Top 10 Biggest Centralized Crypto Exchange Hacks In History

Top 10 Biggest Centralized Crypto Exchange Hacks In History

January 11, 2023 by Diana Ambolis
Although cryptocurrency is renowned for its openness, it is also generally known that cybercriminals target platforms and exchanges in order to take advantage of them. Even if exchanges make some investments to safeguard their assets, skilled attackers can get past their defences. Since a single breach might result in the theft of the assets of
Top 10 Biggest Centralized Crypto Exchange Hacks In History

Although cryptocurrency is renowned for its openness, it is also generally known that cybercriminals target platforms and exchanges in order to take advantage of them. Even if exchanges make some investments to safeguard their assets, skilled attackers can get past their defences. Since a single breach might result in the theft of the assets of thousands of customers, criminals frequently target cryptocurrency exchanges. Crypto Exchange hacks frequently occur as they contain open-source code libraries. Since illegal actions are becoming more complex, more security measures are required.

The ten largest centralized crypto exchange hacks to date are examined in this article:

1. Mt. Gox (2011): the first significant hack in the cryptocurrency industry

Tokyo, Japan-based cryptocurrency exchange Mt. Gox was established in 2010. It once held the title of the biggest cryptocurrency exchange in the world, processing more than 70% of all global bitcoin transactions. The exchange was hacked in 2011, and bitcoin worth $8.75 million was taken.

The exchange promised to strengthen its security measures, but in 2014 it experienced another attack. It was done this time on a much bigger scale. Approximately 850,000 bitcoins ($615 million) were stolen. They did this by pouring a lot of bogus bitcoins into the exchange. This one was one of the first significant security breaches in the bitcoin realm.

Due to the breach, the organization was the target of numerous lawsuits from clients, suppliers, and business partners. Due to the fact that he didn’t use any version control software for the site’s source code, the exchange’s CEO, Mark Karpeles, was a key player in many of these.

Any programmer might unintentionally overwrite the site’s code, making the entire system open to attack. The users of the exchange have not yet benefited from this litigation. The exchange seeks to reimburse its consumers through a civil rehabilitation plan submitted to the Tokyo District Court.

2. The most recent attack was on KuCoin (2020).

Singapore is home to the cryptocurrency exchange KuCoin. It was established in 2013 and trades in a number of cryptocurrencies, including Ardor, Litecoin, Ethereum, and Bitcoin. It was targeted in September 2020, and thieves were able to take about $281 million worth of coins and tokens.

In addition, some of the most popular wallets on the market had their keys stolen by hackers. Even though KuCoin swiftly disabled all online transactions, the harm had already been done. One of the biggest breaches in the history of crypto assets is this one.

After that, KuCoin‘s management team started a thorough investigation. This quick action paid off, as more than $204 million in money was recovered in a matter of weeks. A significant development in identifying the potential culprits has also been accomplished via the exchange. A North Korean cyber gang is allegedly to blame for the incident. This situation emphasizes how critical it is to act swiftly and be able to follow transactions in real-time. The exchange also intends to pay for all of its users’ losses.

3. Upbit (2019), the cyberattack that utilized a single transaction.

A cryptocurrency exchange called Upbit was established in 2017. Despite its origins in South Korea, the trade has gained popularity worldwide. In terms of daily transactions, it actually overtook Bitcoin as the largest cryptocurrency exchange in the world in 2018.

However, a significant cyberattack targeted the exchange in November 2019. In just one transaction, the thieves broke into the exchange and stole more than $45 million.

To make it more difficult for the police to track them, the hackers shifted the majority of the cryptocurrency to other wallets within a few days after the attack. The US Department of Justice was able to identify two Chinese nationals who had participated in the attack after a few months.

It was also discovered that North Korean hackers took part in the assault. Upbit then made an attempt to convince other exchanges to block the associated accounts.

4. BINANCE (2019) – the most anticipated victim

One of the most well-known brands in the industry is Binance. The Cayman Islands-based exchange is the biggest cryptocurrency exchange in the world (by volume). More than 360 distinct cryptocurrencies are available on the exchange, which operates in more than 1200 markets.

Binance also asserts that it has created a complete ecosystem for cryptocurrency trading, research, education, and charity. The exchange, however, experienced a significant security problem in May 2019.

The hackers removed over 7000 bitcoins from the hot wallet. About $40 million in losses were sustained as a result of the attack. The attackers succeeded in breaching the exchange’s security mechanisms and took control of important data sets, including APIs, two-factor codes, and other information.

Surprisingly, each and every one of the lost bitcoins had a connection to a single cryptocurrency wallet. According to the exchange, all losses are covered by its Secure Asset Fund for Users (SAFU).

5. Bitfinex (2016) – the dispersed losses hack

In 2012, Bitfinex, a cryptocurrency exchange with headquarters in Hong Kong, was established. It is controlled by iFinex Inc., a business that also created the stablecoin Tether. Hackers broke into the cryptocurrency exchange in 2016 and stole more than $60 million coins.

Following the hack, Bitfinex was able to locate some assets and give its clients equity reimbursements. Each user suffered an equal share of the attack’s losses.

It was discovered that two Israeli brothers carried out the attack. Authorities quickly detained them and charged them with violating cybercrime laws. The US authorities were able to recover part of the money in 2019 while also identifying some of the hackers.

The initial stolen coins were discovered to have been transferred from one wallet to another in 2021. According to speculation, some of the attackers are attempting to profit from the high prices of bitcoin.

6. CRYptopia (2019): The strange case of two attacks

The Christchurch-based exchange Cryptopia was established in 2014 and is based in New Zealand. The exchange suffered a significant attack in January 2019 that caused overall losses of $15.5m. The management calculated that the attack had stolen more than 9% of its overall holdings. The attack was so serious that the exchange had to be completely liquidated as a result.

7. The strike that was discovered too late, ZAIF (2018)

One of the first cryptocurrency exchanges in Japan is Zaif. It was the first exchange in Japan to obtain a formal license and has been in operation since 2014. More than 40 cryptocurrencies are available on Zaif. The exchange experienced a significant breach in September 2018 when hackers obtained access to its hot wallets.

Even though the hack was carried out on September 14, Zaif wasn’t able to recognize it until three days later. After reviewing all Zaif withdrawal transactions, Crystal was able to track the money and mark the hackers’ wallets with a risk score of 100%. Losses totalled about $60 million.

The exchange then struck a contract with the Japanese investment company Fisco. It was able to raise around $44.5 million as part of the acquisition. The damages incurred by its users were then compensated for using this money. In exchange, Fisco acquired control of the exchange on a majority basis. As a result, the exchange’s deposit and withdrawal capabilities were reinstated in April 2019.

Also, read – Top 10 DeFi Hacks That Are Useful For Blockchain Apps

8. BANCOR (2018) – the hack that left no one hurt

Israeli startup Bancor was established in 2016. In essence, it is a cryptocurrency business that provides users with a fully decentralized trading service. A 2017 ICO raised $150 million for the company.

However, a significant attack the following year caused it to suffer total losses of $23.5 million. The hackers carried out the offence using a clever method. They specifically targeted the company’s wallet that it was utilizing to update its smart contracts.

The business also located and tracked the stolen coins. They discovered that some of the coins had been exchanged at different sites. Bancor then asked for the coins that were stolen to be frozen on these exchanges. In the wake of the incident, the Bancor exchange was shut down.

No user cash was lost during the incident, the company insisted. According to its detractors, Bancor was criticized for failing to secure its own assets.

9. The largest hack to date was COINCHECK (2018)

The Japanese-based cryptocurrency exchange Coincheck, which was established in 2012, is regarded as one of the top 20 in the world. Bitcoin and Ethereum are only two of the many cryptocurrencies available on the exchange. Bad actors were able to get into the exchange in January 2018 and take $534 million worth of cryptocurrency.

It was established that this was the biggest crypto assault in history. Coincheck immediately halted all deposits and withdrawals as the hack was discovered. But the harm was already done, and the exchange acknowledged that it might not be able to compensate its consumers for their losses.

To gain access to hot wallets, the hackers employed a phishing assault. They were able to propagate malware and steal money after that. A detailed inquiry conducted under the direction of Japanese authorities followed the attack. Early in 2021, further information regarding the attack was made public when officials said that the majority of those who participated in it belonged to the high-income demographic.

10. COINBENE (2019): The hack that wasn’t initially acknowledged

Chinese staff run the Singapore-based cryptocurrency exchange CoinBene. According to trading volume, it is regarded as one of the top 10 cryptocurrency exchanges worldwide. The exchange by the crypto community serves more than 192 nations.

Cybercriminals hacked CoinBene in March 2019 and made off with more than $105 million in cryptocurrency. Instead of acknowledging that the attack had occurred, the exchange said it was closing down for maintenance.

Its transactions were carefully examined, and the results showed that the exchange had been tricked. The thieves were able to transfer the stolen coins to other exchanges, including Binance. The stolen coins have not yet been found.