Top cryptocurrency hacks, leaks and thefts by August 2017
Ever since its’ inception, Bitcoin and cryptocurrencies have been accompanied by hacks and occasional theft. In a way, certain shadiness is bound to be present given the anonymous and highly technical nature of cryptocurrencies. That is definitely not to discourage you from getting in, on the contrary – once each hack is fixed the systems become more stable and balanced.
Behind every major cryptocurrency, especially Bitcoin, there is a team of enthusiastic developers all over the world working day and night overseeing their precious code. As a result each hacker gets to suffer from the full power of crowd-sourcing genius each time a malicious attempt is made.
Let’s revisit the history of major cryptocurrency hacks with the following interesting cases:
August 2010 – BTC transfer protocol hack, 184 billion Bitcoins theft attempt.
The hacker was able to generate a single block with a 184 billion Bitcoin transaction. At the early stage of BTC that was possible through an exploit, and a Bitcoin core developer Jeff Garzik noticed it.
After alerting Satoshi Nakamoto himself, Jeff and others help patch a quick fix so the attacker was left bare-handed. There is a historic thread dedicated to that over at BitcoinTalk.
Bitfloor hack – September 5 2012, 24K BTC missing.
Several months later, in spring 2013 Bitfloor was closed forever, having paid out just a couple percent of the stolen deposits. The reason for closure was their US bank account termination.
March 2014 – MtGox hack and theft of $473 million
MtGox was a originally Magic the Gathering marketplice that was fast enough to adapt and start trading Bitcoin. However, with large amounts of coin came a lot of corruption and greed, and at some point the whole exchange got hacked (or did it?). From then on such hacks started to occur more often, that is why we recommend not to store your long-term investments at exchanges.
BitPay theft, December 2014 – 3000 Bitcoins
The amount stolen may seem modest but this story deserves a place on our list. Mainly because of elegance of the attacker and, actually, stupidity of the attacked.
It all started when BitPay’s CFO, Bryan Krohn, received a phishing email asking him to take part in a fake interview. Whatever was in that email but Bryan entered his BitPay credentials on a phishing webpage, giving them to the hacker. The attacker then proceeded to write several emails to the CEO of Bitpay, Stephen Pair, asking him (pretending to be Krohn) to transfer chunks of 1K Bitcoins to certain wallets several times. This worked surprisingly well and that’s how both top managers sent over $1.8 million dollars to someone who fooled with their a email.
Bitstamp hack – January 2015, $5100000 stolen.
This attack targeted the operational wallet (aka the hot wallet) that the exchange was using. This is a very common type of hack yet the amount of coin missing was huge. Interestingly though, Bitstamp employees were targeted for weeks prior to the hack – their email and Skype was bombarded with malware. Ultimately, the system administrator at the time downloaded a malware file that he thought was important for him. Then the hot wallet got hacked.
Like the article? Get more like these to your email:
DAO hack, $50 million stolen – June 2016
Spring-summer of 2016 was marked by Ethereum being the “next big thing”. DAO was one of the first Ethereum-based ICOs and the hack was based on an Ethereum contract vulnerability. As a result the DAO attacker was draining cryptocurrency while the world watched. He even released an address to the public that became iconic. In his address the attacker explained how he was draining Ether through a “legitimate” hole and if the devs were to stopt it that would basically mean “censorship” and an end to Ethereum’s charm.
As a result of the hack Ethereum was hard-forked and most of the funds were restored; but that shook Ethereum itself, because stood against the principles declared. Basically the whole Ethereum infrastructure was changed to revert a certain situation that happened within an unrelated child structure (DAO). What’s to guarantee this won’t ever repeat again, this time with a malicious intent of the Ethereum developers?
Ultimately, the DAO hack gave start to a chain of risky and questionable Ethereum ICOs that’s been associated with borderline Ponzi scheming and their respective hacks. As a result SEC has published a warning about ICOs being a very risky practice.
CoinDash ICO hack – July 2017
CoinDash was an Israeli startup aimed at building a dashboard for management of crypto assets. The startup was about to crowdfund itself by running an ICO – and just 13 minutes into the ICO hackers managed to turn it all around.
This time the weak point was CoinDash’ website that was listing Ethereum address to send Ether to. The hackers broke into the website, inserted their own address and started gathering gas. Moreover, from time to time the web page was serving the real ICO Ethereum address, which kept the funds coming in. As a result the startup raised $6 million and the hacker – $7 million (edit – about $10 million by August 2017).
BitFinex hack – 2 August 2016 – 120K Bitcoins stolen
BitFinex is a popular cryptocurrency exchange that suffered a hacker attack due to their wallet vulnerability. Around 120000 Bitcoins were stolen, and like with all crypto, the world was watching the attacker’s addresses fill up with coins. As all the transactions ever get recorded in the Blockchain it’s always visible where the stolen Bitcoin goes. In 2017 users noticed that the stolen coins are starting to enter other cryptocurrency exchanges.
So what do we do about it?
The main takeaway is this: security above all. Namely:
- stay away from malware (email, messengers, phishing URLs – all that is still the easiest way to rip you off even in 2017);
- use extra layers of security (2+ factor authentication etc.);
- diversify wallets (use hardware and paper wallets for large amounts and long term storage);
- do not store your coins @ exchanges, other than the amount you’re daytrading with;
- do not jump on just every ICO out there.