Top 4 Cryptocurrency Hacks of All Time and What to Learn from Them

Image for post
Image for post

Sometimes, it’s not good when cryptocurrencies attract a lot of attention from the public. Because of their high financial value, these companies become attractive for illegal exploits.

Take the cases of hacking which have become widespread. Hackers see the extreme popularity of Bitcoin and other cryptocurrencies as an opportunity to capitalize on what has already become a global phenomenon.

In fact, news.Bitcoin.com reports that hacking represents 22% of scams proliferating in the crypto market. The total amount of money lost to crypto hackers stands at approximately $15 billion, according to related reports.
Some hacking cases stand out from the rest because of the magnitude of losses to contributors and users of cryptocurrency mining.

Here’s our list of the most notorious cryptocurrency hacks that have rocked the crypto world.

1. Coincheck

Image for post
Image for post
Source

Coincheck, one of the largest digital currency exchanges in Japan, now holds the record for the world’s biggest cryptocurrency theft, as it lost $530 million in NEM coins.

The hack has been traced to a crypto exchange based in Vancouver, Canada. This means that the stolen crypto coins were moved to a digital wallet in other platforms for conversion or laundering.

Shortly after the hack was discovered on January 26, 2018, Coincheck suspended the sales and withdrawals of the NEM cryptocurrency to prevent more possible attacks into the exchange’s network.

Coincheck detected the theft — thanks to its tagging system that can identify malicious accounts on the crypto exchange. 11 wallets were tagged to hold the stolen currency. However, six of these had already moved 1 to 10,000 NEM coins to other exchanges.

The rest of the tagged accounts were able to transfer larger amounts of coins — from 300,000 NEM to as high as 20 million NEM coins to a different wallet.

Coincheck has refunded its users with their lost funds.

2. Mt. Gox

Back in 2013, Mt. Gox (which stands for Magic the Gathering Online Exchange) was the biggest bitcoin exchange in the world, holding roughly 70% of all exchanges on bitcoin platforms all over the world.

Despite its impressive reputation, Mt. Gox’s network has suffered from a series of distributed denial of service (DDoS) attacks. By 2014, the long delays in service prompted Mt. Gox to inspect its system.

Image for post
Image for post
Source

As it turns out, the network of Mt. Gox has had transaction malleability attacks. This type of crypto theft happens when hackers can tamper the signature and ID of a transaction before transactional data are approved and saved into a public ledger called the blockchain. The result is that the approved transaction ends up in the hackers’ account instead of the original recipient’s crypto wallet.

In the end, the transaction malleability attacks against Mt. Gox allowed hackers to steal $473 million worth of bitcoins, which was enough for Mt. Gox to declare bankruptcy.

3. Bitfinex

In the case of Bitfinex, it was a vulnerability in its multi-sig wallet system that led to the theft of 120,000 Bitcoins or $72 million from the Bitfinex platform.

Image for post
Image for post
Source

A multi-signature wallet is like a safety deposit box that requires two to three security keys for someone to take funds out of it. All key holders need to approve or sign off on a transaction.

Bitfinex was supposed to store two security keys while its multi-sig wallet service provider, BitGo, oversaw the third key. However, when hackers got into Bitfinex’s servers, they were able to bypass both Bitfinex’s and BitGo’s security keys, which resulted in Bitfinex users losing money from their wallet.

4. DAO Attack

Over at the Ethereum (another type of cryptocurrency) platform, the attack against DAO (Decentralized Autonomous Organization) is the most serious case that has ever been recorded.

The idea behind DAO is for it to function as a venture capital fund that would support all decentralized applications (DAPPS) on the Ethereum eco-system. Those who have DAO tokens could fund any project they were interested in.

The flaw in the DAO system was that anyone trying to back out of a certain project are not allowed to spend their ether for almost a month, which meant that the currency was floating and could be intercepted by hackers.

Over time, DAO hackers were able to steal $50 million worth of Ether.

Here’s an article that talks about the origins of DAO, the hack, and how it split the Ethereum community.

Lessons We Learned

Most of the hacks in question happened because of a flawed system in cryptocurrency mining or cryptocurrency trading.

Here’s what everyone in the crypto community could learn from the incidents.

  • Crypto platforms need to be protected with a Version Control Software (VCS). A VCS can show all changes made in the blockchain or database of records. At the same time, it can circumvent the change and revert to the previous version of the database.
  • Regular testing should be done on the servers of a cryptocurrency exchange, and not only when there are irregularities in the way they function. This could help detect possible security issues in the network early on.
  • Cryptocurrency exchange networks should be free from system failures. They should be built around a secure infrastructure that’s capable of processing hundreds of thousands of transactions all at the same time to help ward off hackers at bay.

Takeaway

These crypto hacks highlight the importance of being vigilant about what’s happening around us. As you identify the possible dangers in the cryptocurrency world, you also become conscious as to which eco-system offers the best security and protection for your cryptocurrency assets.

Originally published at noahcoin.org on June 8, 2018.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store