Biggest Crypto Hacks of Centralized Exchanges
Remember the crypto boom in 2017 and how new cryptocurrencies started popping up every few seconds? The market crashed the year after, but it was quite clear that this emerging financial sector was a money-making industry, albeit still feeling like unknown territory and sketchy to many. Everyone wants in, including the likes of scam artists and hackers.
Here is a list of the biggest crypto hacks in centralized exchanges:
- Coincheck Inc. - $532.6 million in January 2018
Coincheck was founded in 2012 in Tokyo, Japan. It currently ranks #14 on CoinMarketCap’s list of top exchanges.
The scam it suffered, which drained the platform of $532.6 million worth of NEM coins in January 2018, was said to be the biggest crypto hack during its time. About 260,000 users were affected.
The culprit is storing the said funds in a hot wallet. As it is essentially an online form of crypto storage, the funds are vulnerable to malicious entities. In January 2021, around 30 people were charged by Japan’s authorities for trading crypto linked to the hack on the darknet.
- KuCoin - $281 million in September 2020
Singapore-headquartered KuCoin is one of the more prominent centralized exchanges (CEXes) in this list and ranks #5 on CoinMarketCap’s top exchanges by trading volume. It launched in 2017 and it currently does not operate in the United States.
The exchange initially reported a total damage of $285 million from a September 2020 hack. It was able to recover the majority of the hacked amount except for $45.5 million, which remains unaccounted for, but were paid back using the company’s insurance funds.
KuCoin has since used it as a learning experience and has upgraded its security architecture.
- Bitmart - $196 million in December 2021
Bitmart went through a massive security breach in December 2021 resulting in $198 million in losses. What facilitated the breach? A stolen private key and the funds being stored in hot wallets.
The company vowed to return users’ cryptocurrencies, but no such returns have been made so far. It is mulling over using token swaps to reimburse the funds but is looking for more ways to reimburse its affected clients.
In an investigation, it was found that the stolen funds were traded for Ether on a decentralized exchange, then deposited to Tornado Cash. Tornado Cash allowed the hackers to mix the stolen funds with clean funds, making them untraceable.
- Liquid - $97 million in August 2021
Number 22 on CoinMarketCap’s list is the Japanese crypto exchange Liquid. The August 2021 hack siphoned $97 million worth of digital assets to four different wallets. It suspended any withdrawals and deposits while investigations were underway.
Just like what happened to Bitmart assets, the hackers traded the stolen funds through decentralized exchanges (DEXes), which were laundered through Tornado Cash. This method enabled the stolen funds to avoid being subject to a freezing process, thus making them immediately available for use.
A few days after the hack, FTX Trading provided Liquid with $120 million in debt funding. This will be used to help the exchange restore its balance sheet and improve its capital generation activities.
The event came just a couple of weeks after Poly Network announced that over $600 million was stolen from its platform.
- Bitfinex - $72 million in August 2016
Hong Kong-based Bitfinex, which launched in December 2012, is number 7 in CoinMarketCap’s list of top exchanges.
The hack collected over $72 million in digital assets (now worth $4.5 billion) and sent them to a single wallet. The wallet was untouched until 2017, when small amounts of Bitcoin were transferred out of the storage and exchanged on the dark web and other money laundering venues.
In August 2020, Bitfinex laid down a massive bounty for anyone who can connect them to the hacker.
In February this year, the US federal government arrested a New York couple, Ilya Lichtenstein, and his wife, Heather Morgan, who were allegedly linked to the Bitfinex hack. The law enforcers seized $3.6 billion worth of Bitcoin.
- Binance - $40 million in May 2019
In May of 2019, Binance suffered the theft of two-factor authentication codes and API tokens, which were used to steal $40 million worth of Bitcoin from the platform.
The assets in question were from the platform’s hot wallet, a storage that holds 2% of the exchange’s total holdings. The top exchange platform said the large-scale breach was done through various methods, which circumvented security blocks.
Shortly after the hack through which scammers made away with approximately 7,000 BTC, Binance assured users that they will be reimbursed in full via its Secure Asset Fund for Users(SAFU).
- Crypto.com - $30 million in January 2022
Crypto.com is listed as the 10th best exchange based on trading volume on CoinMarketCap.
Earlier this year, the exchange admitted to losing over $30 million in a hack where its 2FA has been compromised. Its system detected a number of unauthorized transactions totalling 4,836.26 ETH and 443.93 BTC, plus other cryptocurrencies.
Affected users were fully reimbursed and the platform has since then moved its users to a more secure 2FA architecture.
Is it still safe to invest through centralized exchanges?
Whether you are in traditional financial markets or in cryptocurrencies, there will be varying levels of risks. While blockchain is known to be highly secure and transparent, it still remains vulnerable to certain security risks.
On the brighter side of things, the structure of a blockchain makes it possible to track transactions with data that cannot be altered. This level of transparency is not something a traditional financial system can offer, which means it will also be easier to track where hacked assets are sent.
Share this article