Crypto Hacks Timeline: List of All Cryptocurrency Hacks

Crypto hacks have caused the crypto community a major loss time and again since the beginning.

Cryptocurrency is definitely a booming, evolving and emerging industry across the globe. But the industry has faced security breaches in terms of hacks and thefts due to the vulnerabilities in the code base of the platform.

Crypto Hacks Timeline

Mt. Gox Crypto Exchange Hack
Bitcoin7 Crypto Hack
Bitcoinica Crypto Hack
Bitfloor Crypto Hack
Vircurex Crypto hack
Inputs.io
Picostocks
Flexcoin
Poloniex Crypto Exchange Hack
Crypto Rush
Mintpal
Cryptspy
Bitstamp
796
BTER
Kipcoin
Bitfinex Crypto Exchange Hack
Gatecoin
ShapeShift
Bitfinex Crypto Exchange Hack
Bitcurex
Yapizon
Bithumb Crypto Exchange Hack
Youbit
LocalBitcoins Crypto Exchange Hack
Coincheck
BitGrail
Coinrail
Bithumb
Bancor
Zaif
Maplechange
Cryptopia
Coinmama
DragonEx
Coinbene
Bithumb
Bitrue
Binance Crypto Exchange Hack
BITPoint
Upbit
Altsbit
BuyUcoin Indian Crypto Exchange Hack
Eterbase
Kucoin Crypto Exchange Hack
Livecoin
Cryptopia Crypto Exchange Hack
Hotbit Crypto Exchange Hack

Let us have a look at the history of crypto hacks in the crypto space ever since its inception:

Mt.Gox Crypto Exchange Hack

When? June 19, 2011 & February 7, 2014

This was the first successful hack in the crypto space on a large scale. Mt. Gox was based in Japan and was launched in 2010. However, the platform faced a hack in 2011, where the hacker found access to the auditor’s credentials and misused them to transfer 2,609 Bitcoins (BTC) to a new address. The exchange did not hold the keys to the new address and thus shut down fora few days. The hacker utilized the exchange’s software to sell the stolen coins to users, creating a large “ask” order at any given price. Within a few minutes the price corrected to its correct user-traded value. All accounts with the equivalent of more than $8,750,000 were affected.

But this was not the end, Bitcoin was being stolen consistently from 2011 to 2014 and the platform eventually froze all BTC transactions, reporting a loss of 850,000 BTCs which were equivalent to, at the time, around $350 million USD. The platform could not jump back and ceased to exist.

Bitcoin7

When? October 5, 2011

On Oct 5, 2011, Bitcoin7 a Bitcoin focused crypto exchange website issued a a message to its users that it had been subject to a security breach in terms of a hack which made the users crypto wallets and their user database vulnerable.

The sensitive information that was exposed from the users data included: Scanned ID or Passport, Proof of address or a utility bill, Proof of funding or the user’s bank statement, ABA/SWIFT number for bank transfer, Bank name and residential address. There was no exact amount stolen, but the platform stored excess personal information that many considered intrusive.

Bitcoinica Bitcoin Crypto Exchange Hack

When? March, May and July 2012

Bitcoinica, a bitcoin focused crypto exchange has suffered from the the highest number of hacks with 3 recorded hacks, all in one year, 2012.

The hot wallets stored on the Linode’s server were removed from their encryption by the hacker which resulted in a theft of 43,554 Bitcoins (BTC) which was worth at around $228,000 USD at that time. Due to this attack, several crypto investors who used Linode lost their funds, entirely.

The platform was hacked in May again. This time, the sensitive personal information of the users was at risk. They also stole 38,000 Bitcoin tokens which was valued at $87,000.

The third hack reported a theft of 40,000 BTC ($300,000 USD), the funds were secretly stored in Mt. Gox. These funds have been refunded, states reports.

This is considered one of the most controversial hacks in the crypto space.

Bitfloor Bitcoin Exchange Hack

When? September 3, 2012

Bitfloor was a Bitcoin exchange that was hacked in September, 2012. It was the fourth largest crypto exchange prior to the security breach.

In the year 2012, hackers managed to access the non-encrypted private keys which the crypto exchange had stores in hot wallets or online as a backup. The hack resulted in a theft of 24,000 BTC (around $250,000 USD, at that time) in an overnight heist. The exchange was managed to issue refunds to its users, but the platform could not hold on and eventually shut down.

Vircurex

When? May 10, 2013

The hacker illegally gained the login credentials to Vicurex’s VPS control account with their hosting service provider, and then asked for the root password reset for all their servers. The total losses of the hack was estimated to be 1454 Bitcoins (BTC), 225,263 Terracoin (TRC) and 23,400 Litecoins (LTC). The entire loss summed up to $352,000 USD at that time.

Inputs.io

Inputs.io suffered from two hacks totalling up to around 4100 BTC and the platform was unable to refund its users. The hacker compromised the hosting account through email address (a few were old, a few did not contain phone numbers attached, thus it was easy to reset). The hacker was able to get past the Two Factor Authentication (2FA) due to a flaw or a vulnerability on the server from the host’s end. The amount stolen was worth $1,200,000 USD.

Picostocks

When? February 17, 2014

The stock market faced a large attack in June 2013, through which 1,300 Bitcoins (BTC) were stolen as well. PicoStocks stated that the platform had been robbed in 2014, with a total loss of 5,896 Bitcoins that went missing from the platforms hot wallets and cold wallets. This leads us to the conclusion that the attack was made from the inside of the organization as cold wallets are stored offline and no one can easily access these wallets unless they previously had the permission to. The total amount stolen from Picostocks was reported to be $4,434,000 USD.

Flexcoin

When? March 2, 2014

Flexcoin was a specialist for Bitcoin storage. It had announced that it will shut down following an attack and subsequent robbery that witnessed cyber criminals rob the platform of 896 Bitcoins (BTC) that was stored in the company’s hot wallets, which translates to roughly about $600,000 USD at that time.

The platform could not withstand the loss and shut down immediately after the attack.

Poloniex Crypto Exchange Hack

When? March 4, 2014

Poloniex, a US based crypto exchange which was one of the busiest crypto exchanges of Bitcoin and other altcoins was attacked in 2014. Due to this, it lost 12.3% of its total bitcoin supply, 97 BTC ($67,500 USD) were taken and the owner of the platform responsibly refunded the users who incurred losses by compensating for their losses. Poloniex has stood strong from its inception and remains one of the most popular crypto exchanges in the world, even today.

Crypto Rush

When? March 11, 2014

Crypto Rush was one of the smaller crypto exchanges back in the day. The platform faced its first attack in 2014 where the exchange lost 950 Bitcoins (BTC) and 2500 Litecoins (LTC), a large amount for the small scale platform, which summed up to $630,000 USD.

Mintpal

When? July 14, 2014

Mintpal, a crypto exchange faced a security breach in 2014, where the platform lost millions of nearly 8 million Vericoins (VRC) (around 30% of the total coins that were in existence) from its hot wallet funds. The attacker noticed a vulnerability in the site’s withdrawal system and benefited illicitly from it. Mintpal promised to cover all incurred losses, the stolen amount being $1,933,000 USD.

Cryptspy

When? July 29, 2014

Cryptspy was the victim of a hack in 2014 losing approximately 13,000 BTC ($7.5 million at the time) and approximately 300,000 LTC (then $2.08 million at the time). The platform could not withhold the loss and claimed to be insolvent in January 2016.

Bitstamp

When? January 4, 2015

Bitstamp was a popular crypto exchange that claimed to have lost less than 19,000 BTC which translates to about $5.1 million at that time. A number of crypto wallets were at stake and upon learning of the security breach, the Bitstamp team issued several warnings to its users regarding deposits and moved to suspend operations. The breach was only a small fragment of Bitstamp’s total bitcoin reserves, of which the majority was held in secure offline cold storage systems.

796 Chinese Crypto Exchange Hack

When? January 27, 2015

796, a crypto exchange based in China, mistakenly ended up losing 1000 BTC of customer funds through a botched customer service request. The platform ‘s security team explained that the attackers took advantage when a user had filed a customer support request “to mention the current address has been tampered with, coupled with hackers deliberately [using] a similar address with the original withdrawals address to confuse users…”.

BTER

When? February 14, 2015

BTER,a crypto exchange stated that it had lost 7,170 bitcoins, or nearly $1.75 million USD at that time, via a high possible hack on its cold wallet system. The platform almost immediately notified users that they will shut down their platform in the wake of the attack and that withdrawals for user balances “will be arranged later”. It also offered a 720 BTC bounty “for chasing it back”.

Kipcoin

When? February 18, 2015

KipCoin was a bitcoin exchange wallet service provider, based in China. On February 18, the day of the Chinese Lunar New Year’s Even the platform announced through a post on their website, that their wallet servers were hacked and that they had lost more than 3000 BTC. Numerous members of the bitcoin community were concerned about platforms similar to KipCoin. The platform’s wallet service offered a 22% annualized interest which was paid on a daily basis.

Bitfinex

When? May 22, 2015

Similar to Kipcoin, Bitfinex was a bitcoin exchange and wallet provider based out of Hong Kong. The hot wallets of the platform wee compromised leading to a theft of Bitcoin. The platform prompted its users to stop depositing bitcoin to old addresses in their Bitfinex account, or any other transactions regarding Bitcoin almost immediately. The approximate amount of bitcoin stolen through the hack was just over 1,400 or around 0.06 percent of the company’s total Bitcoin holdings.

Gatecoin

When? May 9, 2016

Gatecoin suffered from a cyber attack on its hot wallets which resulted in the loss of funds, namely 185,000 Ethers (ETH) and 250 Bitcoins (BTC), totalling up to roughly $2.14 million USD at press time. The exchange stated that it believes the hack began initially on 9th May 2016, but it continued over the next three days as well. The situation was unclear and the platform claims that the cold storage funds were almost compromised too.

ShapeShift

When? June 30, 2016

ShapeShift, a cryptocurrency exchange that claimed it was the “safest asset exchange on Earth” , which used to convert between different digital currencies. However, it faced a security breach three times over a span of two weeks. The attackers looted the platform’s every single time, which summed up to around $200 thousand USD.

Bitfinex

When? August 2, 2016

Bitfinex suffered from the second largest ever hack in the crypto space in 2016. Bitfinex was the world’s biggest US dollar based exchange for bitcoin, and is known in the industry for offering deep liquidity in the U.S. dollar/Bitcoin currency pair. The platform reported a loss of 119,756 bitcoins valued at $72 million USD at that time.

Bitcurex

When? October 13, 2016

Bitcurex was launched in 2012 and is based in Lodz, Poland. The platform was working on security updates, and a week later, it was attacked losing $1.5 million USD, which was more than 2300 BTC. It was one of the largest bitcoin exchanges which operated in the European market, specifically for trading zloty and euros. It announced that it will shortly close, following the hack.

Yapizon

When? April 26, 2017

Yapizon was a crypto exchange based out of South Korea. The platform announced on social media about the theft of 3,831 Bitcoins, equivalent to 37.08% of the total assets held by Yapizon, the staff confirmed it as well. Similar to Bitfinex’s decision, the platform stated that it would dock the remaining customer balances, by the same amount to spread the burden of the incurred losses. The reported loss was worth $4,850,000 USD at press time.

Bithumb South Korean Exchange hack

When? June 27, 2017

Bithumb was the largest Bitcoin and Ether exchange in South Korea in terms of trading volume in 2017. The platform suffered from a cyber attack which resulted in a loss of billions of won from the customers accounts. The attackers were also successful in obtaining the personal information of 31,800 (around 3% of the total user base) the platform’s users, including their names, mobile phone numbers and email addresses. The total or exact amount that was robbed remains undisclosed, but many users found their wallets nearly empty after the hack.

Youbit

When? December 19, 2017

Yapizon rebranded as Youbit in late 2017 and suffered from a second attack. It consisted of an external hack resulting in a loss of about 17% of the platform’s total assets. The platform stated that it will attempt to cover the losses by handing over the operating rights of the company and by claiming their cyber comprehensive insurance which was valued at 3 billion won. The company filed for bankruptcy, shortly after the attack.

Reports speculated and indicated that intelligence services in South Korea suspected that North Korea is behind these attacks against domestic cryptocurrency exchanges, including Bithumb, a market leader.

LocalBitcoins

When? January 26, 2018

LocalBitcoins, the popular peer-to-peer(P2P) trading platform for fiat to bitcoin trading. The platform is one of the oldest Bitcoin exchanges to exist, which was launched in 2012, based in Finland. LocalBitcoins faced a security breach which lasted for almost 5 hours before the platform could put a stop to it. The attackers violated the security of a minimum of six user accounts, and stole more than 7.9 Bitcoins, translating to $27,000 USD. After the attack, the platform prompted all users to enable Two Factor Authentication (2FA) on their accounts.

Coincheck

When? January 26, 2018

Coincheck Inc., a crypto exchange based in Tokyo was broken into by hackers in 2018 with a robbery, $500 million USD in the form of digital assets (NEM coins), marking it as one of the biggest crypto heists till date. The team was successful in tracking the transaction,they identified and published 11 addresses where all 523 million stolen coins ended up. The developers of the NEM blockchain developers developed a tracking tool that would allow crypto exchanges to automatically reject any of the stolen funds.

BitGrail Italian Crypto Exchange hack

When? February 8, 2018

BitGrail was an Italian crypto exchange reported that it had been attack with the hackers who fled with 17 million units of Nano (XRB), the coin was previously known as RaiBlocks. Thereafter, all transactions were temporarily suspended. The Italian platform was considered obscure by many which traded only a very small volume of the coin’s overall transactions.

Coinrail

When? June 10, 2018

Coinrail was another crypto exchange based in South Korea. The platform had suspended all its services after it claimed they faced a “cyber intrusion,” which led to a range of ERC-20 tokens, that functions on the Ethereum blockchain network, was stolen from the platform. The exact amount stolen was not disclosed but the platform did reveal the stolen tokens included the NPXS token from the PundiX project, ATC from Aston and the NPER project’s NPER token. However, a blog post released by Pundi X on indicated that the hacker has stolen around 1,927 ether, 2.6 billion NPXS, 93 million ATX and 831 million DENT coins, as well as huge amounts of six other tokens.

An approximate amount would be a theft of $40 million USD through the hack.

Bithumb

When? June 19, 2018

Bithumb faced a second breach of security , one year from its previous attack. The platform was previously facing issues with its security, it drew attention, a vulnerability that led to the attack. Bithumb confirmed that it will pay the victims of the hack by using its own reserves. It lost digital assets totalled up to about $31 million USD in the attack. The platform also reported the hack to the Korea Internet & Security Agency (KISA), a government organization that monitors internet and cyber security issues in South Korea.

Bancor

When? July 9, 2018

Bancor was a crypto company that served as a decentralized exchange (DEX) which lost around $23.5 million USD equivalent to cryptocurrency tokens belonging to its users through a hack. The platform claimed that a wallet which was used to upgrade a few smart contracts was compromised. This resulted in the attackers making off with $12.5 million in Ether (ETH), $1 million in Pundi X’s NPXS token and $10 million in Bancor’s BNT. Bancor frozen its BNT coins, but the platform could not do the same to the other tokens.

Zaif

When? September 14, 2018

Zaif, a crypto licensed crypto exchange is operated by the Tech Bureau, based out of Japan. The platform took note of an unusual outflow of funds around 17:00 (Japan time) on September 14, after which its suspended transactions related to deposit of assets and any withdrawal services. Tech Bureau investigated the attack and concluded that the hackers had unauthorized access to the exchange’s hot wallets and robbed roughly $60 million USD in bitcoin, bitcoin cash, and MonaCoin.

MapleChange

When? October 28, 2018

MapleChange, a Canadian crypto exchange reporting more than $5 million USD as losses, which is virtually all of the funds it holds , stating that the platform cannot afford to compensate its customers for their losses. Many speculated if the company was really hacked or if the loss was planned by internal representatives belonging to the company. The amount of funds stolen was alleged to be nearly $5.9 million USD in the form of bitcoins. It eventually shut down all operations and social media handles from the public.

Cryptopia

When? February 15, 2019

Cryptopia, a New Zealand based crypto exchange went offline after it suffered from a security breach which had resulted in significant losses. The exact loss was unknown until, Whale Alert sent out a tweet indicating that 19,391 ether (ETH) tokens worth nearly $2.44 million and around 48 million centrality (CENNZ) tokens worth about $1.18 million were transferred from Cryptopia to unknown wallets on January. However, the platform reported the attack to government authorities such as New Zealand police and the High-Tech Crimes Unit to initiate an investigation.

Coinmama

When? February 15, 2019

Coinmama was one of the biggest crypto brokerage service provider in the global market with more than 1.3 million active users. The official statement from the platform stated that 450,000 email addresses and passwords were leaked in a massive global hacking attack involving 24 websites and about 747 million records. However, no digital assets were reported to be stolen. This had been a recurring during the time, where several platforms (not related to the crypto space) faced such attacks. Leakage of the personal information could have been disastrous, but the information was not leaked, fortunately.

DragonEx

When? March 24, 2019

DragonEx, a Singaporean based crypto exchange declared it had been hacked through its Telegram handle that funds owned by the platform and users had been stolen and transferred. The amount remains unknown, however, DragonEx’s Telegram admin offered the wallet addresses for 20 cryptocurrencies to which the stolen funds had apparently been transferred. The list included the top five cryptos in terms of market capitalization such as Bitcoin (BTC), Ether (ETH), Ripple (XRP), Litecoin (LTC) and EOS, as well as Tether, the stablecoin (USDT) for which six destination addresses were provided.

Coinbene

When? March 25, 2019

Massive transactions with outflow of funds was reported from Coinbene in Match. The crypto exchange denied any such claims and stated that it was undergoing maintenance. These transactions reportedly comprised each of the ERC-20 token (totalling up to 109) held by the platform. Those tokens included Huobipool token (HPT), PundiX (NPSX), Maximine coin (MXM) and Udoo (UDOO). The tokens were transferred to around 12 addresses that were different from the alleged attacker’s address. This attack caused a lot of confusion as the platform did not wish to comment on anything. To conclude, the platform faced a loss of more than $100 million USD in a matter of only three days.

Bithumb

When? April 1, 2019

Bithumb suffered from its third attack in 2019. It noticed an unusually large amount being withdrawn by the hacker. The exchange was attacked for a total of 3.07 million EOS (valued at about $13 million USD), which was withdrawn from the exchange’s hot wallet via a series of transactions. Other exchanges that handle and manage EOS coins store them in multisig wallets, unlike Bithumb which used to use merely a single key.

Binance

When? May 7, 2019

Binance is one of the most popular crypto exchanges in the world. The exchange is headquartered in the Cayman Islands and is the the largest crypto exchange globally by trading volume. It faced one of the biggest attacks ever with a loss of 7,000 Bitcoins worth about $40 million USD in a single transaction. The attackers employed several techniques for the break in to be successful including phishing and viruses . The hackers breached the platform’s security systems, obtaining key information, including two-factor codes, APIs, and other data. However, it assured the users that SAFU (Secure Asset Fund for Users) would cover all the incurred losses.

Bitrue

When? June 27, 2019

The Singaporean crypto exchange announced that it 9.33 million Ripple (XRP), worth $4.01 million USD, and 2.5 million Cardano (ADA), worth $231,800 USD, had been accessed and transferred from the platform. A vulnerability in the platform’s system was recognized and exploited. They promised to return the funds back to the users.

BITPoint

When? July 12, 2019

The Japanese exchange reported a theft of 2.5 billion yen (amounting to $32 million at press time) from the exchange’s hot wallet, which consisted of 2.5 billion yen of funds from customers. 50,000 of its 110,000 customer base was affected by the attack. The assets lost were 13 percent of the total digital assets held by the platform. They offered to compensate their users for the incurred losses.

Upbit

When? November 27, 2019

A South Korean exchanged reported that at around 13:06 on November 27th, 2019 (KST), 342,000 ETH was transferred from Upbit’s Ethereum hot wallet to an unknown wallet address. The platform state that it will replace the stolen funds with the company’s assets immediately. The robbed funds amounted to $49,000,000 USD.

Altsbit

When? February 6, 2020

Altsbit stated via Twitter that it had lost nearly all of its funds that stemmed from BTC, ETH, ARRR and VRSC. The amount stolen came up to $73,000 USD.

BuyUcoin

When? Mid 2020

BuyUcoin, a crypto exchange based in Delhi, India suffered from a breach of security with sensitive data of around 325,000 users which has reportedly been leaked to the dark web. The information included personal information, encrypted passwords, details of the user’s wallet, details of the order , bank details, PAN card numbers, passport numbers, and transaction histories. The platform fell victim to a group of hackers known as Shinyhunters, which was on a spree by dumping databases and confidential information for free on the internet.

Eterbase

When? September 8, 2020

Eterbase Exchange, a popular cryptocurrency exchange based out of Slovakia was hacked by threat actors. The attack resulted in a theft of funds valued at $5.4 Million USD. The hot wallets belonging to the customers were looted, about six hot wallets were plundered. The stolen funds were transferred to wallets of Eterbase’s competitors such as Huobi Global, Binance and HitBTC. The platform assured their clients that the funds will not suffer from any damage.

KuCoin

When? September 26, 2020

KuCoin,a crypto exchange headquartered in Singapore had a breach that compromised funds of nearly $281 million USD . The platform detected unusually large withdrawals of bitcoin (BTC) and ethereum (ETH) tokens to an anonymous wallet. The funds were stolen from the platform’s hot wallets. It claimed that its insurance fund will provide complete coverage for the losses. The platform was successful in recovering over 70% of the stolen funds.

Livecoin

When? December 23, 2020

Livecoin is a crypto exchange based in Russia. It suffered from an attack during Christmas Eve, it announced that it was hacked and has lost control over a few of its servers, warning the users stop using their services. The infrastructure of the exchange was controlled and modifications were made by the attackers to exchange rates to unusually large and unrealistic values. Before the exchange could gain control over itself, the Bitcoin (BTC) exchange rate had been blown up from the regular $23,000 USD/BTC to more than $450,000 USD/BTC, Ether (ETH) ballooned from $600 USD/ETH to $15,000 USD, and Ripple (XRP) price increased from $0.27 USD/XRP to more than $17 USD/XRP.

While the exchange rates were facing changes, the hackers looted huge amounts of funds from users and prompted users to refrain from using their services.

Cryptopia

When? February 1, 2021

Cryptopia, a liquidated crypto exchange based out of New Zealand faced an attack again, after 2019. The hackers stole about NZD 62,000 ($45,000 USD) worth of crypto from the already troubled exchange.

Hotbit

When? April 29, 2021

Hotbit faced a fatal cyber attack which resulted in most of their services to be frozen. The attackers tried gaining access to Hotbit’s wallets as well, but the platform detected the attempt and put a top to it immediately. The platform also announced that the hacker had deleted the user database because they failed to obtain any digital assets. They also warned users that their personal information was at stake and that there is a huge possibility that it has been leaked, including registered phone number, email address and data regarding their assets. However, the database had been backed up by Hotbit prior to the attack.