Cryptocurrency hacks list from January 2021 - updated weekly.
October 2022 saw a surge in hacking activity, with the total hacked value for the month nearly reaching $718 million, according to blockchain analytics firm Chainalysis. The firm has labeled October as "the biggest month in the biggest year ever for hacking activity". So far, 11 different hacks on decentralized finance (DeFi) protocols have been reported, with cross-chain bridges being the biggest target for hackers.
Three bridge hacks this month accounted for 82% of October’s losses, with the largest being a $100 million exploit on the bridge between crypto exchange Binance’s BNB Smart Chain and Beacon Chain.
The value of lost assets: 570 million US dollars.
The cryptocurrency exchange Binance temporarily suspended its blockchain network after hackers stole 570 million worth of target BNB tokens.
Binance said late on Thursday Oct 6 that a bridge connected to its token chain had been attacked BNB, allowing hackers to move BNB off-chain tokens. The so-called cross-chain bridges are tools that allow you to transfer tokens from one blockchain to another.
The value of lost assets: 610 million US dollars.
Cryptocurrency exchange PolyNetwork, due to the cross-chain protocol which was compatible for Bitcoin (BTC),Ethereum (ETH) and Neo (NEO) cryptocurrencies. The cross-chain transaction feature PolyNetwork allows users to transfer assets between different blockchains without having to convert them through exchanges.
According to programmer Kelvin Fichter, the protocol creates digital self-managed safes on two different blockchains. It then allows the user to withdraw funds from one box only after they receive confirmation from the other box that the corresponding amount of assets has been deposited into it.
The hacker (or hackers) managed to find a way to trick the safe box into releasing the funds stored in it without obtaining legal permission from another blockchain. They took advantage of this vulnerability on 10th August to steal over $610 million in total.
Fortunately, this story has a happy ending. The team Poly Network made contact with the hacker shortly after the attack, which eventually led to the return of all $ 610 million worth of stolen assets.
The value of lost assets: 280 million US dollars.
Next on our list is KuCoin, another major crypto exchange that was hacked on 25th September 2020 , stripping $285 million of user assets. In this case, it can be noted that the quick and accurate actions on the part of the exchange, coupled with close cooperation with other companies in the cryptocurrency industry, allowed KuCoin to survive after the incident.
Within a week of the hack Chainalysis, the blockchain data processing company traced all the stolen funds and was able to get on the trail of the criminals. Their Reactor crypto-forensic tool kept the money out of sight, despite criminals trying to mask the movement of funds through coin mixers and decentralized exchanges which usually leave no trace.
Through the use of blockchain tools and cooperation with other exchanges and law enforcement agencies, KuCoin returned the stolen tokens, and covered the remaining losses from his own capital and insurance fund. Moreover, after the attack, the exchange established the Safeguard Program to enable other crypto companies to benefit from their invaluable experience in dealing with the consequences of a hack, if they find themselves in a similar situation.
With a skillful approach to resolving the incident KuCoin, she earned the respect of customers and rightfully ranked sixth among the leading cryptocurrency exchanges with daily trading volume of about $ 1.92 billion as of August 2021.
The value of lost assets: 70 thousand US dollars.
The Italian exchange Altsbit only existed for a few months before it was hacked. The exchange initially reported a hack claiming almost all funds had been stolen. After more thorough research, it turned out that Altsbit lost less than half of the stored cryptocurrency.
Altsbit announced that it only had enough funds for a partial refund and that they would close in May 2020. The hacker group Lulzsec claimed to be responsible for the hack, although it is still unclear how they managed to pull it off. Approximately 70,000 worth of cryptocurrencies were stolen.
The value of lost assets: 51 million US dollars.
The South Korean exchange Upbit suffered a major hack when the hackers escaped with 342 000 ETH at the time of the hack they were valued at $51 million. Rumors circulated that this was an inside job the stolen cryptocurrency was allegedly taken from an Upbit cold wallet. This turned out to be a false alarm. Fortunately, Upbit he promised to cover the losses.
However, the story does not end there. The stolen cryptocurrency was on its way. Whoever took it moved it between wallets, though it’s not clear what purpose this would serve. As of January 2020 Upbit has completed a major security update after a brief suspension of service.
The value of lost assets: 500 thousand US dollars.
Based in Vietnam VinDAX, this is a relatively small crypto exchange that mainly sells tokens for relatively unknown blockchain projects. The hackers don’t care about the size of the exchange, they only care about the money, and they managed to half a million dollars worth of cryptocurrencies from VinDAX.
In response VinDAX, he sent an email to the projects affected by the theft asking for funds. It is unclear whether any of the projects accepted the proposal or not.
The value of lost assets: 30 million US dollars.
The Japanese exchange Bitpoint noticed an error in its outgoing money transfer system and immediately suspended its services. However, it was too late. Due to a security breach, hackers stole over 30 million worth of cryptocurrencies.
Luckily, Bitpoint was able to recover $2.3 million in stolen cryptocurrencies from overseas exchanges. Bitpoint stated that it would pay compensation to its users, but did not say when this would happen.
The value of lost assets: 5 million US dollars.
The Singapore exchange Bitrue has suffered a major hot wallet hack. Only 90 Bitrue users were affected but the stolen cryptocurrency was worth nearly $5 million. Luckily for users who lost their funds, Bitrue assured them that they would be fully refunded.
The value of lost assets: 10 million US dollars.
A cryptocurrency exchange GateHub based in the UK and Slovenia suffered a major hack when hackers stole $10 million worth of Ripple. While it is still unclear exactly how the hackers gained access to users’ funds, the criminals managed to gain access to the encrypted secret keys. So far GateHub some progress has been made in recovering the stolen funds.
The value of lost assets: 40 million US dollars.
Cryptocurrency exchange Binance affected by approximately the amount 7000 BTC. Hackers still managed to use phishing and malware to hack Binance. The attackers escaped with $40 million worth of bitcoins. As a result, Binance has promised to increase its security, but users are understandably wary.
It appears that customer data may also have been stolen. In August 2019, someone began to share information about checking customers from Binance on the channel Telegram. It is claimed that this data was also taken during the hack and that up to 60,000 users could be affected.
The value of lost assets: 7 million US dollars.
The Singapore crypto exchange DragonEx was attacked, as a result of which hackers stole $7 million worth of cryptocurrency. The North Korean hacker group Lazarus claimed responsibility for this. The hackers set up a legitimate-looking fake company and convinced DragonEx employees to download malware onto their computers via message on Telegram and LinkedIn.
DragonEx took full responsibility for the hack and will refund money to those who lost funds. The exchange is also working with the police to see if they can recover the stolen cryptocurrency.
The value of lost assets: 13 million US dollars.
A South Korean cryptocurrency exchange Bithumb has been the victim of alleged insider work. It all started with a suspicious withdrawal, and the exchange immediately suspended all withdrawals on its platform, but it was too late. Who carried out the break-in is still unknown, but since there is no evidence of outside interference, many suspect that the funds were stolen by an employee at Bithumb.
The value of lost assets: 100 million US dollars.
A cryptocurrency exchange CoinBene that began to experience problems when funds began to mysteriously leave the exchange’s hot wallet. Analysts were concerned that the exchange was down for maintenance, a typical post-hack reaction. Despite assurances from CoinBene that nothing happened, the exchange was down for a month.
One of the strangest aspects of this hack is the unwillingness of Coinbene to admit that something is wrong. The hack also came on the heels of. Bitwise Asset Manager report that accused Coinbene of fictitious trading to manipulate the cryptocurrency market. The details are still extremely vague, but it is believed that more than $100 million worth of cryptocurrencies were stolen in the hack.
The value of lost assets: 26 million US dollars.
By a strange coincidence Youbit (previously known as Yapizon) was renamed to Coinbin. Already facing two massive hacks, you might think that Coinbin would be especially careful. However, this hack was an inside job.
It appears that the a former CEO of Youbit was still working for Coinbin and embezzling the company’s funds. This employee allegedly had access to private keys and could withdraw funds from multiple accounts. As a result, Coinbin filed for bankruptcy and shut down, but still owes $30 million to users.
Information leak: 450 000 user email addresses and passwords
This is a slightly less traditional hack because instead of stealing money, the hackers simply stole information. Coinmama is one of the largest cryptocurrency brokers with over a million active users. The impact of this hack appears to have been minor, as Coinmama quickly informed users once they became aware that user data was being leaked onto the dark web. To date, not a single cryptocurrency coin has been stolen.
The value of lost assets: 24 million US dollars.
Unfortunately for Cryptopia , they suffered another hack 15 days after the first one. That was the end of the New Zealand exchange – now they are going through the process of liquidation.
Update 2020 Cryptopia is still in liquidation, but it has now been revealed that the exchange did not comply with anti-money laundering (AML) requirements when creating new user accounts. For more than 900,000 active user accounts, there is no customer data other than usernames and email addresses.
Fewer than 1% of users have completed customer identification, which is an important part of the AML procedure that ensure that customers are who they say they are. Thousands of cryptocurrency accounts worth more than $3 million have been traced to uninhabited islands or physical addresses that didn’t exist. Currently, many of those who lost funds in a hack are not eligible for a liquidator refund because there is not enough information about who owns which accounts.
While it’s unfortunate that it Cryptopiawas hacked twice in a row within a month, it’s clear that the exchange didn’t do its due diligence. Given that the majority of Cryptopia’s active users were from outside New Zealand, more needed to be done to enforce anti-money laundering measures.
The value of lost assets: 9 million US dollars.
QuadrigaCX was the largest cryptocurrency exchange in Canada, owned by Gerald Cotten.Cotten was the only person who knew how to access cold wallets owned by the exchange.
In December, during his honeymoon in India Cotten died and took any information on how to access cold wallets to his grave QuadrigaCX already experienced difficulties, there were rumors of bankruptcy, and with the death of Cotten, the stock exchange collapsed. Conspiracy theories began to surface that Cotten was not actually dead, he just pulled off a very elaborate exit scam.
When the investigation into finances began QuadrigaCX, things took a strange turn. Six cold wallets were found to belong to QuadrigaCX. However, when investigators looked through the wallets, five of them were emptied around April 2018. Nobody knows exactly what happened and the investigation is still ongoing. Cotten’s widow voluntarily returned $9 million in assets from Cotten’s estate to pay users off.
2020 update A year later, what exactly happened to QuadrigaCX is still very unclear It is still claimed that Cotten is not actually dead, and there have been several attempts to exhume his body. The original request was denied, however a new request has been made by lawyers representing those who have lost their funds.
There are also alleged ties to a shady bank in Panama called Crypto Capital Exchange lawyers suspect that some of the missing funds may be stored in Crypto Capital, and have turned to all former users for help in this matter.
As of January 2020, the FBI is involved The FBI Victim Specialist contacts former users and directs them to a portal where they can get more information. It remains unclear whether we will ever get answers about what actually happened on the exchange.
The value of lost assets: 5,7 million US dollars.
This hack is still being debated as many believe it was part of an exit scam. MapleChange is a small Canadian cryptocurrency exchange that has experienced an unusual surge in exchange activity since October. Later that month, the exchange announced that it had been hacked and that all funds (worth $5.7 million) had been withdrawn. As a result, MapleChange has announced that it is closing its doors for good.
What made people suspicious was the immediate removal of the MapleChange website, social media accounts, and channels Discord and Telegram. The lack of communication led many to believe there was no hack, despite MapleChange’s insistence that they were simply taking a break to decide how to proceed.
Instead of deciding to give anyone back the money, the crypto exchange gave away what little they had left to the developers who created the remaining coins. There is still no consensus on the Internet as to whether this was all a hack or another scam.
The value of lost assets: 60 million US dollars.
This is another case where it is not clear how the hackers stole the funds. However, Zaif filed a criminal case with the local authorities, which suggests that they have an idea of who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrencies.
The value of lost assets: 40 million US dollars.
Although the South Korean exchange Coinrail was a relatively small cryptocurrency exchange, it was doing a lot of business, which attracted the attention of hackers.The exact details of the attack are still unclear, and the exchange lost about $40 million.
The value of lost assets: 31 million US dollars.
Unfortunately, hacking problems Bithumb did not start in 2019. The exchange was also hacked in 2018, (and you will see them again on our list), with the hackers stealing a significant amount of Ripple. This hack appears to have been orchestrated by a group of North Korean hackers known as the Lazarus Group, who have been responsible for a number of cryptocurrency hacks over the years. Luckily for users Bithumb, exchange promised to return all stolen funds.
The value of lost assets: 18 million US dollars
This is probably one of the strangest hacks on our list, since it was not a cryptocurrency exchange that was hacked, but a cryptocurrency. Bitcoin Gold was a fork of the original Bitcoin that was hard forked by Bitcoin in an attempt at decentralization (ironic, given that Bitcoin is already decentralized).
Bitcoin Goldwas the victim of a 51% attack, a rare case in which hackers managed to gain control of more than 50% processing power of a network. From there, attackers can prevent confirmations, allowing them to effectively stop payments between users and make changes to the network’s blockchain ledger. This type of attack was considered rare, if not impossible, until the Bitcoin Gold hack.
Using complex maneuvers, the hackers placed Bitcoin Goldtheirs on exchanges, exchanged them for other cryptocurrencies, and then withdrew the amount. And since they controlled the ledger of the Bitcoin Gold blockchain, they could simply put the original Bitcoin Goldback into their wallet, effectively stealing money from the exchanges.
The value of lost assets: 1,5 million US dollars.
Taylor is a cryptocurrency trading app that has had a successful initial coin offering (ICO)for funding. Unfortunately, the hackers managed to gain access to the company’s device shortly after and gain control of the password file. The attackers stole everything Ethereum collected during the ICO, in the amount of $1.5 million. There were fears that this was another exit scam, but it appears that Taylor has gradually been able to recover.
The value of lost assets: 3,5 million US dollars.
CoinSecure, an Indian cryptocurrency exchange, lost $3.5 million worth of bitcoins during a hack. However, it looks like it was an inside job. The owners CoinSecurebelieve their former head of security stole the funds. Looks like they messed something up, as he was later arrested.
The value of lost assets: 170 million US dollars.
Over $170 million Bitgrail was stolen from the Italian stock exchange, and the details are a little blurry. While the owner, Francesco Firani, announced the break-in, other employees denied it and said there was nothing wrong with it. People are skeptical about whether this was a real hack or an attempted exit scam..
The value of lost assets: 533 million US dollars.
Coincheckwas the leading exchange in Japan, but the hack showed how insecure the platform was. The hackers managed to spread the virus via email, allowing them to steal the private keys. After that, it was surprisingly easy, as Coincheck did not use smart contracts or multi-signatures, and all the coins were stored in one wallet. The total value of the stolen cryptocurrency is one of the highest ever, with an estimated value of $533 million at the time of the hack.
It is noteworthy that the cryptocurrency exchange is still operating. It started offering full service again in November 2018. While the hack was believed to have been carried out by North Korean hackers the malware was created by Russian hacker groups.
The value of lost assets: 62 million US dollars.
NiceHash is a cryptocurrency mining market that allows miners to rent out their hashrate to others. Their payment system was compromised, resulting in the content of users’ bitcoin wallets being stolen. The exact amount stolen has never been confirmed by NiceHash, but it is believed to be 4736 Bitcoin worth about $62 million at the time. This story ends on a happy note as NiceHash managed to return 60%of the stolen funds to users.
The value of lost assets: Unknown.
Youbit (formerly known as Yapizon) was a relatively small South Korean cryptocurrency exchange that was previously hacked in 2017. This time the hackers stole 17% of the exchange’s assets. This was the end for Youbit, the same day they filed for bankruptcy.
The value of lost assets: 7 million US dollars.
Bithumbreappears on this list. At the time of the Bithumb hack, it was the fourth largest cryptocurrency exchange in the world. An unknown hacker managed to gain access to an employee’s personal computer and steal the data of over 30,000 Bithumb users. Shortly thereafter, users began to notice that their accounts were being emptied.
The value of lost assets: 5 million US dollars.
Before Yapizon changed their name to Youbit, they were hacked for the first time. The attackers managed to escape with $5 million worth of bitcoins. Yapizon did their best to mitigate the damage.
The value of lost assets: 350 million US dollars.
This Hong Kong-based cryptocurrency exchange claims to be the most secure exchange in the world. Unfortunately, this turned out to be very untrue. Hackers stole a large amount of bitcoins through a processing service Bitfinex–BitGo. The price of bitcoin plummeted as a result of the hack.
The value of lost assets: 2 million US dollars.
At the time, GateCoin was one of the first regulated cryptocurrency exchanges, and its' popularity made it a prime target for attackers. The hackers managed to gain access to users’ wallets and steal $2 million worth of cryptocurrencies. It was the nail in the coffin for the GateCoin, the stock exchange never recovered.
The value of lost assets: 230 thousand US dollars.
Within a month, the cryptocurrency exchange ShapeShift was hacked three times. According to a detailed report by ShapeShift CEO Eric Voorhees, a former employee is responsible for all three hacks. They pledged to restore the cryptocurrency, and they are one of the few who managed to do it successfully.
The value of lost assets: 1,5 million US dollars.
The cold wallet of this Chinese exchange BTER was hacked, resulting in the loss of over $1.5 million worth of bitcoins. Reddit users were very suspicious, as hacking a cold wallet is extremely difficult, and suggested that the hack was an inside job.
The value of lost assets: 3000 BTC
You will see Linode further down our list, but this was a hosting server for several cryptocurrency exchanges. It was hacked again in 2014, this time causing a security breach on the server KipCoin. The hackers managed to take control of the entire platform by changing the passwords inside. A month-long struggle ensued, during which the administrators managed to regain control over the exchange, but the hackers still hid. At the time of the hack, KipCoin did not tell users what was going on in light of the hack at Bitstamp, and only later revealed the information.
The value of lost assets: 5,1 million US dollars.
Bitstamp was the first licensed cryptocurrency exchange in Europe. It was compromised when hackers sent a malicious email to Bitstamp employees, and only one employee followed the link and exposed the entire exchange. The attackers escaped with bitcoins, which were valued at $5.1 million at the time.
The value of lost assets: 17 BTC
Although it was a relatively small hack, it proved its worth when it came to spending money on cybersecurity. The attackers used the local Bitcoins chat to distribute malware, after which they left with relatively little profit.
The value of lost assets: 3700 BTC
MintPal survived the second break-in in October (scroll down to read about the first break-in in July), but there were many more twists and turns in this case. Shortly after the July hack, MintPal was bought by Moolah (also known as Moopay Ltd), owned by Ryan Kennedy, also known as Alex Green.
After a failed restart of MintPal, Moolah announced that it is closing its doors, but users will still be able to use MintPal. However, user accounts were locked out and users could track withdrawals from wallets and then watch them sell on another platform. Kennedy was the only one with access to client funds and he was currently on the run.
Kennedy was arrested in 2016 on suspicion of rape and is now in prison. Now he is also facing charges of fraud by the British police for his part in the break-in of MintPal.
The value of lost assets: 13 000 BTC и 300 000 LTC
A Trojan virus was inserted into Cryptsy’s code by the hacker, Lucky7Coin. As a result Lucky7Coin (and possibly others) have left with a staggering amount of cryptocurrencies. Owner of Cryptsy, Paul Vernon was accused of destroying evidence and stealing bitcoins, and the exchange declared insolvency. Vernon was successfully class-sued for $8.2 million.
The value of lost assets: 8 миллионов VRC
Before the failed takeover of MintPal by Alex Kennedy, they experienced another break-in. The hacker found a weak spot in the withdrawal system on the exchange and managed to authorize the withdrawal from the wallet Vericoin. Bitcoin and Litecoin wallet sites were also attacked, but nothing was stolen. The hack resulted in the loss of 30% of everyone's Vericoin, which led the Vericoin development team to decide to hard fork in order to mitigate the damage.
The value of lost assets: 850 000 BTC
You might be surprised to see this name again and be associated with one of the biggest hacks of all time. The investigation is still ongoing and the situation is far from clear, but it looks like when Mt.Gox was originally hacked in 2011, the attackers also stole some private keys. Hackers gained access to a large amount of bitcoins and began to empty wallets.
Allegedly due to an error in the systems, the Mt.Gox exchange interpreted these withdrawals as deposits for almost two years. It was a huge mistake that cost users $45 million and ended the cryptocurrency exchange. Mt.Gox filed for bankruptcy within a month, causing the price of bitcoin to drop by 36%. The former CEO of Mt.Gox was arrested in 2015 after he was found to be in possession of $2 million worth of bitcoins, which were allegedly stolen in a hack.
In 2017 a Russian citizen named Alexander Vinnik was arrested by US authorities for a key role in laundering bitcoins that had been stolen in a hack. The story isn’t over yet, but there doesn’t seem to be a clear solution in sight either.
The value of lost assets: 97 BTC
In the same month, hackers managed to use the wrong withdrawal code of this cryptocurrency exchange in the United States. While the company did not reveal exactly how much was stolen, the figure was explained on the Bitcointalk forum. There are still rumors about whether the hack was an inside job or not.
The value of lost assets: 484 BTC
The Czech exchange Bitcash lost bitcoins after its servers were hacked. The attackers gained access to the email and sent out a phishing scam, posing as Bitcash, in order to obtain customer information, which they then used to steal funds.
The value of lost assets: 1454 BTC
While the hack Vicurex has never been accurately confirmed (some believe it was an inside job), the cryptocurrency exchange has announced that it has lost most of its reserve funds to the hackers. Vicurex, which is on the verge of bankruptcy, froze all withdrawals, causing several former clients to sue the company for withholding their money.
The value of lost assets: 24 000 BTC
At the time of the hack, BitFloor was the fourth largest exchange in the US market. The attackers managed to gain access to the servers and find unencrypted backup wallet keys. From there, they simply siphoned funds otaling $250,000.
The value of lost assets: 18457 BTC<
Unfortunately for Bitcoinica, just two months after the initial hack, they suffered another hack. This led many to suspect that the initial security problems that arose from the March attack on Linode, were never effectively resolved. The site was immediately taken down and the exchange permanently shut down.
The value of lost assets: 43000 BTC
It’s a little tricky. Linode is a web hosting provider that hosts cryptocurrency exchanges Bitcoinica and Slush. Linode itself was hacked, and the attackers managed to steal significant amounts of Bitcoin from both exchanges.
The value of lost assets: 2643 BTC
Although it was a relatively modest hack at the time, it was only the beginning of the problems for Mt.Gox. In the course of this hack, hackers were able to gain access to a computer belonging to an auditor on a cryptocurrency exchange. The hacker changed the price of bitcoins to $0.01, bought them at an artificially low price, and fled with a small fortune.
Hackers will never stop attacking cryptocurrency exchanges as long as they remain profitable. While a good cryptocurrency exchange will have several security measures in place. Do your due diligence when signing up for an exchange to make sure you don’t become a victim.