Crypto Hacks Timeline: List of All Cryptocurrency Hacks
Crypto hacks have caused the crypto community a major loss time and again since the beginning.
Cryptocurrency is definitely a booming, evolving and emerging industry across the globe. But the industry has faced security breaches in terms of hacks and thefts due to the vulnerabilities in the code base of the platform.
What we are going to learn?
Crypto Hacks Timeline
- Mt. Gox Crypto Exchange Hack
- Bitcoin7 Crypto Hack
- Bitcoinica Crypto Hack
- Bitfloor Crypto Hack
- Vircurex Crypto hack
- Poloniex Crypto Exchange Hack
- Crypto Rush
- Bitfinex Crypto Exchange Hack
- Bitfinex Crypto Exchange Hack
- Bithumb Crypto Exchange Hack
- LocalBitcoins Crypto Exchange Hack
- Binance Crypto Exchange Hack
- BuyUcoin Indian Crypto Exchange Hack
- Kucoin Crypto Exchange Hack
- Cryptopia Crypto Exchange Hack
- Hotbit Crypto Exchange Hack
Let us have a look at the history of crypto hacks in the crypto space ever since its inception:
Mt.Gox Crypto Exchange Hack
When? June 19, 2011 & February 7, 2014
This was the first successful hack in the crypto space on a large scale. Mt. Gox was based in Japan and was launched in 2010. However, the platform faced a hack in 2011, where the hacker found access to the auditor’s credentials and misused them to transfer 2,609 Bitcoins (BTC) to a new address. The exchange did not hold the keys to the new address and thus shut down fora few days. The hacker utilized the exchange’s software to sell the stolen coins to users, creating a large “ask” order at any given price. Within a few minutes the price corrected to its correct user-traded value. All accounts with the equivalent of more than $8,750,000 were affected.
But this was not the end, Bitcoin was being stolen consistently from 2011 to 2014 and the platform eventually froze all BTC transactions, reporting a loss of 850,000 BTCs which were equivalent to, at the time, around $350 million USD. The platform could not jump back and ceased to exist.
When? October 5, 2011
On Oct 5, 2011, Bitcoin7 a Bitcoin focused crypto exchange website issued a a message to its users that it had been subject to a security breach in terms of a hack which made the users crypto wallets and their user database vulnerable.
The sensitive information that was exposed from the users data included: Scanned ID or Passport, Proof of address or a utility bill, Proof of funding or the user’s bank statement, ABA/SWIFT number for bank transfer, Bank name and residential address. There was no exact amount stolen, but the platform stored excess personal information that many considered intrusive.
Bitcoinica Bitcoin Crypto Exchange Hack
When? March, May and July 2012
Bitcoinica, a bitcoin focused crypto exchange has suffered from the the highest number of hacks with 3 recorded hacks, all in one year, 2012.
The hot wallets stored on the Linode’s server were removed from their encryption by the hacker which resulted in a theft of 43,554 Bitcoins (BTC) which was worth at around $228,000 USD at that time. Due to this attack, several crypto investors who used Linode lost their funds, entirely.
The platform was hacked in May again. This time, the sensitive personal information of the users was at risk. They also stole 38,000 Bitcoin tokens which was valued at $87,000.
The third hack reported a theft of 40,000 BTC ($300,000 USD), the funds were secretly stored in Mt. Gox. These funds have been refunded, states reports.
This is considered one of the most controversial hacks in the crypto space.
Bitfloor Bitcoin Exchange Hack
When? September 3, 2012
Bitfloor was a Bitcoin exchange that was hacked in September, 2012. It was the fourth largest crypto exchange prior to the security breach.
In the year 2012, hackers managed to access the non-encrypted private keys which the crypto exchange had stores in hot wallets or online as a backup. The hack resulted in a theft of 24,000 BTC (around $250,000 USD, at that time) in an overnight heist. The exchange was managed to issue refunds to its users, but the platform could not hold on and eventually shut down.
When? May 10, 2013
The hacker illegally gained the login credentials to Vicurex’s VPS control account with their hosting service provider, and then asked for the root password reset for all their servers. The total losses of the hack was estimated to be 1454 Bitcoins (BTC), 225,263 Terracoin (TRC) and 23,400 Litecoins (LTC). The entire loss summed up to $352,000 USD at that time.
Inputs.io suffered from two hacks totalling up to around 4100 BTC and the platform was unable to refund its users. The hacker compromised the hosting account through email address (a few were old, a few did not contain phone numbers attached, thus it was easy to reset). The hacker was able to get past the Two Factor Authentication (2FA) due to a flaw or a vulnerability on the server from the host’s end. The amount stolen was worth $1,200,000 USD.
When? February 17, 2014
The stock market faced a large attack in June 2013, through which 1,300 Bitcoins (BTC) were stolen as well. PicoStocks stated that the platform had been robbed in 2014, with a total loss of 5,896 Bitcoins that went missing from the platforms hot wallets and cold wallets. This leads us to the conclusion that the attack was made from the inside of the organization as cold wallets are stored offline and no one can easily access these wallets unless they previously had the permission to. The total amount stolen from Picostocks was reported to be $4,434,000 USD.
When? March 2, 2014
Flexcoin was a specialist for Bitcoin storage. It had announced that it will shut down following an attack and subsequent robbery that witnessed cyber criminals rob the platform of 896 Bitcoins (BTC) that was stored in the company’s hot wallets, which translates to roughly about $600,000 USD at that time.
The platform could not withstand the loss and shut down immediately after the attack.
Poloniex Crypto Exchange Hack
When? March 4, 2014
Poloniex, a US based crypto exchange which was one of the busiest crypto exchanges of Bitcoin and other altcoins was attacked in 2014. Due to this, it lost 12.3% of its total bitcoin supply, 97 BTC ($67,500 USD) were taken and the owner of the platform responsibly refunded the users who incurred losses by compensating for their losses. Poloniex has stood strong from its inception and remains one of the most popular crypto exchanges in the world, even today.
When? March 11, 2014
Crypto Rush was one of the smaller crypto exchanges back in the day. The platform faced its first attack in 2014 where the exchange lost 950 Bitcoins (BTC) and 2500 Litecoins (LTC), a large amount for the small scale platform, which summed up to $630,000 USD.
When? July 14, 2014
Mintpal, a crypto exchange faced a security breach in 2014, where the platform lost millions of nearly 8 million Vericoins (VRC) (around 30% of the total coins that were in existence) from its hot wallet funds. The attacker noticed a vulnerability in the site’s withdrawal system and benefited illicitly from it. Mintpal promised to cover all incurred losses, the stolen amount being $1,933,000 USD.
When? July 29, 2014
Cryptspy was the victim of a hack in 2014 losing approximately 13,000 BTC ($7.5 million at the time) and approximately 300,000 LTC (then $2.08 million at the time). The platform could not withhold the loss and claimed to be insolvent in January 2016.
When? January 4, 2015
Bitstamp was a popular crypto exchange that claimed to have lost less than 19,000 BTC which translates to about $5.1 million at that time. A number of crypto wallets were at stake and upon learning of the security breach, the Bitstamp team issued several warnings to its users regarding deposits and moved to suspend operations. The breach was only a small fragment of Bitstamp’s total bitcoin reserves, of which the majority was held in secure offline cold storage systems.
796 Chinese Crypto Exchange Hack
When? January 27, 2015
796, a crypto exchange based in China, mistakenly ended up losing 1000 BTC of customer funds through a botched customer service request. The platform ‘s security team explained that the attackers took advantage when a user had filed a customer support request “to mention the current address has been tampered with, coupled with hackers deliberately [using] a similar address with the original withdrawals address to confuse users…”.
When? February 14, 2015
BTER,a crypto exchange stated that it had lost 7,170 bitcoins, or nearly $1.75 million USD at that time, via a high possible hack on its cold wallet system. The platform almost immediately notified users that they will shut down their platform in the wake of the attack and that withdrawals for user balances “will be arranged later”. It also offered a 720 BTC bounty “for chasing it back”.
When? February 18, 2015
KipCoin was a bitcoin exchange wallet service provider, based in China. On February 18, the day of the Chinese Lunar New Year’s Even the platform announced through a post on their website, that their wallet servers were hacked and that they had lost more than 3000 BTC. Numerous members of the bitcoin community were concerned about platforms similar to KipCoin. The platform’s wallet service offered a 22% annualized interest which was paid on a daily basis.
When? May 22, 2015
Similar to Kipcoin, Bitfinex was a bitcoin exchange and wallet provider based out of Hong Kong. The hot wallets of the platform wee compromised leading to a theft of Bitcoin. The platform prompted its users to stop depositing bitcoin to old addresses in their Bitfinex account, or any other transactions regarding Bitcoin almost immediately. The approximate amount of bitcoin stolen through the hack was just over 1,400 or around 0.06 percent of the company’s total Bitcoin holdings.
When? May 9, 2016
Gatecoin suffered from a cyber attack on its hot wallets which resulted in the loss of funds, namely 185,000 Ethers (ETH) and 250 Bitcoins (BTC), totalling up to roughly $2.14 million USD at press time. The exchange stated that it believes the hack began initially on 9th May 2016, but it continued over the next three days as well. The situation was unclear and the platform claims that the cold storage funds were almost compromised too.
When? June 30, 2016
ShapeShift, a cryptocurrency exchange that claimed it was the “safest asset exchange on Earth” , which used to convert between different digital currencies. However, it faced a security breach three times over a span of two weeks. The attackers looted the platform’s every single time, which summed up to around $200 thousand USD.
When? August 2, 2016
Bitfinex suffered from the second largest ever hack in the crypto space in 2016. Bitfinex was the world’s biggest US dollar based exchange for bitcoin, and is known in the industry for offering deep liquidity in the U.S. dollar/Bitcoin currency pair. The platform reported a loss of 119,756 bitcoins valued at $72 million USD at that time.
When? October 13, 2016
Bitcurex was launched in 2012 and is based in Lodz, Poland. The platform was working on security updates, and a week later, it was attacked losing $1.5 million USD, which was more than 2300 BTC. It was one of the largest bitcoin exchanges which operated in the European market, specifically for trading zloty and euros. It announced that it will shortly close, following the hack.
When? April 26, 2017
Yapizon was a crypto exchange based out of South Korea. The platform announced on social media about the theft of 3,831 Bitcoins, equivalent to 37.08% of the total assets held by Yapizon, the staff confirmed it as well. Similar to Bitfinex’s decision, the platform stated that it would dock the remaining customer balances, by the same amount to spread the burden of the incurred losses. The reported loss was worth $4,850,000 USD at press time.
Bithumb South Korean Exchange hack
When? June 27, 2017
Bithumb was the largest Bitcoin and Ether exchange in South Korea in terms of trading volume in 2017. The platform suffered from a cyber attack which resulted in a loss of billions of won from the customers accounts. The attackers were also successful in obtaining the personal information of 31,800 (around 3% of the total user base) the platform’s users, including their names, mobile phone numbers and email addresses. The total or exact amount that was robbed remains undisclosed, but many users found their wallets nearly empty after the hack.
When? December 19, 2017
Yapizon rebranded as Youbit in late 2017 and suffered from a second attack. It consisted of an external hack resulting in a loss of about 17% of the platform’s total assets. The platform stated that it will attempt to cover the losses by handing over the operating rights of the company and by claiming their cyber comprehensive insurance which was valued at 3 billion won. The company filed for bankruptcy, shortly after the attack.
Reports speculated and indicated that intelligence services in South Korea suspected that North Korea is behind these attacks against domestic cryptocurrency exchanges, including Bithumb, a market leader.
When? January 26, 2018
LocalBitcoins, the popular peer-to-peer(P2P) trading platform for fiat to bitcoin trading. The platform is one of the oldest Bitcoin exchanges to exist, which was launched in 2012, based in Finland. LocalBitcoins faced a security breach which lasted for almost 5 hours before the platform could put a stop to it. The attackers violated the security of a minimum of six user accounts, and stole more than 7.9 Bitcoins, translating to $27,000 USD. After the attack, the platform prompted all users to enable Two Factor Authentication (2FA) on their accounts.
When? January 26, 2018
Coincheck Inc., a crypto exchange based in Tokyo was broken into by hackers in 2018 with a robbery, $500 million USD in the form of digital assets (NEM coins), marking it as one of the biggest crypto heists till date. The team was successful in tracking the transaction,they identified and published 11 addresses where all 523 million stolen coins ended up. The developers of the NEM blockchain developers developed a tracking tool that would allow crypto exchanges to automatically reject any of the stolen funds.
BitGrail Italian Crypto Exchange hack
When? February 8, 2018
BitGrail was an Italian crypto exchange reported that it had been attack with the hackers who fled with 17 million units of Nano (XRB), the coin was previously known as RaiBlocks. Thereafter, all transactions were temporarily suspended. The Italian platform was considered obscure by many which traded only a very small volume of the coin’s overall transactions.
When? June 10, 2018
Coinrail was another crypto exchange based in South Korea. The platform had suspended all its services after it claimed they faced a “cyber intrusion,” which led to a range of ERC-20 tokens, that functions on the Ethereum blockchain network, was stolen from the platform. The exact amount stolen was not disclosed but the platform did reveal the stolen tokens included the NPXS token from the PundiX project, ATC from Aston and the NPER project’s NPER token. However, a blog post released by Pundi X on indicated that the hacker has stolen around 1,927 ether, 2.6 billion NPXS, 93 million ATX and 831 million DENT coins, as well as huge amounts of six other tokens.
An approximate amount would be a theft of $40 million USD through the hack.
When? June 19, 2018
Bithumb faced a second breach of security , one year from its previous attack. The platform was previously facing issues with its security, it drew attention, a vulnerability that led to the attack. Bithumb confirmed that it will pay the victims of the hack by using its own reserves. It lost digital assets totalled up to about $31 million USD in the attack. The platform also reported the hack to the Korea Internet & Security Agency (KISA), a government organization that monitors internet and cyber security issues in South Korea.
When? July 9, 2018
Bancor was a crypto company that served as a decentralized exchange (DEX) which lost around $23.5 million USD equivalent to cryptocurrency tokens belonging to its users through a hack. The platform claimed that a wallet which was used to upgrade a few smart contracts was compromised. This resulted in the attackers making off with $12.5 million in Ether (ETH), $1 million in Pundi X’s NPXS token and $10 million in Bancor’s BNT. Bancor frozen its BNT coins, but the platform could not do the same to the other tokens.
When? September 14, 2018
Zaif, a crypto licensed crypto exchange is operated by the Tech Bureau, based out of Japan. The platform took note of an unusual outflow of funds around 17:00 (Japan time) on September 14, after which its suspended transactions related to deposit of assets and any withdrawal services. Tech Bureau investigated the attack and concluded that the hackers had unauthorized access to the exchange’s hot wallets and robbed roughly $60 million USD in bitcoin, bitcoin cash, and MonaCoin.
When? October 28, 2018
MapleChange, a Canadian crypto exchange reporting more than $5 million USD as losses, which is virtually all of the funds it holds , stating that the platform cannot afford to compensate its customers for their losses. Many speculated if the company was really hacked or if the loss was planned by internal representatives belonging to the company. The amount of funds stolen was alleged to be nearly $5.9 million USD in the form of bitcoins. It eventually shut down all operations and social media handles from the public.
When? February 15, 2019
Cryptopia, a New Zealand based crypto exchange went offline after it suffered from a security breach which had resulted in significant losses. The exact loss was unknown until, Whale Alert sent out a tweet indicating that 19,391 ether (ETH) tokens worth nearly $2.44 million and around 48 million centrality (CENNZ) tokens worth about $1.18 million were transferred from Cryptopia to unknown wallets on January. However, the platform reported the attack to government authorities such as New Zealand police and the High-Tech Crimes Unit to initiate an investigation.
When? February 15, 2019
Coinmama was one of the biggest crypto brokerage service provider in the global market with more than 1.3 million active users. The official statement from the platform stated that 450,000 email addresses and passwords were leaked in a massive global hacking attack involving 24 websites and about 747 million records. However, no digital assets were reported to be stolen. This had been a recurring during the time, where several platforms (not related to the crypto space) faced such attacks. Leakage of the personal information could have been disastrous, but the information was not leaked, fortunately.
When? March 24, 2019
DragonEx, a Singaporean based crypto exchange declared it had been hacked through its Telegram handle that funds owned by the platform and users had been stolen and transferred. The amount remains unknown, however, DragonEx’s Telegram admin offered the wallet addresses for 20 cryptocurrencies to which the stolen funds had apparently been transferred. The list included the top five cryptos in terms of market capitalization such as Bitcoin (BTC), Ether (ETH), Ripple (XRP), Litecoin (LTC) and EOS, as well as Tether, the stablecoin (USDT) for which six destination addresses were provided.
When? March 25, 2019
Massive transactions with outflow of funds was reported from Coinbene in Match. The crypto exchange denied any such claims and stated that it was undergoing maintenance. These transactions reportedly comprised each of the ERC-20 token (totalling up to 109) held by the platform. Those tokens included Huobipool token (HPT), PundiX (NPSX), Maximine coin (MXM) and Udoo (UDOO). The tokens were transferred to around 12 addresses that were different from the alleged attacker’s address. This attack caused a lot of confusion as the platform did not wish to comment on anything. To conclude, the platform faced a loss of more than $100 million USD in a matter of only three days.
When? April 1, 2019
Bithumb suffered from its third attack in 2019. It noticed an unusually large amount being withdrawn by the hacker. The exchange was attacked for a total of 3.07 million EOS (valued at about $13 million USD), which was withdrawn from the exchange’s hot wallet via a series of transactions. Other exchanges that handle and manage EOS coins store them in multisig wallets, unlike Bithumb which used to use merely a single key.
When? May 7, 2019
Binance is one of the most popular crypto exchanges in the world. The exchange is headquartered in the Cayman Islands and is the the largest crypto exchange globally by trading volume. It faced one of the biggest attacks ever with a loss of 7,000 Bitcoins worth about $40 million USD in a single transaction. The attackers employed several techniques for the break in to be successful including phishing and viruses . The hackers breached the platform’s security systems, obtaining key information, including two-factor codes, APIs, and other data. However, it assured the users that SAFU (Secure Asset Fund for Users) would cover all the incurred losses.
When? June 27, 2019
The Singaporean crypto exchange announced that it 9.33 million Ripple (XRP), worth $4.01 million USD, and 2.5 million Cardano (ADA), worth $231,800 USD, had been accessed and transferred from the platform. A vulnerability in the platform’s system was recognized and exploited. They promised to return the funds back to the users.
When? July 12, 2019
The Japanese exchange reported a theft of 2.5 billion yen (amounting to $32 million at press time) from the exchange’s hot wallet, which consisted of 2.5 billion yen of funds from customers. 50,000 of its 110,000 customer base was affected by the attack. The assets lost were 13 percent of the total digital assets held by the platform. They offered to compensate their users for the incurred losses.
When? November 27, 2019
A South Korean exchanged reported that at around 13:06 on November 27th, 2019 (KST), 342,000 ETH was transferred from Upbit’s Ethereum hot wallet to an unknown wallet address. The platform state that it will replace the stolen funds with the company’s assets immediately. The robbed funds amounted to $49,000,000 USD.
When? February 6, 2020
Altsbit stated via Twitter that it had lost nearly all of its funds that stemmed from BTC, ETH, ARRR and VRSC. The amount stolen came up to $73,000 USD.
When? Mid 2020
BuyUcoin, a crypto exchange based in Delhi, India suffered from a breach of security with sensitive data of around 325,000 users which has reportedly been leaked to the dark web. The information included personal information, encrypted passwords, details of the user’s wallet, details of the order , bank details, PAN card numbers, passport numbers, and transaction histories. The platform fell victim to a group of hackers known as Shinyhunters, which was on a spree by dumping databases and confidential information for free on the internet.
When? September 8, 2020
Eterbase Exchange, a popular cryptocurrency exchange based out of Slovakia was hacked by threat actors. The attack resulted in a theft of funds valued at $5.4 Million USD. The hot wallets belonging to the customers were looted, about six hot wallets were plundered. The stolen funds were transferred to wallets of Eterbase’s competitors such as Huobi Global, Binance and HitBTC. The platform assured their clients that the funds will not suffer from any damage.
When? September 26, 2020
KuCoin,a crypto exchange headquartered in Singapore had a breach that compromised funds of nearly $281 million USD . The platform detected unusually large withdrawals of bitcoin (BTC) and ethereum (ETH) tokens to an anonymous wallet. The funds were stolen from the platform’s hot wallets. It claimed that its insurance fund will provide complete coverage for the losses. The platform was successful in recovering over 70% of the stolen funds.
When? December 23, 2020
Livecoin is a crypto exchange based in Russia. It suffered from an attack during Christmas Eve, it announced that it was hacked and has lost control over a few of its servers, warning the users stop using their services. The infrastructure of the exchange was controlled and modifications were made by the attackers to exchange rates to unusually large and unrealistic values. Before the exchange could gain control over itself, the Bitcoin (BTC) exchange rate had been blown up from the regular $23,000 USD/BTC to more than $450,000 USD/BTC, Ether (ETH) ballooned from $600 USD/ETH to $15,000 USD, and Ripple (XRP) price increased from $0.27 USD/XRP to more than $17 USD/XRP.
While the exchange rates were facing changes, the hackers looted huge amounts of funds from users and prompted users to refrain from using their services.
When? February 1, 2021
Cryptopia, a liquidated crypto exchange based out of New Zealand faced an attack again, after 2019. The hackers stole about NZD 62,000 ($45,000 USD) worth of crypto from the already troubled exchange.
When? April 29, 2021
Hotbit faced a fatal cyber attack which resulted in most of their services to be frozen. The attackers tried gaining access to Hotbit’s wallets as well, but the platform detected the attempt and put a top to it immediately. The platform also announced that the hacker had deleted the user database because they failed to obtain any digital assets. They also warned users that their personal information was at stake and that there is a huge possibility that it has been leaked, including registered phone number, email address and data regarding their assets. However, the database had been backed up by Hotbit prior to the attack.