The biggest crypto heists to date are MT Gox, Linode, BitFloor, Bitfinex, Bitgrail, Coincheck, KuCoin, PancakeBunny, Poly Network, Cream Finance, BadgerDAO, Bitmart, Wormhole, Ronin network, Beanstalk, Harmony Bridge, and FTX.
Mt. Gox remains the greatest cryptocurrency robbery in history, with over 850k Bitcoin stolen between 2011 and 2014. Mt. Gox claimed that a fault that caused the loss is due to an underlying bug in Bitcoin, known as transaction malleability. Transaction malleability is the process of altering a transaction’s unique identifier by altering the digital signature that was used to produce it.
In September 2011, it was discovered that MtGox’s private keys were compromised, and the firm did not use any auditing techniques to discover the breach. Furthermore, because MtGox re-used Bitcoin addresses regularly, the stolen set of keys was used to steal new deposits constantly, and by mid-2013, over 630k BTC had been taken from the exchange. Surprisingly, WizSec (a group of Bitcoin security specialists) claims that proof of ongoing theft may be gleaned from blockchain transactions to support this assertion.
Many companies use cold and hot wallets to minimize large losses, as shown with Mt. Gox. All coins are transmitted to the exchange’s cold wallet, which is manually transferred to the hot wallet as necessary. If an exchange’s server is hacked, the thief can only steal money from the hot wallet, allowing the exchange to decide how many coins it is prepared to risk.
Linode, a web hosting firm, was utilized by Bitcoin exchanges and whales of the community to store their hot wallets. Linode was hacked in June 2011, and the virtual services that stored the hot wallets were targeted.
Unfortunately, this resulted in the theft of at least 46k BTC, the actual number of which is still unknown. Bitcoinia, which lost over 43k BTC, and Bitcoin.cx, which lost 3k BTC, were among the casualties, as was Gavin Andresen (Bitcoin developer), who also lost 5k BTC.
While these thefts are less severe, high-impact Bitcoin burglaries have continued, with 24k BTC stolen from BitFloor in May 2012. An attacker gained access to an unprotected (i.e., unencrypted) backup of wallet keys and stole the virtual currency worth roughly a quarter-million dollars in the crime. As a result, BitFloor creator Roman Shtylman decided to shut down the exchange.
The usage of multisig (the requirement of multiple keys to authorize a BTC transaction) is not a silver bullet in and of itself, as evidenced by another huge heist at Bitfinex, which resulted in the theft of 119,756 BTC.
Bitfinex exchange had teamed up with BitGo to act as a third-party escrow for customer withdrawals. Bitfinex also appears to have chosen not to use cold wallets in order to obtain a statutory exemption from the Commodities and Exchange Act. While the idea of employing threshold signatures is appealing, it does not guarantee that the authority to authorize transactions is spread.
Bitgrail was a small Italian exchange that traded in obscure cryptos like Nano (XNO), previously known as RaiBlocks. Nano was worth as little as 20 cents in November 2017; however, when prices lingered around $10, the exchange was hacked in February 2018, putting BitGrail’s losses at $146 million.
The cyber theft of a cryptocurrency deceived more than 230,000 people. Unfortunately, small exchanges do not implement basic protection, such as a cold storage wallet, putting a lot of money at risk. According to the director of the national center for cyber crimes, Ivano Gabrielli, it became evident that the BitGrail CEO was implicated in the BitGrail scandal.
Coincheck, based in Japan, had $530 million worth of NEM (XEM) tokens stolen in January 2018. The identity of the Japanese hackers who broke into the security system is still a mystery.
Following the investigation, Coincheck revealed that hackers were able to gain access to their system due to a staffing deficit at the time. The hackers were able to comprise the system successfully due to funds being kept in hot wallets and insufficient security measures in place.
KuCoin announced in September 2020 that hackers had obtained private keys to their hot wallets before withdrawing substantial quantities of Ethereum (ETH), BTC, Litecoin (LTC), Ripple (XRP), Stellar Lumens (XLM), Tron (TRX) and Tether (USDT). Lazarus Group, a North Korean hacker group, has been accused of committing a robbery on cryptocurrency exchange KuCoin, resulting in a $275 million loss of funds. However, the exchange was able to recoup approximately $240 million in payments later.
The flash loan attack, in which hackers were able to siphon $200 million from the platform, occurred in May 2021 and is among the more severe cases of cryptocurrency theft. The hacker loaned a big sum of Binance Coin (BNB) before manipulating its price and selling it on PancakeBunny’s BUNNY/BNB market to carry out the attack.
A flash loan must be borrowed out before repaying the amount all at once. The hacker obtained a large number of BUNNY via a flash loan, then dumped all of the BUNNY on the market to lower the price, and then repaid the BNB using PancakeSwap.
In August 2021, a hacker stole approximately 600 million USD worth of digital tokens in one of the greatest cryptocurrency thefts ever. A hacker known as “Mr. White Hat” exploited a weakness in the network of Poly Network, a DeFi platform.
The narrative has gotten stranger by the day since the initial theft. Mr. White Hat not only maintained a public and consistent dialogue with Poly Network, but they also returned everything that had been stolen a week later, except $33 million in Tether (USDT) that had been frozen by the issuers.
Mr. White Hat was once given a 500,000 USD prize for returning all stolen cash, as well as a job offer to become Poly Network’s senior security officer.
The hackers stole $130 million in Cream Finance’s October 2021 incident. It was Cream Finance’s third cryptocurrency robbery of the year in which hackers took $37 million in February 2021 and $19 million in August 2021.
The monies appear to have been obtained through a flash loan in a highly complicated transaction costing over 9 ETH in gas and involving 68 different assets. The attacker used MakerDAO’s DAI to produce a huge number of yUSD tokens while also taking advantage of the yUSD price oracle computation.
Consequently, on the Ethereum network, they were able to take all of Cream Finance’s tokens and assets, totaling $130 million.
A hacker succeeded in stealing assets from multiple cryptocurrency wallets on the DeFi network, BadgerDAO, in December 2021. The incident is related to phishing when a malicious script was injected into the website’s user interface via Cloudflare.
The hacker exploited an application programming interface (API) key to steal $130 million funds. The API key was created without the knowledge or permission of Badger engineers to inject malicious code into a fraction of its clients regularly. However, about $9 million was recovered as the hackers were yet to withdraw funds from Badger’s vaults.
In December 2021, a hack of Bitmart’s hot wallet resulted in the theft of about $200 million. At first, it was thought that $100 million had been stolen via the Ethereum blockchain, but additional research found that another $96 million had been stolen via the Binance Smart Chain blockchain.
Over 20 tokens were taken, including altcoins such as BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, as well as substantial quantities of Moonshot (MOONSHOT), Floki Inu (FLOKI) and BabyDoge (BabyDoge).
An attack on Wormhole, the Ethereum and Solana bridge, defrauded users of an estimated $328 million, ranking as the fourth-largest breach in the history of DeFi. The attacker used minted tokens to claim ETH that was held on the Ethereum side of the bridge by exploiting a mint function on the Solana side of the Wormhole bridge to create 120,000 wrapped Ethereum (wETH) for themselves, according to CertiK’s (blockchain security and smart-auditing company) preliminary investigation.
Ronin Network (Axie Infinity)
Ronin Network, a cryptocurrency network focused on gaming, revealed on March 29, 2022, that it had been hacked and that a staggering $620 million had been lost. According to Etherscan, an attacker “used hacked private keys to generate bogus withdrawals” from the Ronin bridge over two transactions. The popular Axie Infinity game’s publishers, Sky Mavis, and the Axie DAO were impacted by the exploit on Ronin validator nodes.
The governance protocol of Beanstalk, an Ethereum-based stablecoin platform, was the target of an attack in April 2022. The value kept in the Beanstalk protocol was given to the Ukraine fund after the fraudulent proposal was implemented, and the attacker(s) utilized it to repay their flash loan. Out of the $181 million that was stolen in the end, the assailant made a profit of $76 million.
Horizon Bridge (Harmony)
In June 2022, hackers broke into Harmony Protocol, which allows transactions between Ethereum, Binance, and Bitcoin blockchains. They stole $100 million worth of cryptocurrencies, including ETH, Binance Coin (BNB), USDT, USD Coin (USDC), and Dai.
Hackers stole $323 million from the Bahamas-based parent business FTX.com, $2 million from Alameda Research, and $90 million from its US platform in November 2022. However, FTX claimed to have recovered $1.7 billion in cash, $3.5 billion in purportedly liquid cryptocurrencies, and $300 million in liquid equities.