Biggest Crypto Hacks that Shock the Whole Industry

From the famous Bitgrail hack to the more recent Poly Network attack, here are some of the greatest tragedies in crypto history.

Investors from all around the world are swarming over Bitcoin in recent years, which fuels the launches of other cryptocurrencies and a wave of startups built on blockchain technology. Cryptocurrencies like Bitcoin, Ethereum, and Dogecoin are becoming more mainstream these days, allowing their holders to buy and sell goods with it or trade them for profit from the price movements. However, despite all the fuss and euphoria, many investors are still quite unsure about the safety of the currency itself.

Over the years, there have been some vital ups and downs as well as some critical questions from many people worldwide. One of the mainly asked questions is whether crypto can be stolen, scammed, or hacked. Unfortunately, the answer is yes, it's very possible. Just like cash or fiat currency, digital coins can also be potentially stolen, so naturally, every crypto holder must take several precautions to keep their money safe.

The fact that cryptocurrencies are not heavily regulated makes users even more vulnerable to attacks, so there is no guarantee that you will be entirely protected unless you add extra protections yourself and store your funds in a highly secured place.

According to the analysis of Crypto Head, in the last ten years, a total of $19.2 billion has been stolen through breaches and fraudulent activities, with at least $2.99 billion is lost in 2021 alone. Bitcoin is the most targeted digital currency, accounting for 33.3% of the whole hacking cases. Ethereum is the next most targeted coin, contributing to 12.8% of the cases in the last decade.

The majority of the cases can't only be defined by the location, but for those who can, most of them happened in the United States, followed by the UK and South Korea. While there are various forms of attacks, breaches of crypto wallets and exchanges are perhaps the most common type, with 126 cases in the last decade.

Today, we'll take a look at the history of the largest crypto hacks of all time and see if there's any improvement especially when it comes to security measures and government regulations.

1. Bithumb

• Date of attack: 19 June 2018
• Value of assets lost: $31 million

On 19 June 2018, South Korea's largest crypto exchange, Bithumb, was hacked. More than 30 billion won (around $30 million) worth of cryptocurrencies was stolen. At that time, Bithumb was ranked as the sixth-largest exchange by trade volumes globally. But since the incident, it dropped rather drastically to 10th place. It is worth noting that Bithumb was hacked once before in July 2017. The personal data of at least 30,000 was stolen due to the employee's computer becoming compromised, while some other users reported losses as well.

According to Cointelegraph Japan, the 2018 attack was targeted at Bithumb's hot wallet, which is typically less secure than a cold wallet. Once Bithumb realized that their system was being hacked, it halted all deposit and withdrawal processes. The exchange then announced a few days later in an official announcement that they were going to repay any lost coins and promised that there would be "no damage" on the customers' wallets, emphasizing the strict separation of customer and company assets. They also stated that their wallet system was undergoing "a total change" in order to prevent further attacks.

2. Coinrail

• Date of attack: 10 June 2018
• Value of assets lost: $37.2 million

Just days before Bithumb, another South Korean crypto exchange, Coinrail, was attacked. The hackers took around $37.2 million worth of virtual currency and ICO-issued tokens, including Pundi X and Aston coins. According to CoinMarketCap, Coinrail is considered as one of the smaller exchanges, barely making it inside the world's top 90 based on trading volume at that time. But even so, Coinrail's hack proved that even smaller exchanges have that much value of assets.

Based on a wallet address that has been identified as belonging to the alleged hacker, the exchange lost around $19.5 million worth of NPXS tokens issued by Pundi X's ICO, $13.8 million from Aston X, $5.8 million in Dent tokens, and over $1.1 million Tron, along with the smaller amount of five other tokens from Coinrail.

As a result of the hack, the exchange was shut down for a while in order to review its security system and repair the damage caused by the breach. Coinrail stated that it had securely moved the remaining 70% of its assets to cold storage and was able to freeze all Artex Coin, Pundi X, and NPER. Due to the ongoing investigation, users are still currently unable to access their accounts and other information on the website.

3. Bitgrail

• Date of attack: 8 February 2018
• Value of assets lost: $195 million

An Italian exchange, Bitgrail, was hacked in early February 2018, with around $195 million worth of Nano tokens was stolen. Around 230,000 account holders at Bitgrail were affected in the attack, which is probably the shadiest one on the list. For some time, the one responsible for the attack has yet to be determined. The blame was being shifted between Bitgrail's own founder, Francesco Firano, and the Nano development team.

Both Bitgrail and the Nano team have made several allegations against each other at that time. After all the commotion surrounding the issue, Bitgrail finally stated its intention to pay back clients by creating a token called Bitgrail Shares (BGS). The customers affected by the attack were refunded 20% of their lost amount in XRB, while the remaining 80% was supposed to be covered by the BGS. Nonetheless, Bitgrail once again argued that they wouldn't take responsibility for the hack and continued to point their fingers at Nano and its alleged protocol issues.

However, as the investigation proceeded, the Italian police uncovered evidence of the involvement of the Bitgrail's owner "FF" in the attack. It's still unclear whether he participated actively in the attack or just simply failed to increase security measures after discovering it. Nevertheless, the authorities did charge the accused man with computer fraud, fraudulent bankruptcy, and money laundering. Later, the Italian court ordered Bitgrail to refund as much of the stolen assets as possible.

4. Coincheck

• Date of attack: 26 January 2018
• Value of assets lost: $523 million

The Coincheck hack was considered the largest attack in the industry's history at that time. On 26 January 2018, the Japan-based exchange posted on their blog saying that they were restricting NEM deposits and withdrawals, along with other methods for buying and selling crypto on the platform. Sometime later, Coincheck formally held a conference and confirmed that hackers had breached their system and took around $500 million NEM tokens that were then distributed to 19 different addresses on the network.

When asked about the cause of the theft, Coincheck admitted that they stored all of NEM tokens in a single hot wallet instead of a cold wallet and did not use the NEM multisig contract security suggested by the developers. Apart from that, the fact that Coincheck was not officially registered under FSA Japan also surfaced following the incident. During the press conference, the Coincheck representatives expressed deep remorse for the unfortunate event and promised to register with the FSA. The next day, the exchange announced that they would refund all the 260,000 users affected by the hack.

Surprisingly, Coincheck managed to survive the incident and continues to operate to this day. In April 2018, Monex Group acquired Coincheck and decided to re-launch the company.

5. Poly Network

• Date of attack: 10 August 2021
• Value of assets lost: $610 million

As for the time being, the largest and most recently confirmed crypto hack in history is the hack of Poly Network, a cross-chain interoperability protocol for cryptocurrency. The cross-chain transactions in Poly Network basically allow users to send assets among different blockchains without having to convert them via an exchange. Unfortunately, the system was hacked in August 2021, with a total of over $610 million stolen by hackers.

The good news is that the Poly Network team has successfully reached out to the hackers and established communication soon after the attack. It resulted in the recovery of the whole $610 million of assets that have been previously stolen.

Be Careful in Using Exchanges' Wallets

From the cases above, we can conclude that most attacks happened to exchanges' hot wallets. It's common for traders to store their coins in crypto wallets and trade them in crypto exchanges. However, there are undeniable risks incorporated with these two components. While developers are constantly improving the security of their service, at the same time, there are also hackers trying to get their hands of the wallets and steal their contents.

If we think about it, exchanges are indeed attractive to hackers as they have millions of dollars worth of cryptocurrency in their system. At some point, it can even be more profitable for hackers to steal from a crypto exchange than a bank vault. All they have to do is arrange a plan to outsmart the security measures of the exchange. As a result, exchanges are always prone to cyber-attacks no matter how big or small they are.

Unfortunately, sometimes you just can't help but use one. In that case, it's better to choose a proven, reputable service, rather than an unknown, insecure, or simply unreliable platform. Usually, a good platform would give you a number of tools to secure your account, the most common one being the two-factor identification in the transaction process. Exchanges may also offer other security tools such as multi signatures, email encryption, phishing protection, cold storage, and more.

Regardless of all the security measures offered by crypto exchanges, it's still unwise to trust them unconditionally. As shown in history, no platform is completely hackproof so unexpected issues may occur. Thus, it's better to protect your holdings by using a private digital wallet to store your coins. Even if you still have to use a crypto wallet and exchanges, try not to hold all of your assets in the exchange for too long.