Cryptocurrency exchanges come and go, and it’s almost inevitable that an exchange will get hacked at one point or another. While cryptocurrencies themselves are very secure, exchanges can be affected by a variety of vulnerabilities, making them a prime target for malicious actors.
State of the industry - February 2020: As it stands, 2019 saw a record number of twelve crypto exchanges being hacked. That being said, across the board the amounts of crypto stolen were worth less. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019.
One would hope that as time goes on cryptocurrency exchanges would become more secure. The unfortunate reality is that more exchanges are hacked every year. As cryptocurrency and exchanges remain largely unregulated, it is unclear as to who has jurisdiction over cryptocurrency markets.
We’ve compiled a comprehensive list of cryptocurrency exchange hacks - you’ll be amazed at how much has been stolen over the years.
Italian cryptocurrency Altsbit had only been around for a few months before it was hacked. Initially, the exchange announced the hack stating that almost all funds had been stolen. After some more thorough research, it appears Altsbit only lost under half of the crypto it was storing.
Altsbit has announced that it only has enough funds to issue partial refunds, and that they will be closing their doors in May 2020. Hacking group Lulzsec has claimed that they are responsible for the hack, though it is still unclear how they managed to pull it off. Approximately $70,000 worth of cryptocurrency was stolen.
South Korean exchange suffered a massive breach when hackers made off with 342,000 ETH (valued at $51 million at the time of the hack). Rumors swirled that this was an inside job, as the stolen crypto had allegedly been taken from Upbit’s cold wallet. This turned out to be a false alarm. Thankfully, Upbit promised to cover the losses.
However, the story doesn’t end here. The stolen crypto has been on the move. Whoever took it has been moving it between wallets, although it is unclear what purpose this will serve. As of January 2020, Upbit has completed a major security update after a brief suspension of services.
Based in Vietnam, VinDAX is a relatively small crypto exchange that mainly conducts token sales for relatively unknown blockchain projects. Hackers don’t care about the size of the exchange, they just care about the money and they managed to steal half a million dollars worth of crypto from VinDAX.
In response, VinDAX emailed the projects that had been impacted by the theft asking for funds. It’s unclear if any of the projects accepted the offer or not.
After noticing an error in its outgoing funds transfer system, Japanese exchange Bitpoint immediately suspended its services. However, it was too late. Thanks to a security breach, hackers made off with over $30 million worth of cryptocurrency.
Luckily, Bitpoint was able to recover $2.3 million of the stolen crypto from overseas exchanges. Bitpoint has said that they will compensate their users, but have not released a time frame as to when that will happen.
Bitrue is a Singapore-based cryptocurrency exchange that experienced a major hack to it’s hot wallet. Only 90 Bitrue users were affected, but the cryptocurrency that was stolen was worth almost $5 million. Luckily for users who lost their funds, Bitrue has reassured them that they will be fully repaid.
This UK and Slovenia-based cryptocurrency exchange suffered from a large hack this summer where hackers made off with $10 million worth of Ripple. While it is still unclear as to how exactly the hacker(s) gained access to user funds, the culprit(s) managed to access encrypted secret keys. So far, GateHub has managed to make some progress in recovering the stolen funds.
Despite the fact that we are now in 2019, hackers still managed to use a phishing scam and malware to hack into Binance. The malicious actors ran off with $40 million worth of Bitcoin. As a result, Binance promised to increase its security, but users are understandably wary.
It appears that customer data may have been stolen as well. In August 2019, someone started sharing customer verification information from Binance on a Telegram channel. It has been alleged that this data was also taken during the hack, and that up to 60,000 users may be affected.
The Singapore-based crypto exchange DragonEx suffered an attack in which hackers made off with $7 million worth of cryptocurrency. The North Korean hacking group Lazarus was responsible. The hackers created a legitimate looking fake company and convinced DragonEx employees to download malware onto their computers through Telegram and LinkedIn messages.
DragonEx has taken full responsibility for the hack and will be issuing refunds to those who lost funds. The exchange is also working with the police to see if they can recover the stolen crypto.
This South Korean cryptocurrency exchange was the victim of a suspected insider job. It all started with a suspicious withdrawal, and the exchange immediately suspended all withdrawals on their platform, but it was too late. Who conducted the hack is still unknown, but since there is no evidence of outsider interference, many suspect that it was a Bithumb employee who stole the funds.
Problems started to surface for CoinBene when funds began to mysteriously move out of the exchange’s hot wallet. Analysts were worried, especially since the exchange was down for maintenance, a typical post-hack response. Despite assurances from CoinBene that nothing had happened, the exchange was down for a whole month.
One of the more bizarre aspects of this hack is Coinbene’s unwillingness to admit that anything was wrong. The hack also came on the heels of a report by Bitwise Asset Manager which accused Coinbene of wash trading to manipulate the crypto market. The details are still extremely murky, but it is believed that over $100 million worth of cryptocurrency was stolen in the hack.
In a bizarre turn of events, Youbit (formerly known as Yapizon) rebranded months later as Coinbin. Having already faced two massive hacks, you would think that Coinbin would be extra careful. However, this hack was an inside job.
It appears that the former CEO of Youbit was still working at Coinbin, and was embezzling company funds. This employee allegedly had access to private keys and was able to siphon off funds from multiple accounts. As a result, Coinbin filed for bankruptcy and shut down while still owing users $30 million.
This is a slightly less conventional hack, because instead of stealing money the hackers just stole information. Coinmama is one of the largest cryptocurrency brokers with over a million active users. There appears to have been little fallout from this hack, as Coinmama informed users rapidly once they learned that user data was being leaked on the dark web. To date, no cryptocurrency has been stolen.
Unfortunately for Cryptopia, they suffered from another hack 15 days after the first one. That was the end of the New Zealand-based exchange - they are now going through the liquidation process.
2020 Update: Cryptopia is still undergoing liquidation, but it has now been revealed that the exchange was failing to meet anti-money laundering (AML) requirements when creating new user accounts. For over 900,000 active user accounts, there is no customer data beyond usernames and email addresses.
Less than 1% of users had completed customer identification, a vital part of AML procedures which ensures that customers are who they say they are. Thousands of accounts which held over $3 million worth of cryptocurrency were traced back to uninhabited islands or physical addresses that didn’t exist. As it stands, many of those who lost funds in the hack aren’t eligible to be refunded by liquidators because there is not enough information on who owned what accounts.
While it’s unfortunate that Cryptopia experienced two back-to-back hacks within a month, it’s clear that the exchange was not doing it’s due diligence. Given that most of the active users on Cryptopia were from outside New Zealand, more should have been done to enforce AML compliance measures.
It all started with Cryptopia users having difficulty accessing their accounts, and it only went downhill from there. The company originally thought it was a technical issue, but later clarified on Twitter that it was a security breach. The exact amount stolen in the hack is still unknown.
While this doesn’t quite qualify as a hack, it is too unbelievable to not include on this list.
QuadrigaCX was Canada’s largest cryptocurrency exchange owned by Gerald Cotten. Cotten was the only person who knew how to access the cold wallets belonging to the exchange.
In December, while on his honeymoon in India, Cotten died and took any information on how to access the cold wallets to his grave. QuadrigaCX had already been struggling and rumors of bankruptcy had been floating around, and with Cotten’s passing the exchange collapsed. Conspiracy theories started popping up that Cotten wasn’t actually dead, he had just pulled a very elaborate exit scam.
As investigations started into QuadrigaCX’s finances began, things took a bizarre turn. Six cold wallets were identified to belong to QuadrigaCX. However, when investigators looked at the wallets, five of them had been emptied around April 2018. No one is really sure what has happened, and investigations are still ongoing. Cotten’s widow has voluntarily returned $9 million in assets from Cotten’s estate to repay users.
2020 Update: Over a year later, what exactly happened to QuadrigaCX is still very unclear. It continues to be alleged that Cotten isn’t actually dead and there have been multiple attempts to get his body exhumed. An initial request was denied, however a new one has been made by the lawyers representing those who lost their funds.
There are also alleged ties to a shadow bank in Panama called Crypto Capital. Lawyers of the exchange suspect some of the funds that are missing may be stored in Crypto Capital and have asked any former QuadrigaCX users for their assistance on the matter.
As of January 2020, the FBI is now involved. A victim specialist from the FBI has been reaching out to former users and directing them to a portal where they can obtain more information. It remains unclear if we’ll ever have the answers about what actually happened at the exchange.
This hack is still up for debate as many believe it was part of an exit scam. MapleChange was a small, Canadian cryptocurrency exchange that began to see an uncommon spike in exchange activity starting in October. Later that month, the exchange announced that it had been hacked and that all funds (valued at $5.7 million) had been withdrawn. As a result, MapleChange announced it was closing its doors for good.
What made people suspicious was the immediate removal of the MapleChange website, social media accounts, and Discord and Telegram channels. The lack of communication has led many to believe that there was no hack despite MapleChange insisting they were just taking a break to decide how to proceed.
Instead of deciding to pay anyone back, the crypto exchange gave what little they had left to the developers who had created the remaining coins. The internet is still divided as to whether or not the whole thing was a hack or just another scam.
This is yet another case where it’s unclear how hackers stole the funds. However, Zaif did file a criminal case with their local authorities, which makes it sound like they have an idea as to who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrency.
Despite the fact that Coinrail was a relatively small cryptocurrency exchange, it did a lot of business which drew the attention of hackers. Exact details of the attack are still unclear, and the exchange lost an estimated $40 million.
Unfortunately Bithumb’s hacking problems didn’t start in 2019. The exchange was hacked in 2018 as well (and you will see them again on our list), with hackers making off with substantial amounts of Ripple. This hack appears to be orchestrated by a group of North Korean hackers known as the Lazarus Group, who have been responsible for a number of cryptocurrency hacks over the years. Luckily for Bithumb users, the exchange promised to pay back any stolen funds.
This is probably one of the stranger hacks on our list, as a cryptocurrency exchange wasn’t hacked but a cryptocurrency was. Bitcoin Gold was an offshoot of the original Bitcoin, which took a hard fork from Bitcoin as an attempt to decentralize (ironic given that Bitcoin is already decentralized).
Bitcoin Gold became the victim of a 51% attack, a rare occurrence where hackers managed to gain control of more than 50% of the networks computing power. From there, attackers can prevent confirmations, allowing them to effectively stop payments between users and make changes to the network’s blockchain ledger. This type of attack was thought to be rare, if not impossible, until the Bitcoin Gold incident.
Using some complicated maneuvers, hackers put their Bitcoin Gold onto exchanges, traded them for other cryptocurrencies, then withdrew the amount. And because they had control of Bitcoin Gold’s blockchain ledger, they could simply return the original Bitcoin Gold back into their own wallet, essentially stealing money from exchanges.
Taylor is a cryptocurrency trading app, that raised a successful initial coin offering (ICO) in order to get funding. Unfortunately, not long after, hackers managed to gain access to a company device and took control of a password file. The malicious actors stole all of the Ethereum raised in the ICO, valued at $1.5 million. There were concerns that this was just another exit scam, but it appears that Taylor has slowly managed to rebuild.
CoinSecure, an Indian cryptocurrency exchange, lost Bitcoin valuing $3.5 million at the time of the hack. However, it seems like this one was an inside job. The owners of CoinSecure believe their former Chief Security Officer stole the funds. It seems they may have been onto something, as he was later arrested.
Over $170 million was stolen from the Italian exchange Bitgrail, and the details are a little fuzzy. While the owner, Francesco Firani, announced the hack, other Bitgrail employees denied it and said there was nothing wrong. People are skeptical as to whether this was an actual hack, or an attempt at an exit scam.
Coincheck was the leading exchange in Japan, but the hack showed how remarkably unsecure the platform was. The hackers managed to spread a virus through email that allowed them to steal private keys. After that it was remarkably easy, as Coincheck did not use smart contracts or multi-signatures, and all coins were stored in the same wallet. The total value of cryptocurrency stolen is one of the highest ever, valued at $533 million at the time of the hack.
Remarkably, the cryptocurrency exchange is still in business. It began offering full services again in November 2018. Although the hack was believed to have been carried out by North Korean hackers, the malware originated from Russian hacking groups.
NiceHash is a cryptocurrency mining marketplace that allows miners to rent out their hash rate to others. Their payment system was compromised, causing the contents of users Bitcoin wallets to be stolen. The exact amount stolen was never confirmed by NiceHash, but it is strongly believed to be 4,736 worth of Bitcoin, worth about $62 million at the time. This story ends on a happy note though, as NiceHash managed to return 60% of the stolen funds to users.
Youbit (formerly known as Yapizon) was a relatively small South Korean cryptocurrency exchange that had experienced a hack earlier in 2017. This time, hackers made off with 17% of the exchange’s holdings. This marked the end for Youbit, they filed for bankruptcy the same day.
Bithumb makes yet another appearance on this list. At the time of this hack, Bithumb was the fourth largest cryptocurrency exchange by volume worldwide. An unknown hacker managed to gain access to an employee’s personal computer and stole the details of over 30,000 Bithumb users. Not long after, users started to notice their accounts being drained.
Before Yapizon changed their name to Youbit, they experienced their first hack. Malicious actors managed to run off with $5 million worth of Bitcoin and Yapizon did it’s best to mitigate the damages.
This Hong Kong-based cryptocurrency exchange had claimed to be the most secure exchange in the world. Unfortunately, that proved to be very untrue. Hackers made off with a large amount of Bitcoin through Bitfinex’s processing service - BitGo. The price of Bitcoin plunged as a result of the hack.
GateCoin was one of the first regulated cryptocurrency exchanges at the time, and its popularity made it a prime target for malicious actors. Hackers managed to gain access to user wallets and stole cryptocurrencies valued at $2 million. That was the nail in the coffin for GateCoin - the exchange never recovered.
Over the course of a month, the cryptocurrency exchange ShapeShift was hacked three separate times. According to a detailed report by ShapeShift CEO Erik Voorhees, a former employee was responsible for all three hacks. The cryptocurrency pledged to rebuild, and they are one of the few who has managed to do so successfully.
This China-based exchange had it’s cold wallet hacked, leading to a loss of over $1.5 million worth of Bitcoin. Users on Reddit were very suspicious, as it is extremely difficult to hack a cold wallet, and hypothesized that the hack was an inside job.
You’ll see Linode further down on our list, but it was a hosting server for a few cryptocurrency exchanges. It was hacked again in 2014, which this time caused a security breach on the KipCoin server. The hackers managed to gain control of the entire platform by changing passwords internally. A month-long struggle ensued, in which the administrators managed to regain control of the exchange, but the hackers still lurked. At the time of the hack, KipCoin did not tell users what was happening in light of the Bitstamp hack and only later revealed the information.
Bitstamp was the first licensed cryptocurrency exchange in Europe. It was compromised when hackers sent a malicious email to Bitstamp employees, and it only took one employee to follow the link and expose the whole exchange. The attackers made off with Bitcoin valued at $5.1 million at the time.
While this was a relatively small hack, it proved a point when it came to spending money on cybersecurity. Attackers used the LocalBitcoins live chat to distribute malware then made off with a relatively small profit.
It was not a good start to the year for cryptocurrency exchanges in 2015. Chinese exchange 796 had its server compromised, and hackers tampered with withdrawal addresses to trick users. It worked, and major shareholders footed the bill so users didn’t have to lose funds themselves.
MintPal experienced their second hack in October (scroll down to read about the first one in July), but this one had a lot more twists and turns. Not long after the hack in July, MintPal was purchased by a company called Moolah (also known as Moopay Ltd), owned by Ryan Kennedy alias Alex Green.
After a failed relaunch of MintPal, Moolah announced it was closing its doors but users would be able to still use MintPal. However, user accounts were locked and users were able to track funds being removed from wallets and then watch them be sold on another platform. Kennedy was the only one with access to customer funds, and he was currently on the run.
Kennedy was arrested in 2016 for rape changes and is now in jail. He is now also facing charges of fraud from the UK police for his involvement in the MintPal hack.
A trojan virus was inserted into the code of Cryptsy by a hacker going by the name of Lucky7Coin. As a result, Lucky7Coin (and potentially others) walked away with a staggering amount of cryptocurrency. The owner of Cryptsy, Paul Vernon, was accused of destroying evidence and stealing Bitcoin himself and the exchange declared insolvency. Vernon was successfully sued for $8.2 million in a class-action lawsuit.
Before MintPal’s unfortunate takeover by Alex Kennedy, they experienced another hack. The hacker found a weak point in the withdrawal system on the exchange, and managed to authorize a withdrawal from the Vericoin wallet. The sites Bitcoin and Litecoin wallets were also targeted, but nothing was stolen. The hack resulted in the loss of 30% of all Vericoin, which caused the Vericoin development team to decide on a hard fork in order to mitigate the damages.
You might be surprised to see this name again, and attached to what is one of the biggest hacks of all time. The investigation is still ongoing and the situation is far from clear, but it appears that when Mt.Gox was originally hacked in 2011, some private keys were also stolen by malicious actors. The hackers gained access to a large number of Bitcoin and started emptying wallets.
Purportedly due to an error in the Mt.Gox systems, the exchange was interpreting these withdrawals as deposits for nearly two years. It was a huge error, costing users a total of $45 million and marking the end of the cryptocurrency exchange. Mt.Gox filed for bankruptcy within the month, and as a result the price of Bitcoin dropped 36%. The former CEO of Mt.Gox was arrested in 2015 after it was discovered he had $2 million worth of Bitcoin that had allegedly been stolen in the hack.
In November 2017, a Russian national by the name of Alexander Vinnik was arrested by US authorities for playing a key role in laundering the Bitcoin that had been stolen in the hack. The story still isn’t over, but there also doesn’t seem to be a clear resolution in sight.
In the same month, hackers managed to take advantage of an incorrect withdrawal code of this US-based cryptocurrency exchange. While the company did not report exactly how much was stolen, the figure has been explained on the Bitcointalk forum. There is still some speculation as to whether the hack was an inside job or not.
The Czech-based exchange Bitcash lost Bitcoin after a hack on their servers. The attackers gained access to emails and sent out a phishing scam, pretending to be Bitcash to obtain customer information, which they then used to steal funds.
While the hack of Vicurex has never exactly been confirmed (leading some to believe it was an inside job), the cryptocurrency exchange announced it had lost most of its reserve funds to attackers. Vicurex, claiming near bankruptcy, froze all withdrawals, leading several former customers to sue the company for withholding their money.
At the time of the hack, BitFloor was the fourth largest exchange on the US market. Attackers managed to gain access to the servers and found unencrypted backup wallet keys. From there, they simply siphoned out the funds, worth a cumulative $250,000.
Unfortunately for Bitcoinica, they suffered another hack just two months after their initial hack. This led many to suspect that the original security issues from the Linode attack in March had never actually been effectively dealt with. The site was immediately shut down and the exchange was ultimately closed for good.
This one is a little complicated. Linode is a web hosting provider, and they hosted the cryptocurrency exchanges Bitcoinica and Slush. Linode itself was hacked, and the attackers managed to steal significant amounts of Bitcoin from both exchanges.
While at the time this was a relatively modest hack, it was just the beginning of problems for Mt.Gox. In this hack, attackers were able to gain access to a computer belonging to an auditor at the cryptocurrency exchange. The malicious actor changed the price of Bitcoin to $0.01, purchased them at the artificially low price and made off with a small fortune.
In this case, hackers from Russia and Eastern Europe managed to gain access to Bitcoin7’s servers. This also gave them access to the exchange’s main BTC depository and two backup wallets. Bitcoin7 continues to exist with an obviously spammy website (steer clear!).
Cryptocurrencies are relatively safe, but take a look at this list to make sure the cryptocurrency exchange you use isn’t on it! Exchanges are always at risk of attack, especially when they are doing a lot of business. It’s important that cryptocurrency exchanges take security seriously, and put a number of measures in place to prevent security breaches.
Any decent cryptocurrency exchange should outline what security measures they have in place. If they don’t, and fail to adequately justify their reasons for withholding that information, then that’s a red flag you would do well to pay attention to.
Hackers are never going to stop targeting crypto exchanges as long as it remains profitable. While a good cryptocurrency exchange will have multiple security measures in place, users need to do their homework too. Do your due diligence when signing up for an exchange to make sure that you don’t become a victim.
