From the famous Bitgrail hack to the more recent Poly Network attack, here are some of the greatest tragedies in crypto history.

Crypto Hacks

According to the analysis of Crypto Head, in the last ten years, a total of $19.2 billion has been stolen through breaches and fraudulent activities, with at least $2.99 billion is lost in 2021 alone.

Bitcoin is the most targeted digital currency, accounting for 33.3% of the whole hacking cases. Ethereum is the next most targeted coin, contributing to 12.8% of the cases in the last decade.

Today, we'll take a look at the history of the largest crypto hacks of all time and see if there's any improvement especially when it comes to security measures and government regulations.

Here are the lists of the biggest crypto hacks that ever happened:

  • Bithumb
    More than 30 billion won lost
  • Coinrail
    Lost around $37.2 million worth of virtual currency and ICO-issued tokens
  • Bitgrail
    Approximately $195 million worth of Nano tokens was stolen
  • Coincheck
    Lost more than $500 million
  • Poly Network
    Lost more than $610 million and was considered the most recent and biggest loss in the industry's history

Read the article below for more explanation.


1. Bithumb

  • Date of attack: 19 June 2018
  • Value of assets lost: $31 million

On 19 June 2018, South Korea's largest crypto exchange, Bithumb, was hacked. More than 30 billion won (around $30 million) worth of cryptocurrencies was stolen. At that time, Bithumb was ranked as the sixth-largest exchange by trade volumes globally.

But since the incident, it dropped rather drastically to 10th place. It is worth noting that Bithumb was hacked once before in July 2017. The personal data of at least 30,000 was stolen due to the employee's computer becoming compromised, while some other users reported losses as well.

According to Cointelegraph Japan, the 2018 attack was targeted at Bithumb's hot wallet, which is typically less secure than a cold wallet. Once Bithumb realized that their system was being hacked, it halted all deposit and withdrawal processes.

The exchange then announced a few days later in an official announcement that they were going to repay any lost coins and promised that there would be "no damage" on the customers' wallets, emphasizing the strict separation of customer and company assets. They also stated that their wallet system was undergoing "a total change" in order to prevent further attacks.


2. Coinrail

  • Date of attack: 10 June 2018
  • Value of assets lost: $37.2 million

Just days before Bithumb, another South Korean crypto exchange, Coinrail, was attacked. The hackers took around $37.2 million worth of virtual currency and ICO-issued tokens, including Pundi X and Aston coins.

According to CoinMarketCap, Coinrail is considered as one of the smaller exchanges, barely making it inside the world's top 90 based on trading volume at that time. But even so, Coinrail's hack proved that even smaller exchanges have that much value of assets.

Based on a wallet address that has been identified as belonging to the alleged hacker, the exchange lost around $19.5 million worth of NPXS tokens issued by Pundi X's ICO, $13.8 million from Aston X, $5.8 million in Dent tokens, and over $1.1 million Tron, along with the smaller amount of five other tokens from Coinrail.

As a result of the hack, the exchange was shut down for a while in order to review its security system and repair the damage caused by the breach. Coinrail stated that it had securely moved the remaining 70% of its assets to cold storage and was able to freeze all Artex Coin, Pundi X, and NPER.

Due to the ongoing investigation, users are still currently unable to access their accounts and other information on the website.


3. Bitgrail

  • Date of attack: 8 February 2018
  • Value of assets lost: $195 million

An Italian exchange, Bitgrail, was hacked in early February 2018, with around $195 million worth of Nano tokens was stolen. Around 230,000 account holders at Bitgrail were affected in the attack, which is probably the shadiest one on the list.

For some time, the one responsible for the attack has yet to be determined. The blame was being shifted between Bitgrail's own founder, Francesco Firano, and the Nano development team.

Both Bitgrail and the Nano team have made several allegations against each other at that time. After all the commotion surrounding the issue, Bitgrail finally stated its intention to pay back clients by creating a token called Bitgrail Shares (BGS).

The customers affected by the attack were refunded 20% of their lost amount in XRB, while the remaining 80% was supposed to be covered by the BGS. Nonetheless, Bitgrail once again argued that they wouldn't take responsibility for the hack and continued to point their fingers at Nano and its alleged protocol issues.

However, as the investigation proceeded, the Italian police uncovered evidence of the involvement of the Bitgrail's owner "FF" in the attack. It's still unclear whether he participated actively in the attack or just simply failed to increase security measures after discovering it.

Nevertheless, the authorities did charge the accused man with computer fraud, fraudulent bankruptcy, and money laundering. Later, the Italian court ordered Bitgrail to refund as much of the stolen assets as possible.


4. Coincheck

  • Date of attack: 26 January 2018
  • Value of assets lost: $523 million

The Coincheck hack was considered the largest attack in the industry's history at that time. On 26 January 2018, the Japan-based exchange posted on their blog saying that they were restricting NEM deposits and withdrawals, along with other methods for buying and selling crypto on the platform.

Sometime later, Coincheck formally held a conference and confirmed that hackers had breached their system and took around $500 million NEM tokens that were then distributed to 19 different addresses on the network.

When asked about the cause of the theft, Coincheck admitted that they stored all of NEM tokens in a single hot wallet instead of a cold wallet and did not use the NEM multisig contract security suggested by the developers. Apart from that, the fact that Coincheck was not officially registered under FSA Japan also surfaced following the incident.

During the press conference, the Coincheck representatives expressed deep remorse for the unfortunate event and promised to register with the FSA. The next day, the exchange announced that they would refund all the 260,000 users affected by the hack.

Surprisingly, Coincheck managed to survive the incident and continues to operate to this day. In April 2018, Monex Group acquired Coincheck and decided to re-launch the company.


5. Poly Network

  • Date of attack: 10 August 2021
  • Value of assets lost: $610 million

As for the time being, the largest and most recently confirmed crypto hack in history is the hack of Poly Network, a cross-chain interoperability protocol for cryptocurrency. The cross-chain transactions in Poly Network basically allow users to send assets among different blockchains without having to convert them via an exchange.

Unfortunately, the system was hacked in August 2021, with a total of over $610 million stolen by hackers. The good news is that the Poly Network team has successfully reached out to the hackers and established communication soon after the attack. It resulted in the recovery of the whole $610 million of assets that have been previously stolen.


Be Careful in Using Exchanges' Wallets

From the cases above, we can conclude that most attacks happened to exchanges' hot wallets. It's common for traders to store their coins in crypto wallets and trade them in crypto exchanges.

However, there are undeniable risks incorporated with these two components. While developers are constantly improving the security of their service, at the same time, there are also hackers trying to get their hands of the wallets and steal their contents.

In that case, it's better to choose a proven, reputable service, rather than an unknown, insecure, or simply unreliable platform. Usually, a good platform would give you a number of tools to secure your account, the most common one being the two-factor identification in the transaction process.

As shown in history, no platform is completely hackproof so unexpected issues may occur. Thus, it's better to protect your holdings by using a private digital wallet to store your coins. Even if you still have to use a crypto wallet and exchanges, try not to hold all of your assets in the exchange for too long.