menu Menu
The 8 Worst Cryptocurrency Hacks in History (And What Exactly Happened)
Here are some of the most significant and most devastating cryptocurrency hacks in history, and why you need to be more careful.
By Dan Price Posted in Commentary on November 30, 2018 7 min read
The Bitcoin Cash Hard Fork: A Hash War Analysis Previous The 10 Best News Sites for Blockchain, Bitcoin, and Cryptocurrency Next

Concerned about the security of your Bitcoin, Litecoin, Ethereum, or altcoins? You should be, particularly if you aren’t storing your coins in a cold wallet for extra security.

Not convinced? Here are some of the most significant and most devastating cryptocurrency hacks in history. They serve as important examples of why you need to protect your cryptocurrency coins!

1. 92 Billion Bitcoin Out of Thin Air (2010)

We all love money for nothing. And with the current price of Bitcoin, it’s fair to say we’d all love some cryptocurrency for nothing as well.

Back in August 2010, that’s precisely what happened.

In what is still the only major security flaw that’s been found and exploited in Bitcoin’s code, a hacker managed to create 92 billion Bitcoins out of thin air. At today’s prices, it would have made the hacker the wealthiest person on the planet. A number overflow error made the hack possible. You can still see the forum thread where early Bitcoin enthusiasts discovered the problem.

Luckily, the community was able to cancel all transactions following the hack and rollback the blockchain to its pre-hack state.

2. Bitfinex (2016)

Bitfinex is one of the most popular cryptocurrency exchanges in the world. It has about two million users and sees billions of dollars’ worth of transactions take place every day.

In August 2016, the company was the victim of a hack. At the time, it was the second largest hack in cryptocurrency history. Thieves stole 120,000 bitcoins. They were worth $72 million. In today’s prices, that would be several orders of magnitude larger.

Bitfinex’s usage of multi-signature wallets made the hack possible. Ironically, the company had only introduced the wallet’s 12 months previously in a bid to make users’ coins more secure.

The wallets were poorly coded. In theory, Bitfinex would hold two keys, and BitGo would store one. All parties would have to independently sign off on a transaction to verify it.

In practice, BitGo would simply mirror whatever Bitfinex did. As such, there was only one point of failure. As soon as hackers got into Bitfinex’s servers, the game was up. The hack caused Bitcoin’s value to drop 20 percent in the markets.

3. Mt. Gox (2014)

The Mt. Gox story is well-known in the crypto world. It is the largest Bitcoin hack to date, and one of the most significant cryptocurrency hacks in history.

In case you’re not familiar, Mt. Gox had grown to become the world’s principle crypto exchange; it was handling more than 70 percent of all Bitcoin transactions.

In February 2014, it was discovered that hackers had stolen 850,000 Bitcoins over a period of three years. 750,000 of them were from Mt. Gox’s customers. Transaction malleability was to blame; someone could edit transaction details to make it seem like the transaction never took place.

In what proved to be a lesson in how not to handle a PR disaster, the Mt. Gox board relocated the company’s headquarters to avoid protesters, deleted it’s Twitter accounts, and took its website offline.

After the dust settled, Bitcoin had lost 36 percent of its value and users were left questioning the ongoing security of Bitcoin transactions.

4. Mt. Gox, Again (2011)

Frankly, the writing had been on the wall at Mt. Gox for a long time. While the 2014 hack is the one that still garners headlines, fewer people know the exchange had already been hacked once before three years previously. With hindsight, it was a sign of things to come.

So, what happened?

A computer belonging to one of the company’s auditors was comprised. A hacker, who therefore had access to the exchange, altered the nominal value of Bitcoin to one cent.

The change created a huge “ask” order at any price, thus initiating a mass selloff. Accounts with values in the millions were affected, and the still-unknown hacker walked away as a rich man.

5. The DAO (2016)

The four hacks we’ve looked at so far have all affected Bitcoin. But the world’s second-largest coin—Ether—has also been a victim. The hack happened to the DAO.

In simple terms, The DAO was a smart contract on the Ethereum blockchain that operated like a venture capital fund. Buyers could invest in the DAO through crowdfunding which would them allow them to vote on which companies the fund should invest in.

The original crowdfunding phase raised 12.7 Ether ($150 million), making it the largest crowdfunding project in history. It had control of 14 percent of all Ether in circulation.

In June 2016, a hacker took advantage of a loophole in the DAO which allowed someone to create a “Child DAO.” They put a recursive function into the withdrawal request; the code made the DAO keep handing over more Ether for the same DAO tokens. $50 million was lost.

The hack resulted in a soft fork and the splitting of the Ethereum community. The old Ethereum is now called Ethereum Classic; the forked version goes by the name of Ethereum.

6. Coincheck (2018)

The Coincheck breach happened in January 2018. Coincheck is a cryptocurrency exchange in Tokyo. The hack affected popular altcoin, NEM.

The theft replaced the Bitfinex hack as the second-largest of all time. When valued in dollars, it could yet prove to be even larger than current record holder, Mt Gox.

The 500 million lost NEM coins were worth about $550 million at the time of the hack, but the value dropped more than 20 percent after the news broke. The 500 million coins represented about five percent of the total supply of NEM.

cryptocurrency hack nem price value drop

It seems that a simple network hack was responsible. The cybercriminal was able to remain undetected inside the network for eight hours, giving them enough time to siphon off the money into 11 separate accounts. All the accounts holding the money now have the coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker tag.

Thankfully, the Coincheck hack does have a slightly happier ending—at least from an end-user perspective. The company said it would use its own capital to reimburse all 260,000 customers who lost out. They will receive ¥88.549 per NEM coin.

7. NiceHash (2017)

In December 2017, NiceHash—a Slovenian crypto-mining marketplace—announced it had been a hacking victim.

The precise amount stolen is not known, but a Bitcoin wallet that’s under suspicion holds 4,736.42 coins, the equivalent of about $70 million.

To be fair to NiceHash, it handled the loss well. Users thought the site would be gone for good, but a surprise announcement around the turn of the year said its customers would get their money back:

“We are happy to announce we have been able to reserve the funds required to restore balances from a group of international investors. Old balances will, therefore, be restored by January 31, 2018. We need this interim period to ensure all legal paperwork is processed correctly, so please be patient while we do this.”

8. Bancor (2018)

In mid-2018, Israeli-Swiss decentralized exchange Bancor lost $23 million after a hack. The theft happened when a wallet used to upgrade smart contracts was compromised.

The attackers made off with $12.5 million in Ether, $1 million in Pundi X (NPXS), and $10 million in Bancor’s own BNT coin.

Bancor’s response was to freeze the stolen BNT, but it was unable to do the same thing with the Ether and Pundi X. While the company’s response might seem sensible, it drew criticism from some purists—including Litecoin founder Charlie Lee—who said it proved Bancor was never truly decentralized in the first place.

Protect Yourself From Cryptocurrency Hacks

Since mid-2017, the total market capitalization of cryptocurrencies has bounced between $250 billion and $750 billion. That’s a lot of money, and it’s easy to see why cryptocurrency is so attractive to hackers and cybercriminals.

Reuters estimates that criminals have stolen over 980,000 Bitcoins from exchanges since 2011. Today, those stolen coins would be worth more than $6 billion—and that’s before you even consider all the other altcoins that have also been victim to hackers.

As always, keep your eyes peeled for common cryptocurrency scams and frauds. If you have money invested in the crypto space, it’s more important now than ever to make sure it’s secure.

Not sure where to begin? We have you covered. Check out our article on how to keep your cryptocurrency safe and which mistakes to avoid.

Recommended Reading

Previous Next

keyboard_arrow_up