In this article, we will compile a complete list of cryptocurrency exchange hacks, starting with the most recent major hack of the Binance exchange , where hackers stole tokens BNB
totaling $ 570 million, and ending with the Mt. Gox, which during the period from 2010 по февраль 2014 годов
was the world’s largest cryptocurrency exchange Bitcoin
and serviced 80%
transactions.
This whole cyclic process of hacks is due to user data leaks . Cryptocurrency exchange hacks cause particular damage, loss of funds stored in cryptocurrency wallets of exchange users. Although cryptocurrencies are very secure in and of themselves, exchanges can be subject to many vulnerabilities, making them a prime target for hackers.
One would hope that over time, cryptocurrency exchanges will become more secure. Unfortunately, the reality is that more and more exchanges get hacked every year. As cryptocurrencies and exchanges remain largely unregulated, it is not clear who has jurisdiction over the cryptocurrency markets.
We have compiled an exhaustive list of cryptocurrency exchange hacks — you will be amazed at how much has been stolen over the years.
October 2022 — Binance
The value of lost assets: 570 million US dollars.
The cryptocurrency exchange Binance
temporarily suspended its blockchain network after hackers stole $ 570 million worth of BNB tokens .
Binance said late on Thursday (Oct 6) that a bridge connected to its token chain had been attacked BNB
, allowing hackers to move BNB. off-chain tokens. The so-called кроссчейн-мосты
are tools that allow you to transfer tokens from one blockchain to another.
August 2021 — PolyNetwork
The value of lost assets: 610 million US dollars.
Cryptocurrency exchange PolyNetwork
, due to the cross-chain protocol which was compatible for Bitcoin (BTC)
,, Ethereum (ETH)
and Neo (NEO)
other cryptocurrencies. The кросс-чейн
transaction feature PolyNetwork
allows users to transfer assets between different blockchains without having to convert them through exchanges.
According to programmer Kelvin Fichter , the protocol creates digital self-managed safes on two different blockchains
. It then allows the user to withdraw funds from one box only after they receive confirmation from the other box that the corresponding amount of assets has been deposited into it.
The hacker (or hackers) managed to find a way to trick the safe box into releasing the funds stored in it without obtaining legal permission from another blockchain. They took advantage of this vulnerability 10 августа
to steal over $610 million in total .
Fortunately, this story has a happy ending. The team Poly Network
made contact with the hacker shortly after the attack, which eventually led to the return of all $ 610 million worth of stolen assets .
September 2020
The value of lost assets: 280 million US dollars.
Next on our list is KuCoin
, another major crypto exchange that was hacked 25 сентября 2020 года
, stripping $285 million of user assets. In this case, it can be noted that the quick and accurate actions on the part of the exchange, coupled with close cooperation with other companies in the cryptocurrency industry, allowed KuCoin to survive after the incident.
Within a week of the hack Chainalysis
, the blockchain data processing company traced all the stolen funds and was able to get on the trail of the criminals. Their Reactor crypto-forensic tool kept the money out of sight, despite criminals trying to mask the movement of funds through coin mixers and decentralized exchanges ( DEXs ), which usually leave no trace.
Through the use of blockchain tools and cooperation with other exchanges and law enforcement agencies, he KuCoin
returned84%
the stolen tokens, and covered the remaining losses from his own capital and insurance fund . Moreover, after the attack, the exchange established the Safeguard Program to enable other crypto companies to benefit from their invaluable experience in dealing with the consequences of a hack, if they find themselves in a similar situation.
With a skillful approach to resolving the incident KuCoin
, she earned the respect of customers and rightfully ranked sixth among the leading cryptocurrency exchanges with a daily trading volume of about $ 1.92 billion as of на август 2021 года
.
February 2020
The value of lost assets: 70 thousand US dollars.
The Italian exchange Altsbit
only existed for a few months before it was hacked. The exchange initially reported a hack , claiming almost all funds had been stolen . After more thorough research, it turned out that Altsbit lost less than half of the stored cryptocurrency.
Altsbit
announced that it only had enough funds for a partial refund , and that they would close in May 2020 . The hacker group Lulzsec claimed to be responsible for the hack, although it is still unclear how they managed to pull it off. Approximately $ 70,000 worth of cryptocurrencies were stolen .
November 2019
The value of lost assets: 51 million US dollars.
The South Korean exchange Upbit
suffered a major hack when the hackers escaped 342 000 ETH
(at the time of the hack they were valued at $51 million ). Rumors circulated that this was an inside job, as the stolen cryptocurrency was allegedly taken from an Upbit cold wallet . This turned out to be a false alarm. Fortunately, Upbit
he promised to cover the losses.
However, the story does not end there. The stolen cryptocurrency was on its way . Whoever took it moved it between wallets, though it’s not clear what purpose this would serve. As of January 2020, Upbit has completed a major security update after a brief suspension of service.
November 2019
The value of lost assets: 500 thousand US dollars.
Based in Vietnam VinDAX
, this is a relatively small crypto exchange that mainly sells tokens for relatively unknown blockchain projects. The hackers don’t care about the size of the exchange, they only care about the money, and they managed to steal half a million dollars worth of cryptocurrencies from VinDAX .
In response VinDAX
, he sent an email to the projects affected by the theft, asking for funds . It is unclear whether any of the projects accepted the proposal or not.
July 2019
The value of lost assets: 30 million US dollars.
The Japanese exchange Bitpoint
noticed an error in its outgoing money transfer system and immediately suspended its services. However, it was too late. Due to a security breach, hackers stole over $ 30 million worth of cryptocurrencies .
Luckily, Bitpoint was able to recover $2.3 million in stolen cryptocurrencies from overseas exchanges. Bitpoint
stated that it would pay compensation to its users , but did not say when this would happen.
June 2019
The value of lost assets: 5 million US dollars.
The Singapore exchange Bitrue
has suffered a major hot wallet hack . Only 90 Bitrue users were affected , but the stolen cryptocurrency was worth nearly $ 5 million . Luckily for users who lost their funds, Bitrue
he assured them that they would be fully refunded .
June 2019
The value of lost assets: 10 million US dollars.
A cryptocurrency exchange GateHub
based in the UK and Slovenia suffered a major hack when hackers stole $10 million worth of Ripple . While it is still unclear exactly how the hackers gained access to users’ funds, the criminals managed to gain access to the encrypted secret keys . So far, GateHub
some progress has been made in recovering the stolen funds .
May 2019 — Binance
The value of lost assets: 40 million US dollars.
Cryptocurrency exchange Binance
affected by approximately the amount 7000 BTC.
Hackers still managed to use phishing and malware to hack Binance. The attackers escaped with $ 40 million worth of bitcoins . As a result , Binance has promised to increase its security , but users are understandably wary.
It appears that customer data may also have been stolen. In August 2019 год
, someone began to share information about checking customers from Binance
on the channel Telegram
. It is claimed that this data was also taken during the hack and that up to 60,000 users could be affected .
March 2019
The value of lost assets: 7 million US dollars.
The Singapore crypto exchange DragonEx
was attacked, as a result of which hackers stole $ 7 million worth of cryptocurrency . The North Korean hacker group Lazarus claimed responsibility for this . The hackers set up a legitimate-looking fake company and convinced DragonEx employees to download malware onto their computers via messages Telegram
and LinkedIn
.
DragonEx
took full responsibility for the hack and will refund money to those who lost funds. The exchange is also working with the police to see if they can recover the stolen cryptocurrency.
March 2019 — Bithumb
The value of lost assets: 13 million US dollars.
A South Korean cryptocurrency exchange Bithumb
has been the victim of alleged insider work. It all started with a suspicious withdrawal, and the exchange immediately suspended all withdrawals on its platform, but it was too late. Who carried out the break-in is still unknown, but since there is no evidence of outside interference, many suspect that the funds were stolen by an employee Bithumb
.
March 2019 — CoinBene
The value of lost assets: 100 million US dollars.
A cryptocurrency exchange CoinBene
that began to experience problems when funds began to mysteriously leave the exchange’s hot wallet. Analysts were concerned that the exchange was down for maintenance, a typical post-hack reaction. Despite assurances from CoinBene that nothing happened, the exchange was down for a month .
One of the strangest aspects of this hack is the unwillingness to Coinbene
admit that something is wrong. The hack also came on the heels of a Bitwise Asset Manager report that accused Coinbene of fictitious trading to manipulate the cryptocurrency market. The details are still extremely vague, but it is believed that more than $100 million worth of cryptocurrencies were stolen in the hack .
February 2019
The value of lost assets: 26 million US dollars.
By a strange coincidence Youbit
(previously known as Yapizon
) was renamed to Coinbin
. Already facing two massive hacks, you might think that Coinbin would be especially careful. However, this hack was an inside job.
It appears that the former CEO of Youbit was still working for Coinbin and embezzling the company’s funds . This employee allegedly had access to private keys and could withdraw funds from multiple accounts. As a result , Coinbin filed for bankruptcy and shut down, but still owes $30 million to users .
February 2019 — Coinmama
Information leak: 450 000 user email addresses and passwords
This is a slightly less traditional hack because instead of stealing money, the hackers simply stole information. Coinmama
is one of the largest cryptocurrency brokers with over a million active users . The impact of this hack appears to have been minor, as Coinmama quickly informed users once they became aware that user data was being leaked onto the dark web . To date, not a single cryptocurrency has been stolen.
January 2019 — Cryptopia
The value of lost assets: 24 million US dollars.
Unfortunately for Cryptopia
, they suffered another hack 15 days after the first one . That was the end of the New Zealand exchange – now they are going through the process of liquidation.
Update 2020: Cryptopia
Still in liquidation, but it has now been revealed that the exchange did not comply with anti-money laundering (AML) requirements when creating new user accounts. For more than 900 000
active user accounts, there is no customer data other than usernames and email addresses.
Fewer 1%
users have completed customer identification, which is an important part of procedures AML
that ensure that customers are who they say they are. Thousands of cryptocurrency accounts worth more than $ 3 million have been traced to uninhabited islands or physical addresses that didn’t exist . Currently, many of those who lost funds in a hack are not eligible for a liquidator refund because there is not enough information about who owns which accounts.
While it’s unfortunate that it Cryptopia
was hacked twice in a row within a month, it’s clear that the exchange didn’t do its due diligence. Given that the majority of Cryptopia’s active users were from outside New Zealand, more needed to be done to enforce anti-money laundering measures.
December 2018
The value of lost assets: 9 million US dollars.
QuadrigaCX
was the largest cryptocurrency exchange in Canada, owned by Gerald Cotten. Cotten was the only person who knew how to access cold wallets owned by the exchange.
In December, during his honeymoon in India, Cotten died and took any information on how to access cold wallets to his grave. QuadrigaCX
already experienced difficulties, there were rumors of bankruptcy, and with the death of Cotten, the stock exchange collapsed. Conspiracy theories began to surface that Cotten was not actually dead , he just pulled off a very elaborate exit scam.
When the investigation into finances began QuadrigaCX
, things took a strange turn. Six cold wallets were found to belong to QuadrigaCX
. However, when investigators looked through the wallets, five of them were emptied around April 2018 . Nobody knows exactly what happened and the investigation is still ongoing. Cotten’s widow voluntarily returned $9 million in assets from Cotten’s estate to pay users off .
2020 update. A year later, what exactly happened to QuadrigaCX
is still very unclear. It is still claimed that Cotten is not actually dead, and there have been several attempts to exhume his body. The original request was denied, however , a new request has been made by lawyers representing those who have lost their funds .
There are also alleged ties to a shady bank in Panama called Crypto Capital. Exchange lawyers suspect that some of the missing funds may be stored in Crypto Capital , and have turned to all former users for help in this matter QuadrigaCX
.
As of January 2020, the FBI is involved. The FBI Victim Specialist contacts former users and directs them to a portal where they can get more information. It remains unclear whether we will ever get answers about what actually happened on the exchange.
October 2018
The value of lost assets: 5,7 million US dollars.
This hack is still being debated as many believe it was part of an exit scam . MapleChange
is a small Canadian cryptocurrency exchange that has experienced an unusual surge in exchange activity since October . Later that month, the exchange announced that it had been hacked and that all funds (worth $ 5.7 million ) had been withdrawn. As a result, MapleChange has announced that it is closing its doors for good.
What made people suspicious was the immediate removal of the MapleChange website, social media accounts, and channels Discord
and Telegram
. The lack of communication led many to believe there was no hack, despite MapleChange’s insistence that they were simply taking a break to decide how to proceed.
Instead of deciding to give anyone back the money, the crypto exchange gave away what little they had left to the developers who created the remaining coins. There is still no consensus on the Internet as to whether this was all a hack or another scam.
September 2018
The value of lost assets: 60 million US dollars.
This is another case where it is not clear how the hackers stole the funds. However , Zaif filed a criminal case with the local authorities , which suggests that they have an idea of who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrencies .
June 2018
The value of lost assets: 40 million US dollars.
Although the South Korean exchange Coinrail
was a relatively small cryptocurrency exchange, it was doing a lot of business, which attracted the attention of hackers. The exact details of the attack are still unclear , and the exchange lost about $40 million .
June 2018
The value of lost assets: 31 million US dollars.
Unfortunately, hacking problems Bithumb
did not start в 2019 году
. The exchange was also hacked в 2018 году
(and you will see them again on our list), with the hackers stealing a significant amount of Ripple
. This hack appears to have been orchestrated by a group of North Korean hackers known as the Lazarus Group , who have been responsible for a number of cryptocurrency hacks over the years. Luckily for users Bithumb
, the exchange promised to return all stolen funds .
Май 2018 — Bitcoin Gold
The value of lost assets: 18 million US dollars.
This is probably one of the strangest hacks on our list, since it was not a cryptocurrency exchange that was hacked, but a cryptocurrency. Bitcoin Gold
was a fork of the original Bitcoin that was hard forked by Bitcoin in an attempt at decentralization (ironic, given that Bitcoin is already decentralized) .
Bitcoin Gold
was the victim of a 51% attack , a rare case in which hackers managed to gain control of more than the 50%
processing power of a network. From there, attackers can prevent confirmations, allowing them to effectively stop payments between users and make changes to the network’s blockchain ledger. This type of attack was considered rare, if not impossible, until the Bitcoin Gold
.
Using complex maneuvers, the hackers placed Bitcoin Gold
theirs on exchanges, exchanged them for other cryptocurrencies, and then withdrew the amount. And since they controlled the ledger of the Bitcoin Gold blockchain , they could simply put the original Bitcoin Gold
back into their wallet, effectively stealing money from the exchanges.
May 2018 — Taylor
The value of lost assets: 1,5 million US dollars.
Taylor
is a cryptocurrency trading app that has had a successful initial coin offering (ICO)
for funding. Unfortunately, the hackers managed to gain access to the company’s device shortly after and gain control of the password file . The attackers stole everything Ethereum
collected during the course ICO
, in the amount of 1.5 million dollars . There were fears that this was another exit scam, but it appears that Taylor has gradually been able to recover .
April 2018 — CoinSecure
The value of lost assets: 3,5 million US dollars.
CoinSecure
, an Indian cryptocurrency exchange, lost $ 3.5 million worth of bitcoins during a hack. However, it looks like it was an inside job. The owners CoinSecure
believe their former head of security stole the funds. Looks like they messed something up, as he was later arrested .
February 2018
The value of lost assets: 170 million US dollars.
Over $170 millionBitgrail
was stolen from the Italian stock exchange , and the details are a little blurry. While the owner, Francesco Firani, announced the break-in, other employees denied it and said there was nothing wrong with it. People are skeptical about whether this was a real hack or an attempted exit scam.Bitgrail
January 2018 — Coincheck
The value of lost assets: 533 million US dollars.
Coincheck
was the leading exchange in Japan, but the hack showed how insecure the platform was. The hackers managed to spread the virus via email, allowing them to steal the private keys. After that, it was surprisingly easy, as Coincheck did not use smart contracts or multi-signatures, and all the coins were stored in one wallet . The total value of the stolen cryptocurrency is one of the highest ever, with an estimated value of $533 million at the time of the hack .
It is noteworthy that the cryptocurrency exchange is still operating. It started offering full service again in November 2018 . While the hack was believed to have been carried out by North Korean hackers, the malware was created by Russian hacker groups .
December 2017 — NiceHash
The value of lost assets: 62 million US dollars.
NiceHash
is a cryptocurrency mining market that allows miners to rent out their hashrate to others. Their payment system was compromised , resulting in the content of users’ bitcoin wallets being stolen. The exact amount stolen has never been confirmed NiceHash
, but it is believed to be 4736 биткойнов
worth about $62 million at the time . This story ends on a happy note as NiceHash managed to return60%
the stolen funds to users .
December 2017
The value of lost assets: Неизвестно
Youbit
(formerly known as Yapizon
) was a relatively small South Korean cryptocurrency exchange that was previously в 2017 году
hacked. This time the hackers stole 17% of the exchange’s assets . This was the end for Youbit
, the same day they filed for bankruptcy .
July 2017 — Bithumb
The value of lost assets: 7 million US dollars.
Bithumb
reappears on this list. At the time of the hack Bithumb
, it was the fourth largest cryptocurrency exchange in the world. An unknown hacker managed to gain access to an employee’s personal computer and steal the data of over 30,000 Bithumb users . Shortly thereafter, users began to notice that their accounts were being emptied.
April 2017
The value of lost assets: 5 million US dollars.
Before Yapizon
changing their name to Youbit
, they were hacked for the first time. The attackers managed to escape with $5 million worth of bitcoins and Yapizon
did their best to mitigate the damage.
August 2016 — Bitfinex
The value of lost assets: 350 million US dollars.
This Hong Kong-based cryptocurrency exchange claims to be the most secure exchange in the world. Unfortunately, this turned out to be very untrue. Hackers stole a large amount of bitcoins through a processing service Bitfinex
– BitGo
. The price of bitcoin plummeted as a result of the hack.
May 2016 — GateCoin
The value of lost assets: 2 million US dollars.
At the time , it GateCoin
was one of the first regulated cryptocurrency exchanges, and its popularity made it a prime target for attackers. The hackers managed to gain access to users’ wallets and steal $2 million worth of cryptocurrencies . It was the nail in the coffin for the GateCoin
stock exchange never recovered.
April 2016 — ShapeShift
The value of lost assets: 230 thousand US dollars.
Within a month, the cryptocurrency exchange ShapeShift
was hacked three times . According to a detailed report by ShapeShift CEO Eric Voorhees , a former employee is responsible for all three hacks. They pledged to restore the cryptocurrency , and they are one of the few who managed to do it successfully.
February 2015
The value of lost assets: 1,5 million US dollars.
The cold wallet of this Chinese exchangeBTER
was hacked, resulting in the loss of over $ 1.5 million worth of bitcoins . Reddit users were very suspicious , as hacking a cold wallet is extremely difficult, and suggested that the hack was an inside job.
February 2015
The value of lost assets: 3000 BTC
You will see Linode
further down our list, but this was a hosting server for several cryptocurrency exchanges. It was hacked again in 2014, this time causing a security breach on the server KipCoin
. The hackers managed to take control of the entire platform by changing the passwords inside. A month-long struggle ensued, during which the administrators managed to regain control over the exchange, but the hackers still hid. At the time of the hack, KipCoin did not tell users what was going on in light of the hack Bitstamp
, and only later revealed the information.
January 2015 — Bitstamp
The value of lost assets: 5,1 million US dollars.
Bitstamp
was the first licensed cryptocurrency exchange in Europe. It was compromised when hackers sent a malicious email to Bitstamp employees , and only one employee followed the link and exposed the entire exchange. The attackers escaped with bitcoins, which were valued at $5.1 million at the time .
January 2015 — LocalBitcoins
The value of lost assets: 17 BTC
Although it was a relatively small hack, it proved its worth when it came to spending money on cybersecurity. The attackers used the LocalBitcoins chat to distribute malware , after which they left with relatively little profit.
October 2014 — MintPal
The value of lost assets: 3700 BTC
MintPal
survived the second break-in in October (scroll down to read about the first break-in in July), but there were many more twists and turns in this case. Shortly after the July hack, MintPal
it was bought by Moolah (also known as Moopay Ltd
), owned by Ryan Kennedy, also known as Alex Green.
After a failed restart of MintPal , Moolah announced that it is closing its doors , but users will still be able to use MintPal
. However, user accounts were locked out and users could track withdrawals from wallets and then watch them sell on another platform. Kennedy was the only one with access to client funds and he was currently on the run.
Kennedy was arrested in 2016 on suspicion of rape and is now in prison. Now he is also facing charges of fraud by the British police for his part in the break-in MintPal
.
July 2014 — Cryptsy
The value of lost assets: 13 000 BTC и 300 000 LTC
A Trojan virus was inserted into Crypts
y’s code by a hacker Lucky7Coin
. As a result Lucky7Coin
(and possibly others) have left with a staggering amount of cryptocurrencies. Owner Cryptsy
Paul Vernon was accused of destroying evidence and stealing bitcoins, and the exchange declared insolvency. Vernon was successfully class-sued for $8.2 million .
July 2014 — MintPal
The value of lost assets: 8 миллионов VRC
Before the failed takeover by MintPal
Alex Kennedy, they experienced another break-in. The hacker found a weak spot in the withdrawal system on the exchange and managed to authorize the withdrawal from the wallet Vericoin
. Bitcoin and Litecoin wallet sites were also attacked , but nothing was stolen. The hack resulted in the loss of 30%
everyone Vericoin
, which led the Vericoin development team to decide to hard fork in order to mitigate the damage.
March 2014 — Mt.Gox
The value of lost assets: 850 000 BTC
You might be surprised to see this name again and be associated with one of the biggest hacks of all time. The investigation is still ongoing and the situation is far from clear, but it looks like when it Mt.Gox
was originally hacked в 2011 году
, the attackers also stole some private keys. Hackers gained access to a large amount of bitcoins and began to empty wallets.
Allegedly due to an error in the systems, the Mt.Gox
exchange interpreted these withdrawals as deposits for almost two years. It was a huge mistake that cost users $45 million and ended the cryptocurrency exchange. Mt.Gox
filed for bankruptcy within a month, causing the price of bitcoin to drop by 36%
. The former CEO of Mt.Gox was arrested in 2015 after he was found to be in possession of $ 2 million worth of bitcoins , which were allegedly stolen in a hack.
В ноябре 2017
A Russian citizen named Alexander Vinnik was arrested by US authorities for a key role in laundering bitcoins that had been stolen in a hack. The story isn’t over yet, but there doesn’t seem to be a clear solution in sight either.
March 2014 — Poloniex
The value of lost assets: 97 BTC
In the same month, hackers managed to use the wrong withdrawal code of this cryptocurrency exchange in the United States. While the company did not reveal exactly how much was stolen, the figure was explained on the Bitcointalk forum . There are still rumors about whether the hack was an inside job or not.
November 2013
The value of lost assets: 484 BTC
The Czech exchange Bitcash
lost bitcoins after its servers were hacked. The attackers gained access to the email and sent out a phishing scam , posing as Bitcash
, in order to obtain customer information, which they then used to steal funds.
May 2013 — Vicurex
The value of lost assets: 1454 BTC
While the hack Vicurex
has never been accurately confirmed (some believe it was an inside job), the cryptocurrency exchange has announced that it has lost most of its reserve funds to the hackers. Vicurex
, which is on the verge of bankruptcy, froze all withdrawals, causing several former clients to sue the company for withholding their money .
September 2012 — BitFloor
The value of lost assets: 24 000 BTC
At the time of the hack BitFloor
, it was the fourth largest exchange in the US market. The attackers managed to gain access to the servers and find unencrypted backup wallet keys . From there, they simply siphoned funds totaling $250,000.
May 2012 — Bitcoinica
The value of lost assets: 18457 BTC
Unfortunately for Bitcoinica
, just two months after the initial hack, they suffered another hack. This led many to suspect that the initial security problems that arose from the March attack on Linode
, were never effectively resolved. The site was immediately taken down and the exchange permanently shut down .
March 2012 — Linode
The value of lost assets: 43000 BTC
It’s a little tricky. Linode
is a web hosting provider that hosts cryptocurrency exchanges Bitcoinica
and Slush
. Linode itself was hacked , and the attackers managed to steal significant amounts of Bitcoin from both exchanges.
June 2011 — Mt. Gox
The value of lost assets: 2643 BTC
Although it was a relatively modest hack at the time, it was only the beginning of the problems for Mt.Gox
. In the course of this hack, hackers were able to gain access to a computer belonging to an auditor on a cryptocurrency exchange. The hacker changed the price of bitcoins to $0.01, bought them at an artificially low price , and fled with a small fortune.
All Comments