Blockchain

The Biggest Cryptocurrency Cyber ​​Attacks So Far

Published

on

One of the obstacles to mainstream adoption of digital currency has been hacking. There have been some high-profile thefts on various cryptocurrency exchanges and platforms, discouraging investors from using them.

Blockchain projects have been claimed to be secure, but attacks over the years have proven that to be only partially true. Over $1.7 billion in cryptocurrency was stolen in 2023 ($3.8 billion in 2022), according to blockchain analytics firm Chainalysis. Take a look at some of the biggest cryptocurrency hacks to date.

Key points

  • Hacking continues to be a major obstacle to cryptocurrency adoption.
  • Cryptocurrency exchanges are a major target for hackers: more than $1.7 billion was stolen in 2023, and $3.8 billion was stolen in 2022.
  • The first major exchange to suffer a cyber attack was Mt. Gox, which lost 7% of all bitcoin at the time.
  • Decentralized financial applications and smart contracts are also a favorite target for hackers.
  • Some of the most important safety rules for long-term investors are: keep cryptocurrencies offline if you are not actively trading or spending them, and do not use custodial accounts unless they provide insurance.

Ronin Network: $625 million

The largest cryptocurrency hack to date was conducted in March 2022 and targeted the network that supports the popular Axie Infinite blockchain gaming platform. Hackers breached the Ronin network and stole approximately $625 million in Ethereum and USDC (a stable currency). Investigators said a North Korean state-backed hacking collective, the Lazarus Group, was linked to the theft. Sky Mavis (the developer of Axie Infinity) recovered $5.7 million of the stolen funds a month later, but it remains the largest cryptocurrency hack in history.

Poly Network: $611 million

In August 2021, a lone hacker pounced on a vulnerability in Poly’s network decentralized finance platform and stole over $600 million. The project’s developers launched an appeal on X (formerly Twitter) for the stolen funds, which included $33 million Bind. Poly Network then established several addresses to return the funds to, and the unknown hacker began cooperating. After just two days, approximately $300 million had been recovered, and it emerged that the hacker had targeted the network “for fun” or as a challenge.

FTX: $600 million

In November 2022, FTX, one of the most influential players in the cryptocurrency industry, filed for bankruptcy. On the day it filed for Chapter 11 bankruptcy, more than $600 million was stolen from its cryptocurrency wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.

The cryptocurrency exchange confirmed the hack on its Telegram channel, said: ”FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Do not go to the FTX site because it may download Trojans.”

In 2024, reports emerged of the bust of a SIM card swap network that had gained access to an FTX employee’s accounts and stolen millions of dollars in cryptocurrency.

Binance BNB Bridge: $569 million

In one of the most high-profile attacks in cryptocurrency history, the Binance exchange was hacked for around $570 million in October 2022. A cross-chain bridge, BSC Token Hub, was exploited by hackers, who created and withdrew 2 million extra Binance Coin (BNB). A bug in a smart contract enabled the cyber attack, highlighting the need for greater blockchain security.

$1.7 billion

Amount of cryptocurrency stolen from exchanges and other platforms in 2023, down from $3.8 billion in 2022.

Coincheck: $532 million

In January 2018, Japanese exchange Coincheck suffered a theft of $523 million worth of NEM coins worth approximately $534 million. The vulnerability was created by a hot wallet, which is a live cryptocurrency wallet and is not as secure as an offline cold storage wallet. At the time, the Coincheck hack was even bigger than the infamous Mt. Gox hack; NEM Foundation chairman Lon Wong described it at the time as “the biggest theft in the history of the world.”

Coincheck survived the hack and continued to operate despite being acquired a few months later by Japanese financial services firm Monex Group.

Mt. Gox: $473 million

The first major cyber attack on cryptocurrencies occurred in 2011, when the cryptocurrency exchange Mount Gox lost 25,000 bitcoins worth about $400,000. At the time, the cryptocurrency exchange handled nearly 70% of all Bitcoin transactions.

The attacks did not stop, and Mt. Gox was hit again in 2014. It lost nearly 650,000 of its customers’ bitcoins and about 100,000 of its own. At the time, this was 7% of all bitcoins and was worth about $473 million. The initial reasons for the disappearance of the coins were unclear, but later evidence showed that the coins had been stolen from the company’s hot wallet.

Wormhole: $325 million

The decentralized financial platform Hole in the wall was targeted in February 2022, with $325 million stolen by hackers. The attack was made possible by an update to the project’s GitHub repository, which was not then deployed to the live project. The famous cryptocurrency bridge had to plug the hole in the project’s finances after the funds were not recovered. This was also the largest theft that included Solana, one of the rivals to Ethereum’s dominance in the world of DeFi and NFTs. Up to $47 million in the blockchain’s native SOL token was stolen.

Mixin: $200 million

Mixin Network is a peer-to-peer cross-chain network that facilitates cryptocurrency transfers. In September 2023, the network was hacked through its cloud service provider’s database. The thieves made off with approximately $200 million in bitcoin (BTC), ether (ETH), and tether (USDT).

Euler Finance: $197 million

Euler Finance is a lending and borrowing protocol platform built on the Ethereum blockchain. On March 13, 2023, hackers conducted a flash loan attack, taking $197 million in wrapped Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staked ether (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan, an uncollateralized loan that must be paid in full in the same transaction, often used by arbitrage traders, to withdraw large sums, allowing the thieves to manipulate prices.

However, in a strange twist of fate, a few days later the hacker(s) began returning the stolen funds in larger installments, citing concerns about their security.

Bitmart: $196 million

In December 2021, centralized exchange Bitmart was hacked, resulting in losses of $196 million. The hack was first spotted by a security analytics firm, which noted that BitMart addresses were being emptied of their balances. Around $100 million in various cryptocurrencies were funneled through Ethereum, with another $96 million exiting via Binance Smart Chain. All of the tokens were moved to an address labeled by Etherscan as “BitMart Hacker.”

Nomad Bridge: $190 million

Just a month before the Wintermute breach, there was a more significant hack, an attack on Nomad Bridge. Hackers drained $190 million of the project’s funds. Nomad is a cryptocurrency bridge that allows users to exchange tokens between blockchains — bridges are one of the latest favorites among hackers. This is due to the significant value of the assets they hold and the complexity of the smart contract code they run on. Nomad Bridge later recovered $37 million of the stolen funds.

Beanstalk: $182 million

This hack involved the exploitation of a decentralized finance (DeFi) platform that uses a flash loanAfter borrowing $2.5 billion in various assets, the hacker took a 67% controlling stake in the project and approved a transfer of funds to his own wallet before repaying the loan and disappearing with the profits.

Wintermute: $162 million

Wintermute, one of the leading cryptocurrencies Market creatorwas hacked in September 2022. The project lost around $160 million in the hack, which made things worse for Wintermute because owed $200 million to other market participants. The CEO offered a 10% reward to the hacker if he returned the funds.

Multichain: $125 million

Multichain was intended to be a cross-chain router protocol that would, in theory, allow nearly any blockchain to communicate with each other and transfer assets between them, which was and is necessary for Web 3 to continue to progress.

Multichain CEO Zhaojun has reportedly been arrested in China and disappeared, leading analysts to believe the theft was the result of identity theft, where the system owners/developers create a product, raise money, and suddenly walk away with the money.

Other noteworthy hacks

  • BonqDAO: ~$120 million
  • Poloniex: ~$132 million
  • Atomic Wallet Users: Approximately $100 million
  • HTX Exchange Heco Bridge: Approximately $100 million
  • Curve: ~$70 million
  • CoinEx: ~$54 million
  • KyberSwap: approximately $56 million
  • Stake.com: ~$41 million
  • Orbit Chain: ~$81.5 million

Which cryptocurrency exchange got hacked?

Many cryptocurrency exchanges have been hacked. FTX, Mt. Gox, and Binance are some of the most notable hacked exchanges.

What is the biggest cryptocurrency theft?

The 2022 Ronin Network hack remains the largest known cryptocurrency hack, with over $625 million in cryptocurrency stolen. However, the largest cryptocurrency-related theft is attributed to scams associated with the FTX cryptocurrency exchange, where $8.7 billion was stolen from customers.

What was the biggest Bitcoin hack in history?

Considering bitcoin alone, Mt. Gox is probably the largest bitcoin hack, with over 650,000 bitcoins stolen.

The bottom line

With the addition of new products, the cryptocurrency industry has grown rapidly since the mid-2010s. The industry may even be moving too fast, as the number of hacks and thefts demonstrate exploitable weaknesses. Back-to-back hacks have exposed the vulnerability of the cryptocurrency industry and undermined investor confidence. To avoid further damage to sentiment, developers and companies need to exercise greater caution and implement more security protocols for blockchain networks and supporting systems.

The comments, opinions and analyses expressed on Investopedia are for informational purposes only online. Read our warranty and disclaimer for more information.

At the time of writing this article, the author does not own any cryptocurrencies.

Fuente

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version