recovered: none recovered

Bitstamp didn’t recover any of the stolen funds although UK authorities claimed they had leads and suspects they would arrest if they could lure them to the UK, although nothing has come of it. Bitstamp had to completely rebuild their platform from scratch in order to be sure they were no longer compromised by the attacker.

#7 Coinsecure

Amount of Bitcoin: 438.318 BTC

Coinsecure, an exchange based in India, was hacked in April of 2018. They have a current investigation into the incident, delaying their plans to reimburse customers affected by the hack.

Amount in USD at the time of hack: $3.3 million

Coinsecure is following a process outlined by authorities to assist in the investigation. They have also begun work on the claims process for affected customers. They will be rolling out new contracts for users who had BTC and INR balances.

How did the hack happen?

Coinsecure suspects the hack to be an inside job. They were in the process of splitting the Bitcoin Gold coins from the Bitcoin in customer accounts after the Bitcoin Gold hard fork, in order to distribute them to customers. They suspect their chief security officer, of being deceptive and obfuscating his role in the hack. They allege that he copied the private keys and either stole the BTC himself or worked directly with the hackers and then attempted to cover his tracks and mislead the rest of the Coinsecure team, about what had actually occurred. They claim he violated security procedures.

Amount recovered: none recovered

Coinsecure will be reimbursing their customers, but no BTC has been recovered. The New Delhi Cybercrimes unit is investigating, although it’s unclear if they have made any headway, as authorities are remaining tight-lipped about the details of the case, so as not to compromise the investigation.

#8 NiceHash

Amount of Bitcoin: 4,736.42 BTC

NiceHash is a popular Bitcoin mining pool that was started in 2014. In December 2017 NiceHash was breached by an attacker that was able to make off with a large portion of Bitcoin.

Amount in USD at the time of hack: more than $62 million

While the official number of BTC stolen has never been officially released, NiceHash members tracked two wallets suspected to be used by the attacker which had balances of over 4,700 BTC combined.

How did the hack happen?

NiceHash was supposed to be undergoing maintenance when users realized their accounts were emptied. After several hours the company released a statement proclaiming that the payment system had been compromised and the NiceHash wallets emptied. They stated that the website had suffered from a security breach. They urged customers to change their account passwords and launched both an internal investigation as well as a formal investigation with the relevant authorities.

Amount recovered: none recovered

While the investigation is ongoing much of the hope of recovering the stolen funds is lost.

#9 Cryptsy

Amount of Bitcoin: 13,000 BTC & 300,000 LTC

Cryptsy was the original altcoin exchange, similar to Binance or Bittrex, offering a wide variety of BTC/Altcoin pairings to traders years before anyone else. The Cryptsy hack was a devastating blow to many cryptocurrency traders.

Amount in USD at the time of hack: $7.5 million in BTC and $2.08 million in LTC

Cryptsy kept quiet about the hack for over a year while adding multitudes of altcoins to increase revenues from fees in an effort to secretly pay back the stolen funds to customers who were unaware of the hack. Since Cryptsy allowed customers to continue depositing funds even though they were secretly insolvent, they were effectively running a Ponzi scheme for almost a year after the hack, but it wasn’t discovered until Big Vern the founder of Cryptsy announced the hack, after complaints of Cryptsy denying access to customer funds got them investigated by a federal court.

How did the hack happen?

Crypsty was hacked by the anonymous developer of Lucky7coin, who inserted a trojan into Cryptsy’s code allegedly, allowing the withdrawal of 13,000 BTC and 300,000 LTC. However, Big Vern the founder of Cryptsy was involved in a bunch of less than honorable activity and it looks like the hack may have been perpetrated by him as part of an elaborate exit scheme involving him escaping to China with eight million in Cryptsy customer funds with a new girlfriend, after a recent divorce.

Amount recovered: $1 million

There was a $1 million dollar settlement in a class action lawsuit against the company that owned Cryptsy in October 2016, Project Investors Inc., doing business as Cryptsy.

#10 Youbit (Yapizon)

Amount of Bitcoin: 3816 BTC

Youbit was a smaller exchange based in South Korea, that suffered losses of 37 percent of customer funds in their custody in this attack, which took place in April 2017.

Amount in USD at the time of hack: $5.1 million

The losses incurred in the hack eventually caused Youbit to file for bankruptcy. The company was last announced to be settling accounts through the bankruptcy procedures. They discussed trying to launch a token called “Fei” which was supposed to be similar to the Bitfinex BFX token they used to mitigate the loss of funds.

How did the hack happen?

Four of Youbit’s hot wallets were compromised around 3 am local time, when the attacker was able to drain funds from the wallets. This is just another of many, many examples of how risky it is to keep any significant amount of cryptocurrency in a hot wallet. Hot wallets have been the cause of a huge number of exchange hacks, leading the industry to seek 3rd party custodianship services, or utilize cold storage in offline hardware wallets.

Amount recovered: ?

As of this writing, no information has been released publicly, about the progress with the bankruptcy settlement.

How to protect yourself

The best way to protect yourself is to use good computer security habits. This article only barely scratched the surface in all the creative ways in which Bitcoin has been stolen.

  1. Use a password manager like LastPass or KeePass to generate a unique and unhackable password for every single online service, website or account you create a user profile for.
  2. Use a hardware wallet like a Trezor, or Ledger to securely store your coins offline.
  3. Don’t click on strange links or attachments, and watch out for phishing emails requesting your personal information.
  4. Use two-factor authentication (2fa) whenever possible.
  5. Make sure your software is up to date and keep updating regularly. Don’t use outdated versions.
  6. Encrypt your data!

As long as you use good habits online and make yourself a difficult target, hackers will most likely just seek out easier targets. Just make sure you always follow good security habits and don’t expose yourself to unnecessary risks.

Leave a Reply

Your email address will not be published. Required fields are marked *