Bitcoin hacks are one of the most pressing issues that face exchanges, users, businesses and regulators.
Yet, despite these concerns there have been numerous advances that have been made in cybersecurity that are able to counter many of these threats. You only need look at the size and prevalence of hacks that have taken place in the past to get an idea of how far we have come.
In this piece I will be taking look at seven of the biggest Bitcoin hacks in recent memory. I will give you the low-down on how these hacks happened, how the industry reacted and what we have subsequently learned about it.
8 Biggest Bitcoin Hacks
Before I jump into the individual cases it is worth pointing out that these hacks are based on the amount of Bitcoin stolen. Hence, the dollar value of these hacks may have reflected a different number at the time given the price of Bitcoin.
Indeed, many of these hacks took place because the Bitcoin that was stolen was poorly guarded. This could have been a direct result of the lower valuation of Bitcoin at the time.
With that being said, let’s jump in!
1. Mt. Gox
By far the largest and most famous hack of all time is the Mt. Gox hack which saw 850,000 BTC disappearing in February 2014. Subsequently the company found 200,000 of the BTC, but that still left 650,000 BTC unaccounted for to this day. At the time of the hack Mt. Gox was the largest Bitcoin exchange in the world, handling over 70% of trading volume.
A disgruntled user of the Mt. Gox exchange. Source: Business Insider
Mt. Gox never recovered from the hack, filing for bankruptcy roughly three weeks after the hack occurred. The theft encompassed roughly 7% of all the Bitcoin in existence at the time, and further investigations found that the Bitcoin was actually slowly drained from the exchange from late 2011 through the discovery in February 2014.
Most people thought that the perpetrator would never be found but surprisingly enough, someone has eventually being brought to book. Alexander Vinnik was arrested in Greece in 2017 and was accused of being one of the operators of BTC-e. This is the exchange through which most of the Mt. Gox coins were eventually laundered.
It seems being a large Bitcoin exchange also makes you a large target for hackers. In August 2016 Bitfinex was targeted by hackers who stole roughly 120,000 BTC from the exchange in an attack on the exchanges multi-signature wallet architecture. It’s ironic that this was a multi-sig attack, since multi-sig is supposed to make a wallet more secure.
Multisignature wallet schemes are used by exchanges whereby one requires more than one key to authorize a transaction. One of the most well known configurations is the 2 of 3. This means that any two of the three private keys can be used to sign the transaction.
There were many questions as to how a hacker was able to exploit this configuration. Given that Bitfinex had been using a wallet solution by BitGo many people started pointing the finger at the wallet provider. However, the vulnerability seems to have been a combination of a number of factors which were unique to the Bitfinex setup.
Overview of how the Bitfinex hack happened
Bitfinex was able to recover from the hack through a creative solution that had them take 36% of all customer balances and replace them with a redeemable BFX token. Over the following eight months Bitfinex bought back the redeemable BFX tokens with funds generated from trading fees, making everyone whole again and remaining in business. Today Bitfinex remains one of the largest Bitcoin exchanges.
Although many of you might not remember Bitcoinica, they weigh in at the number three spot in this list, having lost roughly 101,000 BTC in three separate heists in 2012. Indeed, each of those three heists would have put Bitcoinica in the third spot all by themselves. The first hack occurred in March 2012, when hackers were able to socially engineer access to cloud hosting provider Linode’s network.
Bitcoinica had their infrastructure hosted with Linode, and hackers were able to get away with 43,000 BTC. Some suspect the hacker was actually a Linode employee, but the identity of the thief has never been discovered. The next hack was also the result of shared hosting as Bitcoinica’s server at Rackspace was targeted in April 2012 and another 38,000 BTC were lost. Following the Rackspace loss the Bitcoinica site went offline, but the losses weren’t done.
The company went into conservatorship and then the final insult happened in July, with 40,000 BTC in funds held at Mt.Gox disappearing. It was subsequently reported that those BTC were found, but whether that’s true is subject to debate. Liquidation of the company funds and distribution to former clients was to happen over several months following an August 2012 receivership, however it appears no such distribution has occurred yet.
It isn’t just exchanges that have been the target of hackers. Allinvain is the pseudonym of a Bitcointalk forum user who posted in June 2011 of a hack that saw roughly 25,000 Bitcoin stolen from his computer. Allinvain had been an early Bitcoin miner, and had accumulated the 25,000 BTC through 2010 and early 2011. While he was able to identify the address where the BTC was transferred, he was never able to recover a single coin.
Part of the original post by Allinvain on Bitcoin Talk
The hack was able to occur because allinvain kept his wallet recovery seed in an unencrypted file on a computer that was infected with malware. This is perhaps one of the biggest “no-nos” when it comes to cryptocurrency security and was perhaps only done as a matter of pure convenience. Indeed, Bitcoin was only a few cents at the time and Allinvain could have been less concerned.
This is not a well-known story, but this was the first large hack, and should be taught to every cryptocurrency user as a lesson in operational security.
Just behind the allinvain hack is a 24,000 BTC loss suffered by the exchange Bitfloor in September 2012. At the time Bitfloor was the fourth largest U.S. exchange, but it would never recover from the hack, which occurred because the exchange left all its funds in a “hot wallet” on its servers.
A hacker was able to access client accounts with backup keys due to the funds being held in a hot wallet. After shutting down for several days following the incident the company said they would reimburse all lost funds, however that never happened. In April 2013, less than 1 year after the hack, the exchange closed down, citing the closure of its accounts by its bank as the reason.
Today, leaving all of your coins in an exchange’s hot wallets is unheard of. Due to lessons learned from this hack and numerous others, exchanges make use of significant cold storage. This is where the vast majority (usually 90% plus) of the exchange’s coin reserves are kept offline in a secure location. This could have prevented the Bitfloor hack.
Number six on the list is the Bitstamp Exchange, which suffered a loss of 19,000 BTC in January 2015. This hack occurred due to social engineering, in which the hacker made repeated attempts to contact customer service representatives and other Bitstamp employees via Skype and email, attempting to entice them into opening a malware infected file by posing as reporters and other industry members.
The original disclosure of the hack by Bitstamp
Eventually the hacker was able to get an employee to open the infected file, thus infecting their machine and giving the attacker access to the Bitstamp network. From there they were able to access a hot wallet on a server and siphon off 19,000 BTC.
While U.K. police have said they have a solid lead to the identity of the attacker, they have been unable to take any action since the attacker is not physically present in the U.K. Customers accounts were not affected by the hack, and Bitstamp continues to operate with a solid reputation as the oldest active Bitcoin exchange.
Cryptsy was another US based exchange that was one of the most voluminous exchanges back in 2015. That was until the exchange collapsed in December of the same year as a result of being insolvent. The exchange’s founder, Paul Vernon (aka “Big Vern”) claimed that the insolvency was as a result of a previous hack that was undisclosed.
The founder claimed that the hack took place in early 2015 and resulted in the exchange losing 13,000 BTC and a further 300,000 LTC. It was suspected that a developer who worked on the exchange had inserted a trojan into the code which would allow him remote access to the servers.
There were, however, many users who suspected foul play by the founder himself and they initiated a class action lawsuit against him. The plaintiffs eventually won the case and the judge ordered Paul Vernon to repay them $8.2m in damages. Big Vern had vanished prior to the ruling and many suspect that he may be hiding in Asia somewhere.
Whether it was an inside job no one can ever know but we can all agree that using an anonymous developer to develop critical code for your cryptocurrency exchange is a bad idea.
This was a relatively recent Bitcoin hack that took place on the 7th of May 2019. In this hack, the perpetrators were able to get away with a total of 7,000 Bitcoin which was worth about $40m at the time.
For those who do not know, the Binance Exchange is one of the largest cryptocurrency exchanges in the world that handles over $2 billion in daily volume (at time of writing). Up until that incident, the exchange had managed to avoid any sort of security breaches.
This was not a breach that resulted in the hackers gaining access to Binance’s internal systems. Rather, the hackers spent were slowly accumulating a large array of user API keys, 2FA codes and other information.
They managed to do this through a number of other well-known attack vectors and social engineering tactics. These include the likes of Phishing and computer viruses. With access to this information, a hacker can initiate a withdrawal request on a client account.
— Binance (@binance) May 8, 2019
They were extremely patient with their actions and on the 7th of May initiated the mass withdrawals from these user wallets. They structured the transactions in such as way that they were able to circumvent the internal Binance risk limits. The 7,000 BTC was sent in one transaction to the following address.
Thankfully though, this only impacted Binance’s Hot Wallet funds. This is only about 2% of their total Bitcoin holdings with the bulk being stored in secure cold wallets. Binance immediately halted all deposits and withdrawals once they noticed the transaction.
Moreover, given the Binance “SAFU” fund, all of those users who were impacted by the hack had their accounts reimbursed. Binance covered the entire cost of the hack and no users were affected.
While these Bitcoin hacks may be painful to read about, it is incredibly helpful to study them and learn about the causes behind the breaches. Many of the enhancements in crypto security have come about as a result of findings of previous incidents like those above.
Of course, hacks do still occur but they are not at the same scale as in the past. Even if a hacker was able to exfiltrate such a large number of coins today, it would be nearly impossible for to launder the coins. Law enforcement and cyber security analysts have developed some of the most advanced blockchain auditing tools that are able to track stolen coins.
Of course, that does not mean that you at home are not susceptible to every day hacks and breaches of your personal holdings.
If you take nothing else away from this list of the 7 biggest Bitcoin hacks of all time, let it be the need to always keep your private keys and your wallet safe and secure.
Featured Image via Fotolia