The History of Crypto Exchange Hacks

Although one of the biggest benefits of using blockchain is the security it offers and the fact that, once on the ledger, it cannot be removed, the exchanges that house digital coins aren't always impervious to security hacks. In this guide, we explain why this is the case.

Although one of the biggest benefits of using blockchain is the security it offers and the fact that, once on the ledger, it cannot be removed, the exchanges that house digital coins aren’t always impervious to security hacks. In this guide, we explain why this is the case.

January 2019  Cryptopia
January 2018  Coincheck
June 2017  BitHumb
May 2016  Gatecoin
August 2016  Bitfinex
July 2015  Bitstamp
March 2014  Poloniex
January 2014  Cryptsy Exchange
September 2012  Bitfloor
June 2011 and February 2014  Mt. Gox

Ever since cryptocurrencies and exchanges became popular, criminals have been hunting for new ways to exploit weaknesses. Although forex and CFD trading sites aren’t fully impervious to hacks, crypto sites have become the main focus for cybercriminals in recent years. Why? Put simply, because the technology is relatively new and those involved have had to learn as they go.

To give you an idea of just how devastating a Bitcoin attack can be, here’s a rundown of the most significant crypto exchange hacks in recent times.

January 2019 – Cryptopia

Cryptopia exchange hack 2019

Cryptopia Exchange was hacked at the start of 2019. Image: Sharaf Maksumov/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2014
  • Affected users: 450,000
  • Based: New Zealand
  • Coins Stolen: ETH, BTC
  • Number of users: 2 million
  • Coin Value ($): $16 million
  • One of the largest exchanges in New Zealand.
  • Hot wallet hack.

Summary of Hack:

The 2019 Cryptopia hack was unique in the fact that it targeted user wallets. Unlike other hacks, which exploited coding vulnerabilities within the exchange’s or the company’s hot wallets, this one saw user accounts compromised instead

Outcome for Users:

Affecting 450,000 users and forcing the exchange to suspend operations,. Between January 14 and February 13, 2019, the criminals stole more than $16 million in Bitcoin (BTC) and Ethereum (ETH).

January 2018 – Coincheck

Coincheck exchange hack 2018

Coincheck exchange was hacked early in 2018. Image: Burdun Iliya/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2014
  • Affected users: 260,000
  • Based: Japan
  • Coins Stolen: NEM
  • Number of users: 1.7 million
  • Coin Value ($): $550 million
  • Handles $160 million transactions per month.
  • No multisig security on exchange’s wallet.

Summary of Hack:

Unlike the majority of Bitcoin hacks, the Coincheck exchange attack one saw cybercriminals target NEM Coins. Today, it stands as one of the largest crypto exchange hacks ever, achieved by the perpetrators by accessing one of Coincheck’s hot wallets.

The major fault here was that Coincheck Exchange used to keep all of its NEM coins in a single wallet and failed to secure it using the coin’s multisig contract security. What’s more, the exchange wasn’t listed with Japan’s Financial Services Agency (FSA), meaning it hadn’t ensured the necessary safety provisions were in place before going live.

June 2017 – BitHumb

Bithumb exchange hack 2017

BitHumb Exchange was hacked in 2017. Image: Jarretera/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2013
  • Affected users: 30,000
  • Based: South Korea
  • Coins Stolen: BTC
  • Number of users: 2.5 million
  • Coin Value ($): $870,000
  • Offers some of the lowest fees in South Korea.
  • Social engineering hack.

Summary of Hack:

As crypto and Bitcoin hacks have evolved, so too have the ways in which criminals have gained access to funds. In 2017, an infected computer at BitHumb exchange HQ allowed criminals to steal customer data. Using this information, the hackers posed as employees of BitHumb in order to obtain passwords and private keys. Those that handed over their details had their accounts emptied.

Outcome for Users:

The 30,000 customers that handed over their details had their accounts emptied. In total, $870,000 worth of BTC was stolen.

May 2016 – Gatecoin

Gatecoin hack 2016

Gatecoin was hacked in 2016 and suffered losses of over $2 million. Image: Piotr Swat/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2013
  • Affected users: 185,000
  • Based: China
  • Coins Stolen: ETH, BTC
  • Number of users: 1 million
  • Coin Value ($): $2.14 million
  • Was founded by investment bankers
  • Faked DAOs.

Summary of Hack:

In a twist on traditional crypto exchange hacks, Gatecoin lost $2.14 million worth of BTC after criminals stole decentralised autonomous organisations (DAOs). DAOs are Ethereum-based assets that allow people to fund projects on the network and make a profit if it’s successful. Over the course of three days, hackers created fake DAOs in order to steal money from investors.

Outcome for Users:

Following the hack, Gatecoin managed to attract investors and repay all those who lost Bitcoin in the attack. However, a year after the incident, people who lost ETH hadn’t received their money back.

August 2016 – Bitfinex

Bitfinex exchange hack 2016

Bitfinex Exchange was hacked in 2016. Image: Burdun Iliya/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2012
  • Affected users: 120,000
  • Based: China
  • Coins Stolen: BTC
  • Number of users: 1.6 million
  • Coin Value ($): $72 million
  • One of the oldest online exchanges.
  • Poorly coded wallets.

Summary of Hack:

Despite being a victim of the second largest crypto exchange hack in history, the Bitfinex exchange demonstrated how to handle a problem like a pro. After hackers exploited a weakness in the company’s multi-signature wallet, they were able to steal 120,000 BTC ($72 million).

Outcome for Users:

Instead of going into liquidation and leaving investors out of pocket, the exchange issued BFX tokens. These were redeemable for USD at times and quantities outlined by a strict schedule. In the end, everyone was reimbursed and Bitfinex was able to secure its platform and regain the trust of traders, as we’ve pointed out in our Bitfinex exchange review. What’s more, in 2019, US authorities managed to recover 28 BTC from the hackers.

July 2015 – Bitstamp

Bitstamp exchange hack 2015

Bitstamp exchange suffered being hacked in 2015. Image: Piotr Swat/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2011
  • Affected users: Unknown
  • Based: Luxembourg
  • Coins Stolen: BTC
  • Number of users: 2 million+
  • Coin Value ($): $5 million
  • More than 100,000 users joined each day in 2017.
  • Hot wallet hack.

Summary of Hack:

One of the main issues with hot crypto wallets is that they’re always online and, therefore, they’re susceptible to attacks. In contrast, cold (offline) wallets can’t be accessed by cybercriminals. Unfortunately, because exchanges need quick access to funds, they have to use hot wallets. In 2015, one of Bitstamp’s hot wallets was compromised, allowing hackers to enact a simple wallet-to-wallet transfers.

Outcome for Users:

In total, criminals transferred 19,000 BTC (worth $5 million at the time) to their own wallets. Today, Bitstamp Exchange uses multi-signature wallets, meaning it’s much more secure than before.

March 2014- Poloniex

Poloniex exchange hack 2014

Poloniex Exchange hack was hacked back in 2014. Image: Sharaf Maksumov/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2014
  • Affected users: 12.3% of site’s BTC supply
  • Based: US
  • Coins Stolen: BTC
  • Number of users: 2 million+
  • Coin Value ($): Unknown
  • Among the top 40 crypto exchanges in the world.
  • Coding error linked to withdrawals.

Summary of Hack:

A faulty withdrawal code resulted in the loss of an undisclosed amount of digital coins from the Poloniex exchange back in 2014. Spotting a way to exploit the coding error, hackers were able to withdraw coins to their wallets without having a positive balance.

Outcome for Users:

Poloniex declined to say just how many tokens were stolen. However, it emerged that users had their funds reduced by 12.3%. In time, everyone was paid back and Poloniex is now one of the safer online exchanges, as we’ve seen in our in-depth Poloniex review.

January 2014 – Cryptsy Exchange

Exchange Info Hack Info
  • Founded: 2013
  • Affected users: 130,000
  • Based: US
  • Coins Stolen: LTC, BTC
  • Number of users: 130,000
  • Coin Value ($): $5.2 million
  • Handled 300,000 trades per day.
  • Few details are known. Suspected hot wallet attack.

Summary of Hack:

Although this incident wasn’t made public until 2016, the hack actually took place in 2014. Few details are known about how the incident occurred. However, the owners stated that 13,000 Bitcoin and 300,000 Litecoin was lost during the attack.

Outcome for Users:

Unfortunately, despite the owners asking for help to redress the balance, new investors were unwilling to pledge more money to the site. Eventually, the platform closed and user funds were lost.

September 2012 -Bitfloor

Exchange Info Hack Info
  • Founded: 2012
  • Affected users: Unknown
  • Based: US
  • Coins Stolen: BTC
  • Number of users: 1 million
  • Coin Value ($): $250,000
  • Was the fourth largest exchange dealing in USD at the time.
  • Private keys weren’t encrypted.

Summary of Hack:

This hack taught the industry a lesson on the importance of storing private keys in the correct way. Instead of encrypting online backups for its private keys, Bitfloor kept them in unsecured data files. This allowed hackers to break into the files and access wallets illegally.

Outcome for Users:

Once a team of hackers spotted the weakness, they targeted the files and used them to illegally access the exchange and syphon off 24,000 BTC. Fortunately, all users received a full refund. However, the exchange was forced to close just a few months later.

June 2011 & February 2014 – Mt. Gox

mt gox exchange hacked twice

Mt. Gox Exchange has been hacked twice under similar circumstances. Image: 360b/Shutterstock.com

Exchange Info Hack Info
  • Founded: 2010
  • Affected users: 100,000+
  • Based: Japan
  • Coins Stolen: BTC
  • Number of users: 2 million+
  • Coin Value ($): $450 million
  • It was the largest exchange in the world at the time.
  • Non-encrypted auditor credentials.

Summary of Hack:

The first high-profile crypto exchange hack occurred back in 2011. Hitting the Mt. Gox exchange, the incident saw a group of cybercriminals obtained the platform’s auditor’s credentials. This allowed them to transfer 2,609 Bitcoin (BTC) to an address the owners didn’t have security keys for.

Despite the Bitcoin hack, the Japanese exchange was only down for a few days before customers started trading again. Unfortunately, a similar hack took place in 2014.

Outcome for Users:

Following the 2014 hack, the exchange was forced into bankruptcy after criminals stole 750,000 BTC (worth $350 million). As well as traders losing their money, the hack crippled the price of BTC because Mt. Gox was responsible for 70% of all Bitcoin transactions at the time.

How Do Crypto Exchange Hacks Happen?

As we’ve touched upon, there are two main ways cryptocurrency exchange hacks typically take place. The most common is via unsecured hot wallets. If these wallets aren’t protected with the latest encryption methods, hackers can infiltrate them, send funds to their own wallets and cause disruption.

The other common way to steal funds from an exchange is by exploiting a weakness in its design. For example, when thieves took money from Poloniex, they were able to manipulate the withdrawal system. As explained by owner Tristan D’Agosta, the flaw in their system was that withdrawals were processed simultaneously rather than sequentially. This allowed hackers to request cashouts and have accounts in a negative balance without being detected until it was too late.

The final way BTC hacks occur is via social engineering. As demonstrated by the BitHumb hack, a compromised user can be forced into handing over sensitive information hackers can use to steal funds.

How Do Exchange Hacks Affect the Industry?

Whenever a major hack occurs, two things happen. Firstly, the affected exchange is often forced to suspend operations and investigate the incident. From that, it usually follows that consumers lose faith in the platform and, in some cases, may be out of pocket.

The second thing that happens is a drop in the price of any digital token caught up in the problem. For example, when Mt. Gox was hacked in 2014, the price of Bitcoin plummeted by hundreds of dollars. Because an unexpected number of coins go missing, liquidity drops because there are fewer coins to trade. However, unlike times when low liquidity causes a price spike, the chances are that stolen coins could be lost forever. With little chance of recovery, prices actually fall.

However, it’s not all bad news. Crypto exchange hacks almost always result in better safety standards. If the affected exchange survives, it inevitably improves its security provisions, often leading to a better experience for customers and encouraging other platforms to follow suit. Beyond that, the industry as a whole reacts. Governments may respond with new regulations, while crypto companies will increase security spending in order to avoid becoming the next victim.

The rise of CFD trading has been a response to crypto exchange hacks. By aligning, Bitcoin, forex and other tradable assets, brokers have provided a regulated way to invest in cryptos. Because online trading sites offering forex et al have to be regulated, they have to abide by certain standards. In practice, company accounts, wallets and software such as MT4 all have to highly secure.

Put simply, with CFD trading sites acting as a guide, Bitcoin trading platforms are now following suit. One way in which exchanges are doing that is to offer secure payment options such as Visa and PayPal. Beyond that, you’ll find exchanges are now investing in multisig wallets and, more importantly, pushing for regulation. Industry insiders have already formed their own set of standards in lieu of formal ones being introduced by established regulators. So, while altcoin and Bitcoin hacks are never desirable, they have helped to shape the industry and make it more secure.

Can You Avoid Altcoin and Bitcoin Hacks?

Individually, none of us can prevent BTC hacks. However, as crypto traders, we can mitigate the risk of hacks by doing your research but also by spreading our interests. Instead of using a single exchange, you should use many. Similarly, instead of a single crypto wallet, use many. Put simply, if you keep your investments in multiple places, you’re dramatically reducing the risk of losing all of your money.

Perhaps the easiest way to think about this is to remember the saying “don’t put all your eggs into one basket.” By reading through our exchange reviews and selecting a handful of baskets (sites), you’ll still have to ability to make an omelette if one egg gets cracked.

The final way to avoid becoming the victim of a hack is to use all the security features at your disposal. Things such as two-factor authentication and cold wallets should be a standard. Additionally, you should always write down your private keys and never give them to anyone else. If you can do these things and choose the most reputable exchanges, your risk of losing money because of a crypto hack will be low.

Additional Resources

Featured image source: Gorodenkoff/Shutterstock.com

Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence. This website is free for you to use but we may receive commission from the companies we feature on this site. Click here for more information.