1. Gox
Hack Date: 19 June 2011 and Feb 2014
Amount hacked: 2609 BTC | +750,000 BTC
Mt. Gox by far is the most famous Bitcoin hack.
Japan-based and the biggest Bitcoin exchange Mt. Gox had been operating since 2010. Turns out that lightning can strike twice with this exchange.
The first one happened in June 2011 when the hacker was able to get ahold of Mt. Gox’s auditor’s credentials and transferred 2609 bitcoins to an address for which Mt. Gox had no keys. For the short term, trading ceased and an investigation was held but thankfully due their size and market dominance, MT. Gox stayed solved and retained some trust of clients.
By the time of the second hack of 2014, Mt. Gox was handling almost 70% of Bitcoin transactions in the world. This time, the leaked BTC amount was so vast it completely killed off Mt. Gox. Shortly after, Mt. Gox halted operations and filed for bankruptcy, stating that more than 750,000 BTCs (around $350 million) were missing from the exchange. The exact reason was hot wallet private keys of Mt. Gox were stolen from a wallet.dat file.
The details and blame were attributed to a lack of Version Control Software and improper management. Transaction malleability was to blame; someone could edit transaction details to make it seem like the transaction never happened.
In what proved to be a lesson in how not to handle a PR disaster, the Mt Gox board relocated the company’s headquarters to avoid protesters, deleted it’s Twitter accounts and took its website offline. Obviously and sadly, investors lost their funds and no refunds were made.
2. Tether
Hack date: November 19, 2017
Amount hacked: $30.9 million worth
Tether is known as the “stable coin” and combines the best of fiat currency and blockchain technology to create a form of digital money known as USD Tokens (USDT). You can use USDT for trading your “real world” money for Bitcoin, Litecoin or Ethereum. Simply, when you deposit $1 into your Tether account, you are given 1 USDT. You can also use Tether to convert your cryptocurrency back into real-world money.
However, on November 19, 2017, an external attacker gained access to a Tether Treasury Wallet, and siphoned off $30.9 million in tokens. Due to the attacker cleverly using a Bitcoin address for the transaction, the theft was irreversible. The fallout was that Tether was under pressure because of allegations of confiding with Bitfinex, a fellow exchange company that had lost lots of investors’ money. Very serious allegations were being thrown around, including that Bitinfex used Tether’s assets to commit fraud. Tether then put some tough measures in place, which made it impossible for the attacker to redeem the stolen stash by turning it into fiat currency or bitcoin. The drama caused a selloff of Bitcoin and a cooling on the cryptocurrency market on a macro level.
3. Bitfinex
Hack date: August 16, 2016
Amount hacked: 119,756 BTC
Back in the day in 2016 when nobody knew about cryptocurrency, Bitfinex was the world’s largest Bitcoin Exchange. On August 2016, the company was the victim of a hack. At the time, it was the second largest hack in cryptocurrency history. Hackers stole 120,000 bitcoins worth approximately $72 million. In today’s prices, that would-be millions more. Hackers obtained from customers’ wallets, despite the presence of multiple layers of security. The breach occurred through a multiple-signature procedure, which enabled a transfer of funds. Bitfinex’s usage of multi-signature wallets made the hack possible. Ironically, the company had only introduced the wallet’s 12 months previously in a bid to make users’ coins more secure. The wallets were poorly coded. In theory, Bitfinex would hold two keys, and BitGo would store one. All parties would have to independently sign off on a transaction to verify it. In practice, BitGo would simply reflect whatever Bitfinex did. As such, there was only one point of failure. As soon as hackers got into Bitfinex’s servers, nothing could be done. The event singlehandedly caused bitcoin’s value to drop 20 per cent in the markets.
Bitfinex was forced to be transparent about the whole ordeal, and reassured customers that they were working to establish some sort of compensation. They bought back some of their assets from their ICO, in order to pay back some of the affected but they never traced the lost funds. Now Bitfinex is one of the most popular cryptocurrency exchanges in the world. It has about two million users and sees billions of dollars’ worth of transactions take place every day, handling BTC, LTC, ETH and even fiat currency.
4. The DAO Hack
Hack date: June 17, 2016
Amount hacked: $31 million worth of Ether
The DAO Hack was a unique hack and biggest attack of Ethereum. $31 million worth of Ether was taken. The hacker exploited a loophole in Ethereum network and gained access to the wallet. The hacker started emptying the wallet however but in real time it was known to the organization instantly and the team of Ethereum analysed the attack and were able to recover the stolen money.
Most hacks affect bitcoin but this was the world’s second-largest coin—Ethereum. The hack on this occasion happened in The DAO. The DAO was a smart contract on the Ethereum blockchain that operated like a venture capital fund. Buyers could invest in The DAO through crowdfunding which would them allow them to vote on which companies the fund should invest in.
Originally, crowdfunding phase raised 12.7 Ether ($150 million), making it the largest crowdfunding project in history. It had control of 14 per cent of all ether in circulation. Then in June 2016, a hacker took advantage of a loophole in The DAO which allowed someone to create a “Child DAO.” They put a recursive function into the withdrawal request; the code made The DAO keep handing over more ether for the same DAO tokens and $50 million was lost.
The hack resulted in a soft fork and the splitting of the Ethereum community. Today you may recognize the old Ethereum as Ethereum Classic and the forked version goes by the name of Ethereum.
5. Coincheck
Hack date: January 2018
Amount hacked: 500 million NEM
The Coincheck breach is the most recent hack on this list as it only happened in January 2018 but no the latest as Bithumb was hacked this week. More details to follow on that soon when more information is revealed.
Coincheck is a cryptocurrency exchange in Tokyo with the affected altcoin being NEM. The theft has replaced the Bitfinex hack as the second-largest of all time. When valued in dollars, it could yet prove to be even larger than current record holder, Mt Gox. Approximately, 500 million lost NEM coins were worth at the time $550 million, but the value soon dropped more than 20% once the media got hold of it. The 500 million coins represented about five per cent of the total supply of NEM.
It seems that a simple network hack was responsible. The most feared hack of all to all investors of crypto. The cybercriminal was able to remain undetected inside the network for 8 hours, sending money into 11 separate accounts.
All the accounts holding the money now have the coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker tag.
We wanted to finish on a happy(ish) ending and the Coincheck hack does kind of have one. Unlike many other hacks, the company said it would use its own capital to reimburse all 260,000 customers who lost out. They will receive ¥ 88.549 per NEM coin.