Probably not the four letter word that companies have in mind when they’ve discovered that a plunderer has got into their accounts and taken off with their funds. Especially when the companies are multi-million dollar corporations whose customers have trusted them with their funds for the exact reason that they wouldn’t be stolen. And even more especially when the funds stolen belong to the customers and the reasons are just minor slipups in security measures.
(Still probably not the right four letters.)
It sounds like something which shouldn’t happen, but it does – and a lot more often than one might expect. With cryptocurrency, when a company is hacked, the impact is felt double as hard – first the money is lost and then things are made worse because the cryptic nature of blockchain makes it near impossible to identify the cybercriminals.
Here we get into the top three worst hacks that have happened to cryptocurrency exchanges and the stories that follow of funds, trust, and credibility all lost in one swift attack.
Mt. Gox easily bags the title of “most famous Bitcoin hack” with a story of a massive exchange making a massive blunder.
The Japan-based Bitcoin exchange started its life in July 2010 and quickly became known as the biggest exchange for Bitcoin at the time. The trajectory for the company’s success was looking almost guaranteed. It was leading not only in Japan, but the massive strides were worldwide too.
Unfortunately, this is not a success story, but instead, it’s a testimony that the highest fall the hardest.
In February 2014, the exchange announced the suspension of all trading. It closed its website and exchange services and it filed for bankruptcy. Two months later the liquidation proceedings began.
If we backtrack to 2011, we’ll see how the company which was leading internationally became a company in ruin.
The first attack happened in June when a hacker got hold of the auditor of Mt Gox’s login credentials and managed to take off with 2609 bitcoins, stealing the funds and sending them to a private address which Mt Gox. could not access.
This was certainly a pivotal point of failure, but not quite the nail in the company’s coffin. The company was able to crawl back to a place in the market and regain the trust of their customers.
The final nail came in 2014 when Mt Gox. had a colossal hand in Bitcoin deals – a huge 70% portion of all Bitcoin transactions were going through the exchange – which looked like a prize target for a cybercriminal. The company was attacked and the amount of stolen Bitcoin was enough to send Mt Gox. into disrepair. The company suspended operations for the last time and declared bankruptcy.
Out of the more than 750,000 BTCs (approximately $350 million USD at the time) stolen, none were recovered and investors lost their funds and the world lost an exchange.
Where Mt Gox was the leader, Bitfinex followed.
This is both terms of the success, and also the failure.
It should be known that hackers and thieves will take what they can get, and when there’s a security vulnerability handed to them, you can bet Bitcoins that they will take advantage of it.
This is exactly what happened to Bitfinex; hackers were able to get into the system via a weakness in the multisig wallet architecture of the company.
The cybercriminals were able to skedaddle with a whopping $72 million USD worth of Bitcoin and customers felt the weighted impact. Users, unsurprisingly, were enraged that better security systems, such as two-factor authentication, weren’t in place and Bitcoin ultimately paid the price. The coin value dropped nearly 20% after the news of the hack took place.
Despite the scandal, both the cryptocurrency and the exchange have recovered and Bitfinex is still trading with a huge user base. The trust was likely gained back when the exchange offers its tokens (BFX) which could be converted into USD to the affected victims.
If you are in need of a classic case of a huge amount money disappearing- this is it.
The hack of Coincheck’s system gives us the story of the world’s current largest heist with millions of tokens stolen and major trust broken.
In January of this year, hackers made mince-meat of the systems of the Japan-based cryptocurrency exchange. Coincheck, which was founded in 2014, maintains that the robbery was not an inside job but have not disclosed how the security system was breached. What is known, however, is that the company lacked multi-signature security measures which likely is a key failure leading to the theft. The company also uses an unusual method of storing funds – using a hot wallet (connected to external networks) rather than cold wallets (which are much less vulnerable to hacks). A fact of which hackers clearly took advantage.
The theft apparently wasn’t enough and the hackers added salt to the wound by labeling the addresses (which cannot be tracked owing to the anonymity of users) with a tag “coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker“.
Although Coincheck was able to identify the eleven addresses to where the stolen coins went, they are unable to trace who owns the accounts.
The most recent update of the hack is that the $532 million USD worth of NEM has likely been transferred to other accounts through sneaky, untrackable means.