Cryptocurrency has burgeoned into a space of inspiring innovations and services thought to be impossible beforehand, at least in the sense of having a digital asset-based system underpinning them. Unfortunately, despite the inventions and advantages the industry has bestowed to investors and institutions, it has been throttled by some problems, like hacks. While hacks are possible on any given day, especially if a crypto holder loses their private keys, there have also been large-scale instances of hacking. Here are five major cryptocurrency hacks.
The DAO Hack
Ethereum’s largest hack, the DAO attack surfaced the dangers in smart contract loopholes. The DAO, aka the Decentralized Autonomous Organization, was introduced to Ethereum in May 2016. It was a complex smart contract that set to operate as a venture capital fund, funding all future DApps made in the system. DAO released its DAO tokens for those who wanted to officially join the DAO system and have leverage in the funding of the DApps. The DAO’s flexibility and transparency allowed it to amass $150 Million worth of ether in its crowdsale.
If a user wanted to opt out of the DAO system, they had to send a request, which would give the user back their Ether in exchange for their DAO tokens. Then the system would register the transaction in the blockchain, updating the token balance. In June 2016 however, a hacker saw this as a loophole and jumped on the opportunity to steal. The hacker put in a recursive function in the request, then took the DAO tokens, but before they registered the transaction, the recursive function made the code return and transfer more Ether for the same DAO tokens.
The function allowed the theft of Ether to last hours, though for unknown reasons, the hacker had stopped draining the Ether. In the first few hours of the attack, 3.6 million Ether was stolen (then worth $70 million). Since the Ether was placed in a 28-day holding period, the hacker couldn’t collect the stolen Ether. This was undoubtedly Ethereum’s biggest hack, as it caused a hard fork to send the hacked funds to an account for the owners of the stolen Ether.
The Mt. Gox Hack
The Mt. Gox hack was plausibly the biggest cryptocurrency hack in history, only beat out by 2018’s Coincheck hack. (read below). In 2013, Mt. Gox (Magic The Gathering Online Exchange) was the biggest Bitcoin exchange in the world, having processed 70% of the world’s Bitcoin trading. But it was doomed for failure due to an insidious hack, which has uniquely been going on for years, as opposed to other hacks, even the major ones, which have lasted a few hours or days. The hacking was discovered in 2014, yet there were transgressions occurring on Mt. Gox for years, having dated back to 2011. This was the year in which Bitcoin had a huge price crash on the site, falling to the minute value of $0.01.
The intruder hacked into a Mt. Gox auditor’s computer and transferred a large sum of Bitcoins to themselves. The hacker used the exchange’s software to sell all the Bitcoin, creating tension on the system that resulted in a sudden drop in Bitcoin value. The price was later re-adjusted but the hacker made off with about $8,750,000. This hack was but a fraction of the damage of the impending 2014 hack. Mt. Gox did not have any version control software, which meant that any coder could accidentally overwrite their colleague’s code if they were working on the same file. With a lack of coding security, hackers were able to tamper with transactions made on the exchange. This resulted in the hack’s colossal $473 Million robbery. The company had gone bankrupt and is no longer in operation.
The NiceHash Hack
In December 2017, NiceHash, a Slovenian mining service, was at the center of a large-scale hack. The service allows the owners of mining equipment to rent out their hash power to buyers who wish to mine cryptocurrency at short time spans. On December 6, 2016, Marko Kobal, the CEO of NiceHash, took to Facebook Live to reveal that the attackers of the service siphoned away over 4,000 BTC, or approximately $80 Million.
Kobal’s Facebook Live appearance did not reveal many details, except that the heist transpired from an employee’s compromised computer, through which the hackers were able to use the employee’s credentials to access to the NiceHash system. Kobal said that the stolen bitcoins were sent to an unknown address, one that neither NiceHash nor the rightful owners could access. NiceHash discontinued operations for 24 hours for a checkup and analysis of the hack. It reopened its platform on December 22, 2017, recommending users to change their passwords for additional security. The CEO resigned from the company after the hack.
The Bitfinex Hack
Bitfinex is one of the largest crypto exchanges in the world and its heist ranks in second in terms of the biggest Bitcoin platform hacks. In August 2016, Bitfinex announced that almost 120,000 bitcoins were purloined from users’ accounts. At the time of the heist, the stolen Bitcoin was worth $72 Million, though it would be closer to $780. 88 Million today. The strangest aspect of this hack was that the drained Bitcoin came from multisignature accounts.
Multi-sig is considered one of the safest digital signature schemes in the industry, as it can only authorize a transaction with the presence of signatures from multiple parties. These parties manage the funds and restrict the risk of having them stolen. The transfer of funds on a multi-sig account requires access to all of these keys (usually 3), for any transaction.
Bitfinex had held two of these keys, while its partner BitGo, a blockchain security company that had formed its multi-sig system, had access to the the third. In spite of this tight security measure, the hackers were able to gain access to all three of these keys and siphon off users’ bitcoins to an unknown address. In the aftermath of the hack, neither Bitfinex nor BitGo admitted to any wrongdoing and til this very day, no apology or acknowledgment has been issued.
The Coincheck Hack
The Coincheck hack has dethroned Mt. Gox from its long-held first place in the largest cryptocurrency hacks in history. Coincheck is a Japanese cryptocurrency exchange, through which cybercriminals were able to thieve a whopping $534 Million, about $61 Million more than the Mt. Gox hack. Occuring fairly recently, Coincheck had reported on January 26, 2018 that 523 Million NEM coins (called XEM), had been stolen from a hot wallet, or a wallet connected to the internet.
Through the hot wallet, the hackers drained the altcoins into a separate account. Similarly to the Bitfinex hack, many of these altcoins were held in multi-sig accounts. Following the hack, Coincheck released a statement in which it declared its opposition in keeping cryptocurrency in hot wallets. In March 2018, Coincheck announced that it intends on recompensing those who lost crypto from the hack. Users who had their NEM stolen will receive $0.83 per NEM and a complete refund will cost Coincheck about $420 Million. XEM has lost a considerable amount of value since the hack, as the then 523 Million coins are now worth about $221 Million.
Interested to learn more about cryptocurrency news and be educated on a variety of crypto-topics? Check out our news site for all things crypto, blockchain and fintech.