TrustMarketHub


!!

REGISTRATION IS ON

Click on the button at the top left to login if already Registered or Register a new account to start earning!

* *

Recent Topics

Site News

We are glad to inform you that our Bounty program has commenced. Register now to qualify for Free TMH Token worth $10.

click here  You are not allowed to view links. Register or Login

TMH SHOUTBOX

Please Keep Clean from Spam


TrustMarketHub:
2019 Dec 02 15:14:45
Kindly change the language settings on your profile
rardSmera:
2019 Dec 02 10:18:31
i am from Italy hello. Can you help me translate? /rardor
TrustMarketHub:
2019 Nov 20 07:57:59
preferibilmente l'inglese
rardSmera:
2019 Nov 18 12:16:58
posso usare l'italiano or english
Delgboke:
2019 Nov 05 20:19:55
Hello everyone we can do better
TrustMarketHub:
2019 Oct 28 01:47:29
The troll is open to everyone for chat
rardSmera:
2019 Oct 26 11:47:06
hi :) bross :)
Delgboke:
2019 Oct 24 15:11:22
good evening all
Jonesss:
2019 Oct 22 23:56:24
Good Project
gede06:
2019 Oct 21 21:18:39
good 
Delgboke:
2019 Oct 19 04:12:37
good morning everyone hope you had a good sleep
TrustMarketHub:
2019 Oct 18 12:53:25
Good day buddy. How is it going over there??
Delgboke:
2019 Oct 18 00:25:04
you are welcome to another beautiful morning
Delgboke:
2019 Oct 18 00:24:23
you are welcome to another beautiful morning
Jenkins:
2019 Oct 17 06:30:18
Thanks Admin
TrustMarketHub:
2019 Oct 17 06:15:02
Welcome to our community.
Jenkins:
2019 Oct 17 06:07:19
Hello there, morning everyone
Delgboke:
2019 Oct 17 04:04:55
am happy to have discover TMH
Delgboke:
2019 Oct 17 04:02:47
good morning to all
Jenkins:
2019 Oct 14 18:15:27
Who's in for a chat?? I 🤣
TrustMarketHub:
2019 Oct 11 19:20:41
Welcome everyone
AnnurBayu:
2019 Oct 10 19:38:26
im join sir...
Fxortrader:
2019 Oct 06 16:10:59
Hello all
TrustMarketHub:
2019 Aug 30 21:06:18
More updates coming!
TyanAirdrop:
2019 Apr 08 11:20:36
hello to All Community

List of Cryptocurrency Thefts

TrustMarketHub

  • Administrator
  • Hero Member
  • *****
  • Building one Global Jobs, Products & services Hub
    • Trustmarkethub
Many hacks are performed for the sake of pumping or dumping the cryptocurrency exchange rate, some are insider’s job, and some are simple exit scams. After all, inexperienced market players (who are now the majority) begin to withdraw tokens to fiat when hearing bad news quickly.

The likelihood of such well-designed tactical attacks will only grow with the development of the market and fierce competition on it. Coins and tokens can disappear even from the largest and seemingly protected exchanges. However, does the problem always lie on a hacker?


ROKKEX decided to create a timeline of cryptocurrency exchange frauds, and biggest crypto exchange hacks to find out whether only the hackers are to blame.

Spoiler: Sometimes, the owners or employees are guilty as well.

2011
June
What: Mt.Gox
Amount: 2643 BTC
Mt.Gox opens the list of cryptocurrency hacks. In the distant 2011, a hacker managed to hijack auditor account with administrative rights. Through phishing, he or she took possession of the administrative account, stole hot wallet private keys from wallet.dat file., changed the BTC price to 1 cent, obtained accounts of Mt.Gox users, created the sell orders, and bought 2643 BTC at the artificially created price for customers’ money.


July
What: Bitomat
Amount: 17,000 BTC
A cryptocurrency exchange based in Poland was the 3rd largest exchange platform at that time. One day, due to the accidental wallet destruction during the server reboot, they lost keys to all BTC wallets, resulting in loss of 17k BTC.

In a few words, Bitomat was using Amazon Web Services Elastic Cloud Computing to host virtual machines; the AWS warning goes that if an instance is taken offline all the data stored can be lost permanently. It appeared that Bitomat happened to be storing backups and current state of their wallet in an EC2 virtual machine, so it’s possible that they had little chance of recovering the old funds from the wallet.

October
What: Bitcoin7
Amount: 11,000 BTC
On October 6, Bitcoin7 posted a message on their website that informed the users that Russian and Eastern European hackers attacked cryptocurrency exchange. The hackers breached Bitcoin7 servers and gained full access to the main BTC depository and 2 of the 3 backup wallets.

Today, Bitcoin7 domain offers a scammy service of multiplying the amount of BTC. Maybe, it’s still possessed by hackers?

What: Mt.Gox
Amount: 2609 BTC
The bad luck of Mt.Gox was gaining traction on October 2011. The exchange lost other 2609 BTC due to a programming error. To put it simply, Mt Gox accidentally created transactions that can never be redeemed. To understand the issue more deeply, go here.

2012
March
What: Linode
Amount: 3000 BTC from Slush and 43000 BTC from Bitcoinica
On March 1, web hosting provider Linode was hacked, resulting in a theft of 3000 BTC from Slush and 43000 BTC from Bitcoinica. There have been two major BTC heists before, one 25,000 BTC theft in June and a 17,000 BTC theft from the BTC exchange Bitomat in August, resulting in the exchange being bailed out and acquired by MtGox.

At that moment, security has become a major concern of the BTC community. Although people wanted to carry out their economic activity in cryptocurrency, the question of whether their money was safe disturbed them.

May
What: Bitcoinica
Amount: 18,457 BTC
The 43,000 BTC Linode theft was not enough, and another 18,457 BTC was stolen from Bitcoinica’s reserves. The CEO Zhou Tong was barely able to prevent the loss of 30,000 more. The site was immediately shut down for security reasons.

Vitalik Buterin, being a writer and co-founder of Bitcoin Magazine at that time, wrote:

“Unfortunately, given the financial stress that Bitcoinica was already in after the Linode theft two months ago, even this smaller loss turned out to be the straw that broke the camel’s back.”

July
What: BTC-e
Amount: 4,500 BTC
Here comes the first proven story when exchange operators are becoming greedy and peculate money that doesn’t belong to them. Alexander Vinnik, the operator of BTC-e, was arrested mainly for money laundering but also computer hacking. He was one of the staff members who performed DDoS attacks, stole API creds, initiated Liberty Reserve deposits, and injected large amounts of USD into the system which were quickly sold for BTC.

BTC-e.com was considered a golden standard of reliability and had a chance to change the reputation of Russia being the money-laundering country.

September
What: BitFloor
Amount: 24,000 BTC
BitFloor had been operating since 2011 when on September 4, 2012, the operator of BitFloor reported a security breach that resulted in 24K BTC being stolen. The site was shut down, and access to customer funds denied as the exchange’s reserves were insufficient to accommodate all funds deposited.

2013
May
What: Vircurex
Amount: 1,454 BTC
In 2014, the exchange announced it was almost bankrupt after losing significant amounts of its reserve funds. Part of the loss came from “two purported hacks the exchange experienced in mid-2013.”

As a result, the Vircurex froze withdrawals of BTC, LTC, FTC, and TRC. At the time, the company declared it would begin paying users back using the profits. The exchange refunded small amounts of cryptocurrencies to a few of its customers, but most of the funds owed remained with the exchange.

October
What: Silk Road (marketplace)
Amount: ~1,606 BTC
It won’t be a list of cryptocurrency fraud if we don’t mention Silk Road and Mr.Ulbricht criminal activity.

Silk Road, located in the Tor network, can be called an alternative eBay or Amazon but for selling illegal goods, such as heroin, weapons, pornography, etc. All payment transactions were made in BTC, and the Silk Road was a middleman connecting the users and taking a commission for their illegal trades. For two years of the marketplace existence, the total volume of transactions amounted to 9.5 mln BTC.

Soon the FBI got interested in Silk Road. In 2015, the founder of the company Ulim Ross Ulbricht was sentenced to life imprisonment for many crimes including hacker attacks and collusion in money laundering.

The story doesn’t finish there, as secret service agent, who had been conducting the case, eventually stole the dirty BTC himself.

November
What: BitCash
Amount: 484 BTC
On November 11, Czech-based cryptocurrency exchange experienced hacker attack emptying 4,000 users’ wallets.

The website servers were hacked to conduct a phishing attack with fraudulent emails on behalf of BitCash to fool users. The emails claim BitCash resorted to their US recovery company to get back the BTC that have been stolen. Recipients were asked to send 2 BTC to a wallet address for their BTC to be returned. However, the BTC address listed in the email text hadn’t been used online and had no transactions.

2014
March
What: Mt.Gox
Amount: 850,000 BTC
In 2013 MtGox was one of the most popular cryptocurrency exchanges (47% of transactions in BTC were made through this platform). In total it lost 850,000 BTC, which is currently a record amount.

As you might remember from the above, our list of cryptocurrency exchange hacks began exactly with Mt.Gox which private keys were stolen. The hacker(s)/insider(s) gained access to a large number of BTC, began to control the input and output of funds, as well as deposits. During 2 years (2012–2013), a hacker was emptying wallets, but the Mt. Gox systems was interpreting the spending as deposits, crediting some users with up to about 40,000 extra BTC.

Today, 5 years later, Mt.Gox is still the biggest hack ever happened (and we hope it’ll remain like this).

What: Poloniex
Amount: 12.3% of all BTCs (97 BTC)
Poloniex, a US-based cryptocurrency exchange, was hacked in the summer of 2014. The hackers managed to exploit an incorrect withdrawal code of Poloniex.

The company did not report the exact number of BTC stolen, but you can check a detailed explanation of the hack on the Bitcointalk forum. Moreover, Poloniex might have been hacked a few other times as some unofficial source like this, this, and this has claimed.

July
What: Cryptsy
Amount: 13,000 BTC and 300,000 LTC
In July 2014, the attacker under the nickname Lucky7Coin inserted the Trojan code into the code of Cryptsy — a cryptocurrency exchange. A hacker got access to BTC and LTC keys. As a result, a criminal(s) got 13,000 BTC and 300,000 LTC.

Interestingly, exchange administrators were familiar with the fraudster. The attacker sent an awkward letter two months before the hack introducing oneself as Jack and reporting that the previous owner of the nickname died.

The owner of the company, Paul Vernon, was accused of destroying evidence of illegal activities and stealing 11,000 BTC. Cryptsy clients believe that the currency could be laundered through another exchange — Coinbase.

December
What: Mintpal
Amount: 3,894 BTC
MintPal was considered one of the best trading platforms until the time when management changed in the fall of 2014. The company was sold to Executive Director of Moopay, Ryan Kennedy, known under the pseudonym Alex Green.

During the internal work, he stole 3,894 BTC and bankrupted the exchange. It is noteworthy that several months later, after the withdrawal of funds, Kennedy was sentenced to 11 years in prison for rape and the sentence did not contain a clause about stealing $1.5 million in BTC.

2015
January
What: Bitstamp
Amount: 19,000 BTC
The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Supervisory Authority in Finance (CSSF), was hacked in January 2015. Hackers sent a malicious file to the internal mail of employees. One of the Bitstamp’s employees neglected security rule №1 — do not open files from strangers, and followed the link on the device that has access to the BTC wallet of the exchange. As a result, 19,000 BTC was stolen, or about $5,100,000 at the day of the theft.

What: LocalBitcoins
Amount: ~17 BTC
17 BTC is seemingly not a large sum compared to the compromised exchanges above; nevertheless, it’s one more argument in favor of paying attention (and allocating money) to cybersecurity.

Nikolaus Kangas, the vice-president of Local Bitcoins, explained:

“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”
Three users lost funds during the hack. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Again, 2FA is a reliable security measure that should be in place on every cryptocurrency exchange platform.

What: 796
Amount: 1,000 BTC
What seemed like a mistake, appeared to be a well-calculated and precise attack. At the end of January, the server of Chinese cryptocurrency exchange, 796, was compromised. According to the explanation, a hacker gained access to a sub-module and tampered customers’ withdrawal addresses with one’s own.

February
What: Bter
Amount: 7,000 BTC
Another attack that is related to employees mistake occurred in China. A small cryptocurrency exchange Bter was hacked several times. Employees of the exchange organized the largest heist. In February 2015, 7000 BTC was stolen from a cold wallet. After that, all the activities of the company were suspended, and only a couple of years later the Bter management resumed withdrawing funds from their assets.

What: KipCoin
Amount: 3,000 BTC
Being the owner of an exchange platform, will you admit the breach immediately or halter the news until the investigation gives you more details? The owners of KipCoin chose the second option.

Remember Linode? In 2015 it became clear that it was hacked again in June 2014 causing a breach of KipCoin server. The hackers changed Linode account password excluding the owners from accessing it; this entailed KipCoin Linode root password to be changed as well, as the hacker(s) gained control of the entire platform.

For a month, the administration of the exchange tried to regain control, and they succeeded (surprisingly, nothing malevolent had happened during this month). That didn’t mean that hackers went away, they lurked. In October 2014, hackers gained access to funds as the exchange didn’t change their BTC private keys.

KipCoin decided to not disclose this information immediately in light of BitStamp losing many coins and has taken all the necessary steps to file an official complaint with the police.

2016
March
What: Cointrader
Amount: Unknown
A hack or an exit scam? That’s the question users often ask when an exchange unexpectedly shuts down.

On March 28, Cointrader joined the graveyard of allegedly hacked cryptocurrency exchanges having sent their users the following message:

Dear Cointrader Customer,
A recent internal audit revealed a deficiency of Bitcoin in our wallets causing a delay in withdrawals. This issue is currently under investigation and it is our intention to have the balance of your account settled as soon as possible. We sincerely apologize for this unfortunate inconvenience and will keep you posted on the progress of this issue. In the meantime, we have halted deposits, withdrawals and trading activity until this matter has been resolved.
Sincerely,
Cointrader.net Support
The shut down was followed with a low daily trading volume of only 81.43 BTC over the next 6 months. The number of affected users has never been reported.

April
What: ShapeShift
Amount: 469 BTC + 5,800 ETH + 1,900 LTC
ShapeShift story is an excellent example of an insider job or a disloyal employee. On March 14, an employee stole from the company 315 BTC. When the theft was uncovered, he got fired. However, the losses didn’t stop on that: on April 7 additional 97 BTC, 3,600 ETH, and 1,900 LTC disappeared. The site was taken offline, and incident response measures were in place, and then additional 57 BTC and 2,200 ETH were taken!

The report stated:

“Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.”
May
What: GateCoin
Amount: 4,320 BTC (250 BTC and 185,000 ETH)
Gatecoin was one of the first regulated cryptocurrency exchange platforms to spring up. It offered purchases of ETH-based tokens to vote on and fund development proposals during crowdsale for The Dao, and in the aftermath of the hack, it promised to build a portal for withdrawing DAO-related tokens and fiat currencies. The exchange was well-known and prominent at that time, so there is no wonder that it attracted the attention of malefactors.

Gatecoin stated:

“We have previously communicated the fact that most clients’ crypto-asset funds are stored in multi-signature cold wallets. However, the malicious external party involved in this breach, managed to alter our system so that ETH deposit transfers by-passed the multi-sig cold storage and went directly to the hot wallet during the breach period. This means that losses of ETH funds exceed the 5% limit that we imposed on our hot wallets.”
August
What: Bitfinex
Amount: 120,000 BTC
The Hong Kong company claimed to be the most reliable and secure cryptocurrency exchange, where wallets with multiple identifiers are selected for each client. It turned out to be just a matter of marketing. In August 2016, cybercriminals kidnapped 120,000 BTC. The main leak of funds occurred through the BitGo processing service with which Bitfinex cooperated.

2017
June
What: QuadrigaCX
Amount: 67,000 ETH
Some errors don’t bring harm to the users of a cryptocurrency exchange but to the owners. Due to programmers error, a Canadian-based exchange platform lost 67k of ETH. In the official statement, QuadrigaCX explained that the mistake happened after a Geth upgrade. Talking in technical terms:

“The programmer called a function in the splitter smart contract with a corrupted transaction data payload, which was the result of failing to prefix a certain value with 0x (which is necessary to indicate a string is hex-encoded).”

December
What: Nicehash (a marketplace for mining hashing power.)
Amount: 4,000 BTC
Nicehash wasn’t an exchange but a cryptocurrency hash power broker with integrated marketplace; nevertheless, the story also belongs to the list of cryptocurrency thefts. People rented their computing power to those who wanted to mine cryptocurrency without investments in hardware. It turned out that people were paying to mine coins which went directly to hackers’ pockets.

The Slovenia-based company gave further comment:

“Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency.”
In August, the company announced paying back 60% of stolen coins.

2018
January
What: Coincheck
Amount: 523,000,000 NEM
Another major hack occurred at CoinCheck, the leading Japanese crypto trading platform. Hackers outside the country infected the internal network of the exchange with a virus that was transmitted through email, and it allowed them to steal private keys. As a result, 523 mln NEM coins were stolen for $533 million at the time of the theft.

The incident occurred due to the neglect of the storage of this cryptocurrency, as the exchange did not use smart contracts with multi-signatures, and all coins were stored on the same wallet.

February
What: BitGrail
Amount: 17,000,000 NANO
More than $170 million in 2018 was stolen from the Italian cryptocurrency exchange Bitgrail.

According to the owner Francesco Firano, 17 million XRB (Nano / RaiBlock) was withdrawn from the accounts as a result of “unauthorized transactions.” Nano representatives denied this information and stated that there were no errors. 😏

It is worth noting that the rest of the tokens stored on the exchange did not suffer. After the attack, Bitgrail declared itself bankrupt.

April
What: CoinSecure
Amount: 438 BTC
As we already know, employees of the exchange can take advantage of their position and peculate considerable sums. In April 2018 an Indian exchange Coinsecure lost 438 BTC or $3.5 million at the rate. The owners of the company assume that CoinSecure CSO (Chief Security Officer) committed a hack when extracting BTG. The suspect denied his guilt and claimed that the funds “had been stolen in the process of some kind of attack”.

June
What: Coinrail
Amount: 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins + significant amounts of six other tokens
Despite Coinrail being a small exchange in South Korea, it was a tempting target, considering the amount of money that moves through it. The hackers recognized it and stole 1,927 ETH, 2.6 billion NPXS, 93 million ATX, 831 million DENT coins, and significant amounts of six other tokens.

The authorities didn’t give many details and called the attack a “cyber intrusion,” which resulted in many ERC-20 tokens stolen from the exchange.

September
What: Zaif
Amount: 5,966 BTC
Japanese based exchange Zaif was hacked on September 14. This resulted in $60 million in BTC, BCH, and MonaCoin being stolen. Oddly enough, the exact amount of stolen BCH is unknown, which does inspire Zaif to improve their security measures in the future.

Zaif has already filed a criminal case with local authorities; apparently due to the way a hacker got unauthorized access to the funds, possibly an employee went rogue?

October
What: MapleChange
Amount: 913 BTC
A small Canadian based exchange called MapleChange had a modest volume of around $67,000 per day since its launch in May 2018. In October they claimed being hacked or suffered a bug which resulted in all customers’ deposited funds being withdrawn.

On October 28, they made a strange claim that they had to delete all their social media accounts during an investigation. With no details on their team or whether they were legally allowed to operate, the “hack” reeks of an orchestrated exit scam.

November
What: Pure Bit
Amount: $30,000,000 (ICO + 13,000 ETH)
Pure Bit raised over $30,000,000 in an ICO to create a cryptocurrency exchange in South Korea, but then they executed an exit scam.

Pure Bit even tried to go further and sell a portion of stolen funds on UpBit. Luckily, UpBit promptly froze the account, knowing that the funds are fraudulent.

Pure Bit website is now offline, and their KakaoTalk account renamed to a phrase that roughly translates into “I’m Sorry.”

December
What: QuadrigaCX
Amount: 26 350 BTC
One of the most remarkable hacks in our list of cryptocurrency thefts happened in December 2018. The owner of QuadrigaCX, Gerry Cotten, suddenly passed away; he was the only one who had access to the cold wallets of the exchange. Interestingly, at the moment of announcement users have been trying to withdraw funds for several months already and bankruptcy rumors were spreading quickly.

When Ernst&Young started their audit, they found out that there had never been more than 100 BTC on a cold wallet. QuadrigaCX started bankruptcy procedure owning their customers more than 26,000 BTC.

There is a conspiracy theory that Gerry Cotten is still alive and that QuadrigaCX case is nothing more than just an exit scam.

2019
January
What: HitBTC
Amount: Unknown
It is vital to mention HitBTC behavior ahead of the annual Proof Of Keys event. Users were complaining across Reddit and other social media platforms reporting that HitBTC was blocking all attempts of withdrawing their funds.

What: Cryptopia
Amount: At least 19,390 ETH
On January 13, users of Cryptopia reported difficulties accessing and using their accounts. The first message from Cryptopia was that they were going into unscheduled maintenance to resolve a technical issue. Later the exchange clarified on Twitter that they had suffered a security breach.

Cryptopia stated that they had reported the breach to the relevant New Zealand’s authorities. The full amount of lost funds is unknown; however, 19,390 ETH has been seen transferred to an unknown wallet. As Cryptopia was quite a small exchange, the possibility of an inside job is one of the versions.

What: Cryptopia
Amount: 1,675 ETH
After being hacked on January 13, Cryptopia was hacked again 15 days later. This confirms that the exchange no longer had any control over their wallets.

February
What: Coinmama
Amount: 450,000k user emails and passwords
Coinmama is one of the largest crypto brokers, servicing a total of 1.3 million active users. On February 15th, their customer database was hacked, which led to over 450k user emails and passwords leakage. We can only assume how the sensitive data could have been used: to gain access to cryptocurrency exchange accounts or to sell on the black market for other aims.

May
What: Binance
Amount: 7,000 BTC
The latest case from crypto exchange hack history happened a month ago with Binance. The hackers withdraw 7,000 BTC (currently over $40 million) having used several tactics of phishing and malware, which allowed them to obtain a large number of user 2FA codes and API keys. They also mentioned other info had been jeopardized, which could potentially refer to customers private details being stolen as well. One of the possible solutions to restore funds was a hard fork of the BTC network.

The skills and knowledge of criminals are improving, and the methods by which thefts are committed become even more sophisticated. It is rather difficult to return the stolen cryptocurrency because unscrupulous experts who participate in frauds sometimes turn out to be among cryptocurrency exchange owners. Therefore, before each user starts investing money, it is worth becoming familiar with the companies’ team and security history.

Now you have an answer on the question “which crypto exchange was hacked”. We dived deep and tried to cover all the cryptocurrency exchange thefts and frauds that have ever happened since BTC origin. However, there is still a chance that we haven’t heard about other hacks, so please share with us the information, and we’ll add it to the list.