Bitcoin was designed as a hedge against inflation following the 2008-08 Great Financial Depression. The effects of the financial crisis were felt worldwide, leading to a growing distrust in the government’s role as an issuer of currency. However, hackers and cybercriminals found loopholes in the digital asset design, tricking unsuspecting investors and even organizations and stealing large amounts of wealth by anonymous means. This article will feature 10 major crypto heists all over the world, and what needs to be done to safeguard crypto assets.
10 Largest Crypto Heists in History
1) Mt. Gox (850K BTC)
Over 850,000 Bitcoins were stolen from the Mt. Gox exchange from 2011 to 2014. The fault, as per Mt. Gox, occurred due to the transaction malleability bug then found underlying in Bitcoin. The bug allowed modification of a transaction’s unique ID through digital signature alteration.
The exchange had not deployed audit methods, and in September 2011, it was found that the private keys had been compromised. The stolen keys were repeatedly used to confiscate new deposits. By 2013, over 630,000 Bitcoins were stolen from the exchange. The discovery propelled the increasing use of cold wallets. In case of a breach, hackers can only steal cryptocurrencies from the hot wallet.
Also Read: Metaverse: A Safe Haven For Cybercriminals!
2) Linode (46K BTC)
The web hosting enterprise Linode was utilized by both Bitcoin whales and crypto exchanges for storing hot wallets. Hot wallets stored by the virtual services firm were targeted by hackers in June 2011. The total number of Bitcoins stolen is still currently unknown, but estimates suggest the amount is at least 46,000. Bitcoin and Bitcoin.cx lost 43000 Bitcoins and 3000 Bitcoins respectively, while Bitcoin developed Gavin Andresen lost around 5000 Bitcoins.
3) Bitfinex(119576 BTC)
The use of multiple signature keys for authorizing a Bitcoin transaction is not a comprehensive solution in and out of itself, as evidenced by the Bitfinex heist. The heist amounted to 119,576 Bitcoins.
The exchange had partnered with BitGo, who were responsible for handling customer withdrawals. Bitfinex also did not utilize cold wallets to get an exemption CEA(Commodities and Exchange Act)
Also Read: The Story of a $50M Superyacht, and Missing Crypto Investors of 3AC
4) Coincheck ($530 Million)
Japanese exchange Coincheck reported a loss of XEM tokens worth USD 530 million in the month of January 2018. The hackers associated with the act have still not been identified. Investigations revealed that cybercriminals acquired system access during an ongoing staffing deficit. They took advantage of inadequate security measures and the storage of funds in hot wallets.
5) KuCoin ($275 Million)
KuCoin made an announcement in the middle of the global pandemic. In September 2020, cybercriminals gained access to the hot wallets after acquiring the private keys and stole large amounts of ETH, BTC, LTC, XRP, XLM, TRX, and USDT tokens. North Korean hacking collective Lazarus Group was accused of stealing assets worth $275 million from the KuCoin exchange. The exchange has managed to retrieve around $240 million afterward through payments.
6) PancakeBunny ($200 Million)
Using a flash loan tactic, hackers were able to steal USD 200 million of crypto assets in May 2021. The criminals loaned large amounts of BNB, manipulated its valuation, and sold the amount across the BUNNY/BNB marketplace in PancakeBunny.
Flash loans need to be borrowed out prior to the loan’s repayment, at once. The cybercriminal dumped the entire BUNNY stack to lower its valuation and repaid Binance Coin through PancakeSwap.
7) Poly Network ($600 Million)
A person under the pseudonym “Mr. White Hat”, stole $600 million worth of crypto from the DeFi platform Poly Network, exploiting a network weakness. The incident which occurred in August 2021, is often considered one of the greatest crypto thefts in terms of the events that followed. The hacker chose to main a public dialogue with the DeFi platform, and returned the entire amount after a week, barring the 33 million in USDT that was frozen by the Tether network. Mr. White Hat had received a prize worth $500,000 for returning the entire heist amount, along with a job offer as the Senior Security Officer of Poly Network.
8) WormHole ($328 Million)
The 4th largest DeFi security breach resulted in a loss of $328 million. The bridge between Ethereum and Solana(Wormhole) was targeted by hackers, who exploited the mint function on the Solana side. They used minted tokens to claim ETH, creating around 120k wETH(Wrapped Ethereum) tokens for themselves.
9) Ronin Network ($620 Million)
The crypto gaming network reported a loss of USD 620 million on the 29th of Mach, 2022. The criminals hacked the private keys and generated meaningless withdrawals through 2 transactions across the Ronin bridge. Axie DAO and Sky Mavis, the publishers of the Axie Infinity game, were impacted.
10) Beanstalk ($181 Million)
A stablecoin platform built on Ethereum, Beanstalk was subjected to cyber attacks in April this year. Assets stored in the Beanstalk protocol were transferred to a Ukraine fund, which was a fraud proposal. After implementation, the hackers used it to repay a flash loan, making a $76 million profit from the $181 million stolen.
Final Thoughts: How to Avoid Crypto Scams?
Security integrations and the latest updates help significantly reduce the chance of a crypto heist, but they cannot completely eliminate the possibility. The irreversibility of a blockchain network appears as a bane here, as the exchanges can do little if hackers gain access to private security keys. For best security practices, read thoroughly on crypto investment claims, even suspiciously if they appear too good to be true. Avoid trusting people attempting personal contact for crypto investments. Always activate 2FA(two-factor authorization). And last but not least, never share the private security key of your crypto wallet. Store the information offline, preferably in cold wallets.
No Comment