Clock 5 MINUTES

A Comprehensive List of Cryptocurrency Exchange Hacks

Hacks and data breaches happen on an almost daily basis. Cryptocurrency exchange hacks are particularly damaging because they typically affect thousands of users and involve the loss of funds. Here we provide an updated list of all major cryptocurrency exchange hacks.

19 Sep
2019
SelfKey
Identity Wallet
Cryptocurrency Exchange Hacks
key-icon

Cryptocurrency exchanges come and go, and it’s almost inevitable that an exchange will get hacked at one point or another. While cryptocurrencies themselves are very secure, exchanges can be affected by a variety of vulnerabilities, making them a prime target for malicious actors. 

We’ve compiled a comprehensive list of cryptocurrency exchange hacks – you’ll be amazed at how much has been stolen over the years.

2019

May – Binance – 7,000 BTC

Despite the fact that we are now in 2019, hackers still managed to use a phishing scam and malware to hack into Binance. The malicious actors ran off with $40 million worth of Bitcoin. As a result, Binance promised to increase its security, but users are understandably wary.

January – Cryptopia – 1,675 ETH

Unfortunately for Cryptopia, they suffered another hack 15 days after the first one. That was the end of the exchange – they are now going through the liquidation process.

January – Cryptopia – Min. 19,390 ETH

It all started with Cryptopia users having difficulty accessing their accounts, and it only went downhill from there. The company originally thought it was a technical issue, but later clarified on Twitter that it was a security breach. The exact amount stolen in the hack is still unknown.

2018

September – Zaif – 5,966 BTC

This is yet another case where it’s unclear how hackers stole the funds. However, Zaif did file a criminal case with their local authorities, which makes it sound like they have an idea as to who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrency as a consequence.

June – Coinrail – 1,927 ETH, 2.6 Billion NPXS, 93 Million ATX, 831 Million DENT Coins & large amounts of 6 other tokens

Despite the fact that Coinrail was a relatively small cryptocurrency exchange, it did a lot of business which drew the attention of hackers. Exact details of the attack are still unclear, and the exchange lost an estimated $40 million.

April – CoinSecure – 438 BTC

CoinSecure, an Indian cryptocurrency exchange, lost Bitcoin valuing $3.5 million at the time of the hack. However, it seems like this one was an inside job. The owners of CoinSecure believe their former Chief Security Officer stole the funds. It seems they may have been onto something, as he was later arrested.

The SelfKey Identity Wallet is a free identity solution for Windows, Linux and Mac. Get yours today!

February – Bitgrail – 17,000,000 NANO

Over $170 million was stolen from the Italian exchange Bitgrail, and the details are a little fuzzy. While the owner, Francesco Firani, announced the hack, other Bitgrail employees denied this and said there was nothing wrong. People are sceptical as to whether this was an actual hack, or an attempt at an exit scam.

January – Coincheck – 523,000,000 NEM

Coincheck was the leading exchange in Japan, but the hack showed how remarkably unsecure the platform was. The hackers managed to spread a virus through email that allowed them to steal private keys. After that it was remarkably easy, as Coincheck did not use smart contracts or multi-signatures, and all coins were stored in the same wallet. The total value of cryptocurrency stolen is one of the highest ever, $533 million. Remarkably, the cryptocurrency exchange is still in business.

2017

While there were no major hacks in 2017, there were several exit scams and insider jobs. It certainly wasn’t a year free of attacks, but hackers decided to give the cryptocurrency world a break.

2016

August – Bitfinex – 120,000 BTC

This Hong Kong-based cryptocurrency exchange had claimed to be the most secure in the world. Unfortunately, that proved to be very untrue. Hackers made off with a large amount of Bitcoin through Bitfinex’s processing service – BitGo. The price of Bitcoin plunged as a result of the hack.

May – GateCoin – 250 BTC 185,000 ETH

GateCoin was one of the first regulated cryptocurrency exchanges at the time, and its popularity made it a prime target for malicious actors. Hackers managed to gain access to user wallets and stole cryptocurrency valued at $2 million. That was the nail in the coffin for GateCoin; the exchange never recovered.

2015

February – KipCoin – 3,000 BTC

Remember Linode? It was hacked again in 2014, which this time caused a security breach on the KipCoin server. The hackers managed to gain control of the entire platform by changing passwords internally. A month-long struggle ensued in which the administrators managed to regain control of the exchange, but the hackers still lurked. At the time of the hack, KipCoin did not tell users what was happening in light of the Bitstamp hack and only later revealed the information.

January – 796 – 1,000 BTC

It was not a good start to the year for cryptocurrency exchanges in 2015. Chinese exchange 796 had its server compromised, and hackers tampered with withdrawal addresses to trick users. It worked, and major shareholders footed the bill so users didn’t have to lose funds themselves.

January – LocalBitcoins – 17 BTC

While this was a relatively small hack, it proved a point when it came to spending money on cybersecurity. Attackers used the LocalBitcoins live chat to distribute malware then made off with a relatively small profit.

January – Bitstamp – 19,000 BTC

Bitstamp was the first licensed cryptocurrency exchange in Europe. It was compromised when hackers sent a malicious email to Bitstamp employees, and it only took one employee to follow the link and expose the whole exchange. The attackers made off with Bitcoin valued at $5.1 million at the time.

2014

July – Cryptsy – 13,000 BTC and 300,000 LTC

A trojan virus was inserted into the code of Cryptsy by a hacker going by the name of Lucky7Coin. As a result, Lucky7Coin (and potentially others) walked away with a staggering amount of cryptocurrency. The owner of Cryptsy, Paul Vernon, was accused of destroying evidence and stealing Bitcoin himself and the exchange declared insolvency. Vernon was successfully sued for $8.2 million in a class-action lawsuit.

March – Poloniex – 97 BTC

In the same month, hackers managed to take advantage of an incorrect withdrawal code of this US-based cryptocurrency exchange. While the company did not report exactly how much was stolen, the figure has been explained on the Bitcointalk forum. There is still some speculation as to whether the hack was an inside job or not.

March – Mt.Gox – 850,000 BTC

You might be surprised to see this name again, and attached to what is one of the biggest hacks of all time. The investigation is still ongoing and the situation is far from clear, but it appears that when Mt.Gox was originally hacked in 2011, some private keys were also stolen by malicious actors. The hackers gained access to a large number of Bitcoin and started emptying wallets. Purportedly due to an error in the Mt.Gox systems, the exchange was interpreting these withdrawals as deposits for nearly two years. It was a huge error, costing users a total of $45 million and marking the end of the cryptocurrency exchange. Interestingly, some of the stolen funds may potentially be recovered.

2013

November – BitCash – 484 BTC

The Czech-based exchange Bitcash lost Bitcoin after a hack on their servers. The attackers gained access to emails and sent out a phishing scam, pretending to be Bitcash to obtain customer information, which they then used to steal funds.

May – Vicurex – 1,454 BTC

While the hack of Vicurex has never exactly been confirmed (leading some to believe it was an inside job), the cryptocurrency exchange announced it had lost most of its reserve funds to attackers. Vicurex, claiming near bankruptcy, froze all withdrawals, leading several former customers to sue the company for withholding their money.

2012

September – BitFloor – 24,000 BTC

At the time of the hack, BitFloor was the fourth largest exchange on the US market. Attackers managed to gain access to the servers and found unencrypted backup wallet keys. From there, they simply siphoned out the funds, worth a cumulative $250,000.

May – Bitcoinica – 18,457 BTC

Unfortunately for Bitcoinica, they suffered another hack just two months later, leading many to suspect that the original security issues from the Linode attack in March had never actually been effectively dealt with. The site was immediately shut down and the exchange was ultimately closed for good.

March – Linode – 43,000 BTC from Bitcoinica & 3,000 BTC from Slush

This one is a little complicated. Linode is a web hosting provider, and they hosted the cryptocurrency exchanges Bitcoinica and Slush. Linode itself was hacked, and the attackers managed to steal significant amounts Bitcoin from both exchanges.

2011

October – Bitcoin7 – 11,000 BTC

In this case, hackers from Russia and Eastern Europe managed to gain access to Bitcoin7’s servers. This also gave them access to the exchange’s main BTC depository and two backup wallets. Bitcoin7 continues to exist with an obviously spammy website (steer clear!).

June – Mt.Gox – 2,643 BTC

Mt.Gox starts off our list, with a relatively modest hack. In this hack, attackers were able to gain access to a computer belonging to an auditor at the cryptocurrency exchange. The malicious actor changed the price of Bitcoin to $0.01, purchased them at the artificially low price and made off with a small fortune.

Conclusion – Cryptocurrency Exchange Hacks

Cryptocurrencies are relatively safe, but take a look at this list to make sure the cryptocurrency exchange you use isn’t on it! Exchanges are always at risk of attack, especially when they are doing a lot of business. It’s important that cryptocurrency exchanges take security seriously, and put a number of measures in place to prevent security breaches. Any decent cryptocurrency exchange should outline what security measures they have in place. If they don’t, and fail to adequately justify their reasons for withholding that information,  then that’s a red flag you would do well to pay attention to.