All Major Crypto Hacks To Date (Updated List)

100 Entries to date. Last updated in Apr 2023.

In this post, I collected data from various sources to compile a comprehensive list of all the hacks that we know of, from the early days of crypto, to most recent times.

Crypto exchanges (both centralized and decentralized) get hacked all the time, which is why I always advise my friends and followers to keep their long term holdings in HD wallets (cold storage) instead of risking their hard-earned money being stolen.

In the first quarter of 2023, hackers accessed over $320 million in the crypto industry through a variety of incidents, according to the quarterly report from blockchain security firm CertiK. This amount is lower than the $1.3 billion lost in the first quarter of 2022, but it is still a substantial sum.

Exchanges are not the only victims of such attacks, in fact, according to the latest report by blockchain research company Chainalysis, 69% of all crypto theft taken place in 2022 came from cross-chain bridge hacks. An estimated $6B, worth of cryptocurrency had been stolen in more than 13 cross-chain bridge attacks, just in 2022.

Last year, more than 40 hacks and breaches were reported and we are witnessing a continuous rise in crypto fraud-related incidents, with the number of offenses growing by 40% every year, according to Markets Insider.

This is why I feel it’s important to highlight the risks we are facing when investing or using cryptocurrencies and I compiled this list for my own reference when I create crypto content and I share this with you here.

This list is updated regularly and new entries are added accordingly.

---

9 April 2023 – Sushi Swap

Decentralized exchange SushiSwap was exploited allowing hackers to steal more than $3.3 million in crypto from wallets that had previously interacted with the platform. Reports indicate that only users who interacted with SushiSwap in the four days prior to the exploit were at risk.

13 March 2023 – Euler Finance

DeFi lending platform Euler Finance lost roughly $197 million on March 13 in a flash loan attack. The incident was recorded as the biggest loss for crypto in Q1, 2023. As CryptoPotato reported, the exploiter stole $8.7 million worth of the decentralized stablecoin DAI, $34 million worth of USD Coin (USDC), $19 million wrapped bitcoin (WBTC), and $136 million worth of staked Ether (ETH). The attacker borrowed the assets through a flash loan and drained them from the protocol.
Days later, it was reported that majority of the funds were returned by the hacker (minus a few million bounty).

18 Feb 2023 – Opensea

NFT marketplace Opensea becomes a victim of an exploit causing the theft of non-fungible tokens worth over $1.7 million from its users. The NFT marketplace has been subject to numerous attacks over the past years. It was later determined that an attacker had successfully phished 17 OpenSea users into signing a malicious contract, which allowed the attacker to take the NFTs and then flip them. Bizarrely, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) from the attacker as well as some of his stolen NFTs back. 
OpenSea users reportedly lost a total of $3.9 billion to fraudulent activities in 2022 alone.

1 Feb 2023 – BonqDAO

Decentralized borrowing protocol BonqDAO suffers $120M loss after oracle hack. This hack allowed the exploiter to manipulate the price of the AllianceBlock token, leading to an estimated $120 million loss, according to Peckshield. During the exploit a Polygon wallet accessed 112 million ALBT tokens, bridging them from the Polygon blockchain to the Ethereum blockchain. The hacker also got 500,000 USDC from dumping bonq euro (BEUR) tokens.

12 October 2022 – Mango Markets

Solana-based crypto exchange Mango Markets was hit with an exploit of over $100 million. The incident saw the hackers manipulate price oracle data, which enabled them to take out under-collateralized cryptocurrency loans. At the same time, the network has suffered several outages that appear to deter investors. The most recent outage was recorded on October 1, lasting at least six hours. Overall, in 2022 alone, the network suffered at least five significant outages all due to attacks on the network, with some running into days. 

6 October 2022 – BNB Smart Chain

While this was not an exchange hack, I include it here as it is of huge magnitude, one of the biggest single hacks to date. BNB Smart Chain was hacked for 2 million BNB, its native cryptocurrency, worth approximately $586 million at the time of the incident. However, the attacker only managed to bridge a fraction of the stolen tokens (around 100 million dollars’ worth) to other chains before validators halted the network, blocking access to the $430 million remaining in the hacker’s BNB chain address. The chain was promptly re-activated, but the incident sparked many complains about centralization of the blockchain network.

20 September 2022 – Wintermute

Market-maker Wintermute has lost $160 million in a hack relating to its decentralized finance (DeFi) operation. the company’s CEO confirmed the attack in this tweet.

9 August 2022 – Curve.Finance

DeFi protocol Curve Finance gets hacked and approx $570,000 in ETH is stolen. 3 days later, Binance freezes wallets associated with the hack and recovers almost 80% of the funds.

1 August 2022 – Nomad Bridge

The cross-chain token bridge Nomad suffered a hack amounting to nearly $200 million (USD). Nomad, like other cross-chain bridges, allows users to send and receive tokens between different blockchains. The company acknowledged the incident in a tweet.

24 June 2022 – Harmony Bridge

The Horizon Bridge to the Harmony layer-1 blockchain was exploited for $100 million in altcoins which were swapped for Ether. Eleven transactions were made from the bridge for various tokens and then sent to different wallets for swaps into ETH on Uniswap. In January 2023, the FBI released a report, revealing that Lazarus Group, the North Korean state hacking group, was behind this operation and 11 addresses were identified. The criminal organization laundered more than $60 million worth of Ethereum (ETH) on January 13, 2023 via RAILGUN – a privacy protocol.

8 June 2022 – Osmosis DEX

Osmosis, a decentralized exchange built on Cosmos, was hacked for roughly $5 million, forcing developers to halt the network.

28 May 2022 – Mirror Protocol

Mirror Protocol, a decentralized finance platform on the Terra network – had more than $2 million drained from it due to an issue affecting how its price-setting software reacted to the historic Luna cryptocurrency crash and the rushed decision to create a new version of it. This was not a hack per se, but an exploit of a bug in the system that allowed attackers to take out more than $1 million in loans with just $1,000 in collateral. 

30 April 2022 – Saddle Finance Exchange

Saddle Finance, a decentralized exchange for trading stablecoins, was hacked in a DeFi exploit. Saddle Finance confirmed the incident, saying its team was investigating a “possible exploit.” BlockSec was able to rescue $3.8 million from the exploiters with an “internal system” that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. Still, the hacker made off with more than $10 million in ETH from Saddle’s liquidity pools. Saddle Finance said it was in the process of recovering the $3.8 million from BlockSec.

28 April 2022 – Fei & Rari

Decentralized finance (DeFi) platforms Rari Capital and Fei Protocol suffered more than $80 million loss due to a hack. The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol and according to a tweet from Blockchain security firm PeckShield, the same vulnerability has been used to attack other forks of the Compund DeFi protocol.

17 April 2022 – Beanstalk Protocol

Ethereum DeFi protocol Beanstalk was hacked for $182 Million in Ethereum, BEAN stablecoin, and other assets. The hacker used a flash loan, which allows people to borrow an asset to make a quick trade and then repay the asset—all in just one complex transaction that involves multiple protocols.

23 March 2022 – Cashio

Cashio, a stablecoin protocol on Solana, suffered an “infinite mint glitch” exploit in March. Hackers siphoned $48 million from the protocol, prompting a collapse of Cashio’s CASH stablecoin.

23 March 2022 – Ronin Network

This was at the time, the second biggest crypto hack ever: $600 Million in ETH was stolen from NFT gaming blockchain Ronin Network – an Ethereum-linked blockchain platform for non-fungible token-based video game Axie Infinity. The incident greatly affected many users of the platform and tanked the AXS token in the aftermath of this exploit.
According to Ronin, 173,600 Ether tokens and 25.5 million USD coins.

2 February 2022 – Wormhole

Wormhole Portal, a bridge between Solana (SOL) and other blockchains, was exploited for approximately 120k wrapped ETH. The total value of the stolen crypto assets stands at around $320 million at the time.

28 January 2022 – Qubit Finance

The DeFi protocol revealed in a tweet, that it had been exploited by an attacker who stole 206,809 BNB from its QBridge protocol. In total, the tokens were valued at $80 million.

17 January 2022 – Crypto.com

More than $30 million was stolen by hackers from wallet and exchange app Crypto.com. The company said that 4,836 ETH and 443 BTC were taken. According to the report released by the company, 483 users had their accounts compromised.

18 December 2021 – Grim Finance

DeFi protocol Grim Finance lost $30 million in 5x re-entrancy hack.. This security flaw in the Grim Finance protocol allowed the attacker to fake five additional deposits.

13 December 2021 – Vulcan Forged

A cyberattack on The NFT marketplace Vulcan Forged saw 96 wallets compromised and a loss of $140 million was reported.

12 December 2021 – AscendEX

Crypto exchange AscendEX — formerly known as BitMax — has been hacked for an estimated $77.7 million. That’s according to the exchange, which acknowledged the hack, and security researchers PeckShield who have estimated its losses. Coins and tokens stolen include USDT, USDC, TARA, SHIB, AAVE, COMP.

5 December 2021 – Bitmart

Reportedly, close to $200 million worth of crypto was stolen in this hack according to security firm Peckshield. Bitmart promised to use its own money to reimburse users and claims the hack is worth $150 million.

2 December 2021 – BadgerDao

$120 million was stolen from the BadgerDAO decentralized finance protocol by a hacker targeting the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107 .
One user’s account suffered a $90 million loss and later it was confirmed that the account belongs to crypto lending platform Celsius.

November 2021 – bZx

On November 5, the defi protocol bZx was hacked when its private key was compromised, allowing the attacker to steal $55 million. Both chains used by bZx : BSC and Polygon, were affected by the hack.

September 2021 – Compound

Compound Finance, an Ethereum-based lending and borrowing protocol, had an exploit and the protocol erroneously paid out vast sums in its native cryptocurrency COMP to some users who provided only miniscule levels of collateral in ETH, USDC, and DAI. An error in the protocol’s smart contract was suspected as the cause of the malfunction. It is rumoured that the total of funds amounted to $147 million. Other glitches were also reported around the same time. A faulty Compound Finance contract intended to disburse liquidity mining rewards over time was topped off with $66 million in tokens and the same bug drained $80 million in tokens throughout the month of September. 

September 2021 – pNetwork

The Defi protocol, pNetwork alerted the community of a 277 Bitcoin (BTC) hack, which amounts to 12.67 million in USD. The network revealed that the attacker installed a bug on the Binance Blockchain codebase of pNetwork. However, the protocol confirmed safety for other funds as no more bridges had to bear the burn of the attack.

September 2021 – Vee Finance

Just a week after lending platform Vee Finance celebrated a milestone of $300 million in total value of assets locked, it suffered an exploit that remains one of the largest on the Avalanche network. A total of approx. $35 million was lost.

August 2021 – Cream Finance

On August 30, 2021, decentralized lending protocol CREAM Finance was the victim of a flash loan hack.  The attackers stole 2804.96 ETH and 462,079,976 AMP tokens from the protocol’s vaults to a total of approx. $147 million.

August 2021 – Liquid Exchange (Japan)

On August 18th 2021, Japanese exchange Liquid reportedly suspended asset deposits and withdrawals as its hot wallets have been hacked in a security breach. Affected coins in this hack were Bitcoin, Ethereum, Tron and XRP to the total amount of approximately $97 million (according to Elliptic’s analysis)

August 2021 – Poly Network

Reportedly, over $600 million was stolen on August 10, 2021 by a ‘white hat’ hacker making this the biggest single crypto hack to date. Ethereum, Binance Smart Chain and Polygon tokens were stolen but the claim is that this hack was only committed in order to highlight the vulnerabilities of the Poly Network platform and most of the funds were later returned. Around $200 million is still outstanding and Poly Network reportedly promised the hacker a $500,000 bounty for the restoration of user funds, and even invited them to become its “chief security advisor.” In the end, all funds were recovered eventually.

May 2021 – Belt Finance

Belt Finance, a DeFi project based on the BNB Smart Chain (BSC) fell victim to a flash loan attack that netted the attacker about $6.3 million in cryptocurrency.

May 2021 – PancakeBunny

PancakeBunny, a yield management platform operating on BSC and Polygon, became a victim of a flash loan attack that resulted in $45 million of value lost according to sources.

April-May 2021 – Coinbase

As reported by Reuters in October 2021, this hack took place between March and May 20th 2021. At least 6000 customers have been victims of unauthorized third parties exploiting a flaw in the company’s SMS account recovery process to gain access to multiple accounts, and transfer funds to crypto wallets not associated with Coinbase. The amounts are undisclosed.

April 2021 – Uranium Finance

Uranium Finance is a decentralized exchange (DEX) on Binance Smart Chain (BSC). In late April 2021, the platform suffered a loss of $50 million during its token migration process. Mostly BNB and BUSD tokens were targeted, but also USDT, BTC, ETH, DOT, ADA, and U92, Uranium’s native crypto.

April 2021 – EasyFi

On April 19 EasyFi, a DeFi Polygon Network-powered protocol, was the victim of a hack. The attacker was able to extract 2.98 million EASY tokens and $6 million in USD, DAI, and USDT for a total value of about $81 million.

April 2021 – Thodex 

The largest Turkish crypto exchange vanished after reports about suspicious transactions. Allegedly, the founder took off with $2 billion USD of customers money and fled to Albania.

March 2021 – Meerkat Finance

Binance Smart Chain-based lending protocol Meerkat Finance lost $31 million in user funds just a day after it launched in March 2021.

March 2021 – Paid Network

On March 5, 2021, the PAID Network smart contract was compromised.  By exploiting flaws in how the smart contract was secured and managed, the attacker was able to extract approximately $100 million worth of $PAID tokens, and converted about $3 million of it to Ether before being blocked by the PAID Network team.

February 2021 – Cryptopia

Even as it is being liquidated following a previous breach that stole NZ$24 million (approx. US$15.5 million), this exchange gets hacked again.
According to a Stuff report Thursday, a creditor, U.S. firm Stakenet, has been told that about NZ$62,000 (US$45,000) in the XSN cryptocurrency had been transferred out of its cold wallet on Feb. 1.

December 2020 – Livecoin

This exchange is now shut down, after this hack it never recovered and court proceedings are in place to supposedly recover some of the users funds but so far not much has come out of this.

November 2020 – Liquid Exchange

Although not a hack of funds, this was a data breach, so I am still adding it to this list.
In an official statement about this hack, the CEO shared the following:

“On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage…
We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised.”

September 2020 – Kucoin Exchange

The total amount originally was amounting to $280 million in various coins but with the help of the developers of some of these projects and combined efforts of other exchanges, almost than half of this sum was recovered (around $130 million) and Kucoin did not suffer major disruptions to its trading activity. One of the least detrimental hacks to the customers and as long as I know, users were reimbursed.

September 2020 – Eterbase Hack

The total amount lost due to this hack was reportedly around $5.4 million worth in crypto.

July 2020 – Cashaa

Cashaa shared that it lost 336 bitcoin to hackers. The attacker may have implanted malware into one of the exchange’s computers. As an employee accessed the affected machine to make two transfers, the attack was launched.

June 2020 – Balancer

An attacker stole over $500,000 in Ether, Wrapped Bitcoin, Chainlink, and Synthetix tokens.

Balancer CTO Mike McDonald explains that the attacker had borrowed $23 million in WETH tokens in a flash loan from dYdX. They then traded against themselves with Statera (STA), a token that uses a transfer fee model and burns 1% when traded. The attacker repeated this back and forth 24 times, draining the STA liquidity pool. Because Balancer thought it had the amount of STA remained unchanged, it released WETH in the amount of the original balance, giving the attacker a larger margin for every trade.

The attacker repeated this attack with WBTC, LINK and SNX, all against Statera tokens.

May 2020 – Coincheck

In an official statement, the Tokyo-based organization shared that attackers hijacked one of Coincheck’s domains to carry out spear-phishing attacks on customers.

Coincheck stated that certain personal information like names, registered addresses, birth dates, phone numbers, and ID Selfies was exposed in the incident. Digital assets, however, were not affected.

In 2018, Coincheck lost $500 million in NEM coins after hackers compromised the exchange platform.

April 2020 – Uniswap

Hacker(s) deployed two reentrancy attacks, made possible by a known vulnerability found in the ERC777-token of Uniswap Exchange, to steal $300,000 and $1.1 million in imBTC tokens. Tokenlon, the company behind the imBTC token that runs on the Uniswap platform, provides a timeline of the events:

“8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack. For technical details please refer to Open Zeppelin’s explanation here. 12:12 on April 18th. The Tokenlon team observed the anomaly, defined the incident as a P0-level security issue and established an emergency response team. 12:49 on April 18th. After evaluating the situation, Tokenlon suspended the transfer of imBTC and notified imBTC partners including Lendf.Me to evaluate potential security risks. 17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to do so. 09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack, similar to the one happened to Uniswap, resulting in a large number of abnormal borrowing on the platform. 10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack, Tokenlon suspended the transfer of imBTC.”

February 2020 – Altsbit

According to Altsbit, hackers were responsible for the theft of a large number of coins. The exchange cannot compensate losses but intends to return untouched amounts as some percentage to users.

Verified losses include:

BTC Lost 6.929 coins out of 14.782 – 7.853 will be returned to users. 53.10% (Refunded)

ETH Lost 23.21 out of 32.262 – 9.052 will be returned to users. 28.06% (Refunded)

ARRR Lost 3924082 out of 9619754 – 5695672 will be returned to users 59.20% (Refunded)

VRSC Lost 414154 out of 852726 – 438572 will be returned to users 51.24% (Refunded)

KMD Lost 1066 out of 48015 – 46949 will be returned to users. 97.77% (Refunded)

November 2019 – Upbit

On November 27, 2019, hackers made off with 342,000 ETH (nearly $50 million at the time of the hack). Upbit promised users that it would cover the losses.

November 2019 – VinDAX

Viet Nam-based VinDAX lost half a million U.S. dollars’ worth of funds in various cryptocurrencies.

July 2019 – Bitpoint

On July 12, BITPoint revealed the loss of 3.5 billion yen, 2.5 billion of which belonged to customers. In a followup, the company found that actual losses from the breach came to around 3.02 billion yen (US$28 million) – roughly $500 million less than originally thought. The company told reporters that the 50,000 customers affected will receive refunds on a 1:1 basis.

June 2019 – Bitrue

In a series of tweets, Bitrue announced the loss of 9.3 million XRP and 2.5 million ADA (~$4M at the time of the hack). For the 90 users affected, Bitrue has promised to repay them in full.

June 2019 – GateHub

Early June, GateHub admitted to a hack that may have resulted in the loss of an estimated $10 million in Ripple.

May 2019 – Binance

In a statement, Binance shared that hackers used a variety of techniques, including phishing, viruses and other attacks to withdraw 7000 BTC in a single transaction. Binance announced it would use the #SAFU fund to cover the incident in full.

March 2019 – Bithumb

Reportedly around 3 million EOS and 20 million XRP were stolen in this heist.
In an official statement, Bithumb shared that the stolen funds were owned by the exchange.

March 2019 – DragonEx

Hackers made off with nearly $7 million worth of cryptocurrency. DragonEx has shared that it intends to repay those who were directly affected.

March 2019 – CoinBene

Following a maintenance announcement and signs of assets moving to new addresses, suspicions that CoinBene fell victim to hackers rose among the public. While it’s believed that over $100 million worth of cryptocurrency was stolen, CoinBene denies a hack occurred.

February 2019 – Coinmama

Coinmama shared publicly that 450,000 email addresses and hashed passwords were leaked. The breach was part of a global attack that affected 30 companies and a total of 841 million user records.

January 2019 – Cryptopia

Cryptopia experienced two back-to-back hacks within a single month. The exchange estimated the losses totaled at most 9.4% of total holdings.

December 2018 – QuadrigaCX

While technically not a hack, QuadrigaCX’s sensational story is simply too controversial to ignore. The largest bitcoin exchange in Canada lost $190 million in crypto following the death of its founder and CEO Gerald Cotten, the sole controller of the exchange’s cold storage wallets.

October 2018 – MapleChange

Following a hack that lost the exchange nearly $6 million, MapleChange announced it could not refund customers and was closing its doors.

September 2018 – Zaif

According to Zaif’s investigation, $60 million in Bitcoin, Bitcoin Cash, and MonaCoin was stolen from the exchange.

July 2018 – Bancor

According to Bancor, “A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH. (~$1.25M). The same wallet also stole ~$1M in other alts and 3,200,000 BNT (~$10M)”
Bancor was able to freeze its tokens to mitigate some of the damage. The exchange claimed that no user wallets were compromised.

June 2018 – Bithumb

Roughly $31 million in cryptocurrency was stolen by hackers from the South Korea-based exchange with XRP being the main target.

June 2018 – Coinrail

Hackers allegedly stole over $40 million worth of altcoins and assorted tokens. Coinrail shared:

“Seventy percent of total coin and token reserves have been confirmed to be safely stored and moved to a cold wallet [not connected to the internet]. Two-thirds of stolen cryptocurrencies were withdrawn or frozen in partnership with related exchanges and coin companies. For the rest, we are looking at it with an investigative agency, related exchanges and coin developers.”

April 2018 – CoinSecure

Indian bitcoin exchange Coinsecure lost 438.318 BTC, allegedly due to the actions of its former Chief Security Officer.

February 2018 – Bitgrail

Hackers made off with roughly 17 million units of Nano (XRB), the coin formerly known as RaiBlocks amounting to about $195 million (USD).
In 2019, Owner and Founder Francesco Firano was sentenced to return as much of the assets to customers as possible.

January 2018 – Coincheck

Hackers stole nearly $530 million in NEM coins from Coincheck, then the leading exchange in Japan. One of Coincheck’s major security lapses, it admits, is that the exchange kept customer assets in a hot wallet.

December 2017 – EtherDelta

Hackers hijacked EtherDelta’s DNS server and diverted traffic to a malicious duplicate of the site. The scam netted the hackers 308 ETH and a number of ERC20 tokens.

December 2017 – Youbit

Following a hack that cost 17% of the exchange’s holdings, Youbit announced it was closing down.

September 2017 – Coinis

$2,190,000 was stolen in this hack. South Korea’s spy agency alleges that North Korea is behind this and other hacking attacks on this crypto-currency exchange in the South.

June 2017 – Bithumb

The personal details of 30,000 people were stolen, leading to the subsequent theft of their funds. While the company did not disclose the total amount it would reimburse customers, the losses are estimated to be over $1 million.

April 2017 – Yapizon

Before becoming Youbit, Yapizon was hacked for the first time, losing 3,831 BTC in the process. Yapizon shared that it would dock remaining customer balances by the same amount to spread the burden of the losses.

October 2016 – Bitcurex

Hackers were able to perform an automated data collection on the site, resulting in the loss of over 2300 BTC.

This is not the first time Bitcurex was targeted. In 2014, the exchange temporarily shut down its site following a hack that targeted its users’ funds. An official amount was not disclosed.

August 2016 – Bitfinex

The exchange lost nearly 120,000 Bitcoin in the breach. To compensate users, Bitfinex generalized the losses across all accounts and credited customers with BFX tokens at a ratio of 1 BFX to every dollar stolen.

In 2019, Bitfinex shared that 27.66270285 BTC, 0.023 percent of the total taken in the attack, had been recovered by US law enforcement efforts. As promised, the returned funds were converted to US dollars and paid to holders of its RRT token.

In 2021 two individuals were captured and charged in relation to this hack. US officials seized $3.6 billion in relation to this hack – their biggest seizure of cryptocurrencies ever. However, it remains unclear how these funds will be shared with customers who were forced to share the losses and were only compensated via the RRT token and to the amounts of their fiat value, rather than the crypto they initially lost.

May 2016 – GateCoin

In a breach that took place between the night of May 9, 2016 (HKT) and the evening May 12, 2016, Gatecoin lost 250 BTC and 185,000 ETH, 15% of its crypto asset deposits.

April 2016 – ShapeShift

Over the three incidents that spanned the course of a month, ShapeShift lost as much as $230,000 in what it believed was an inside job.

February 2015 – KipCoin

KipCoin claims to have lost over 3000 BTC in the hack. The announcement also shared that the hacker had gained access to Kipcoin’s server and downloaded the wallet.dat file months before the attack. The hacker laid low and did nothing with the funds before beginning to move them in December 2014.

February 2015 – BTER

According to BTER, 7,170 BTC were stolen from a cold storage wallet. BTER shared that they were working with law enforcement to resolve this matter, and outlined a plan to pay back users after inking a deal with security firm Jua.com.

January 2015 – LocalBitcoins

LocalBitcoins Vice President Nikolaus Kangas acknowledged a hack and loss of 17 BTC in a forum post. Kangas shared that the attacker used LiveChat to spread undetected malware to access the various accounts of victims.

January 2015 – Bitstamp

Hackers stole just under 19,000 BTC from the Slovenia-based company. The hack followed repeated phishing attempts aimed at Bitstamp employees.

January 2015 – 796

Hackers targeted a server vulnerability 796 and attacked during a transaction, stealing 1,000 BTC in the process. The exchange’s major shareholders covered the loss with unpaid dividends.

October 2014 – MintPal “2.0”

Following an earlier breach, MintPal was purchased by Moolah. After a failed relaunch of MintPal, Moolah announced it was shutting down but MintPal would remain in operation following an offline period to address infrastructure security. However, 3,700 BTC soon went missing along with Moolah’s CEO.

July 2014 – MintPal

Using a vulnerability in the exchange’s withdrawal system, the hacker was able to withdraw 8 million VRC from the Vericoin wallet. At the time, this amounted to around $1,933,000 in USD value.

July 2014 – Cryptsy

In July 2014, Cryptsy was the target of a hack that cost the exchange approximately 13,000 BTC and 300,000 LTC. Three years later, US District Judge Kenneth Marra ordered Paul Vernon, the former CEO of Cryptsy, to pay $8.2M in damages to customers.

March 2014 – Poloniex

According to Poloniex owner Tristan D’Agosta, 97 BTC were taken in the following method:

“The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.”

The company has since reimbursed its customers.

March 2014 – CryptoRush

Following the loss of up to 950 BTC and 2500 LTC, the exchange issued a “Debt Management Plan” which outlined plans and potential refunds for victims.

February 2014 – Mt.Gox

The victim of a massive and prolonged hack, Mt. Gox lost about 740,000 BTC. An additional $27M was also missing from the company’s bank accounts. 200,000 bitcoins have since been recovered.

Investigations revealed that the hack may have begun as early as September 2011. Prior to September 2011, Mt. Gox’s unencrypted private key appears to have been copied. The hacker(s) used the file to access and gradually steal funds associated with Mt. Gox’s private keys without detection. The shared keypool led to address re-use, with the Mt. Gox systems misinterpreting the transfers as deposits being moved. Whenever the wallets emptied, Mt Gox credited an additional 40,000 bitcoins to multiple user accounts.

November 2013 – Picostocks

Despite the loss of 5,875 BTC, Picostocks could not find signs of an intrusion.

November 2017 – BIPS

Hackers launched two DDoS attacks to overload BIPS servers and gain access to several online wallets, allowing them to steal 1,295 BTC.

November 2013 – BitCash

About $100,000 were stolen from 4,000 wallets. According to BitCash, their server was hacked and disabled. The hackers then used bitcash.cz email addresses to phish BitCash users.

October 2013 – Inputs

Inputs.io was compromised on October 23 and then again on October 26, with hackers making off 4,100 bitcoin total. The loss was a result of a social engineering attack that compromised a chain of email accounts. Eventually, the attacker gained access to reset the password for the Linode server.

January 2013 – Vicurex

Vicurex has not confirmed the amount lost in two hacks but reported that it was near insolvency in 2014. As a result of the hacks and subsequent fund withdrawals by spooked users, Vicurex froze withdrawals and declared mitigation plans. Several customers filed a lawsuit against the company for withholding their funds.

December 2012 – Bitmarket

BitMarket.eu was hacked several times with the most infamous incident taking place in 2012. Bitmarket developer Maciej Trębacz announced the exchange had lost 18,787 BTC as a result of his using Bitcoinica to set up a Bitcoin hedge fund. Unfortunately, Bitcoinica had also gotten hacked (see below), losing all of BitMarket’s funds along the way.

Three months following the announcement, Trębacz notified users that Yevgeniy Nikulin, a Russian national who was arrested for hacking Dropbox, Formspring, and LinkedIn, had stolen 620 BTC from the exchange by using an SQL injection to gain access to BitMarket’s servers.

September 2012 – BitFloor

Following an attack that lost the exchange over $250,000 in cryptofunds, BitFloor Founder Roman Shtylman shared that hackers targeted the exchange’s servers. Although BitFloor encrypted the wallet keys needed to conduct transactions, it also kept an unencrypted backup. The attacker(s) likely gained access to this backup.

March 2012 – Bitcoinica

Three separate incidents led to Bitcoinica’s downfall. On March 1, Linode, a web hosting provider whose clients included Bitcoinica, was hacked. The unknown intruder successfully stole 43,000 BTC from Bitcoinica.

On May 11, attackers used a compromised email account to lift 18,500 BTC from Bitcoinica’s hot wallet.

On July 13, another attacker gained access to a LastPass account containing passwords needed to access the MtGox account. The LastPass account used the same password as the MtGox API key used by the Bitcoinica server when Bitcoinica was still live. The attacker withdrew 40,000 BTC and 40,000 USD.

October 2011 – Bitcoin7

The company reported a theft of 5,000 BTC and shared that attacks originating from Russia and Eastern Europe targeted Bitcoin7’s server, compromising wallets and user data.

June 2011 – Mt.Gox

A hacker accessed credentials from a Mr. Gox auditor’s breached computer to send a large number of bitcoins to himself, causing the price of Bitcoin to fall below one cent. The hacker then created a massive ask order for any price and made a small fortune as the prices corrected in minutes.

---

Related Posts: