Crypto Under Attack: The Five Worst Hacks That Shook the Crypto World
In tandem with improvements in technology and security, hackers have started getting more creative with the scams and hacks they carry out. You could be one click away from malware, causing harm to your files and crypto assets.
If you’re on a network that is used by billions of people every day, then I would like to burst the bubble and tell you that no matter what, you are prone to hacking. Hacking is the act of gaining unauthorized access to someone’s system to steal their data and files or corrupt their system. This process is done by repeatedly cracking codes and passwords, eventually giving access to the systems.
Cryptocurrencies were first introduced in 2009 with the launch of Bitcoin (BTC), and since then, many other digital currencies — or altcoins — have also surfaced. Cryptocurrency is an asset that is available on a blockchain-based network and works as a medium of exchange. With their entire presence only existing online, cryptocurrencies are prone to hacking as well, and over the years, we have seen several cryptocurrency hacks and scams take place.
Even though hacking is illegal and of course looked down upon, we can’t ignore the impressive effort, depth of knowledge, courage and level of creativity necessary to pull off such a task. Here is a list of the five greatest hacks of all time.
NiceHash hack, professional attack, $64 million stolen
Slovenian-based Bitcoin mining marketplace, NiceHash, was launched in 2014. In just three years, so-called “cloud mining” — i.e., a web platform where people buy and sell processing power needed to mine Bitcoin — was poorly wounded: A hacker stole approximately 4,700 Bitcoins, which was worth about $64 million at the time of the hack in December 2017, when the leading cryptocurrency’s price was hitting record highs around $20,000 per coin. The platform called the security breach a highly skilled and organized attack that was carried out with sophisticated social engineering.
The damage inflicted by the hacker on the platform was so significant that the exchange suspended all its operations for 24 hours to conduct the investigation. The mining exchange’s official press release statement also recommended its users change their online passwords.
In an effort to save its reputation, NiceHash started a repayment program to return digital currency to those users who had been affected by the infamous hack. Started back in February 2018, the repayment program is still ongoing, and the next, 22nd reimbursement is scheduled for Nov. 4, 2019, meaning that 81% of all stolen funds will have been returned to the platform's users.
Bitpoint exchange hacked, wallet attack, $28 million stolen
In July, cryptocurrency exchange Bitpoint revealed that about 55,000 users became the target of a $27.9 million hack. Bitpoint’s president, Genki Oda, stated that out of the crypto stolen, $19 million belonged to customers, whereas the remaining amount, $8.9 million, was the company holdings.
In the theft, the hot wallets of customers were attacked. Not only this, however, as the hacker also used Bitpoint’s software to steal an additional $2.3 million from overseas exchanges. The stolen funds have not been recovered yet, and the exchange is trying to find the person or group responsible for this theft through an investigation.
Bitpoint received a business improvement order from Japan’s Financial Services Agency in June 2018. The FSA did this to make sure that the exchange upgrade its system to secure the funds and also to match up with the FSA's Anti-Money Laundering and Know Your Customer requirements.
The exchange has a total userbase of 110,000, and theft on half of them raises questions regarding security levels of the exchange.
Bittrex delists Bitcoin Gold, series of hacks, $18 million lost
Launched in 2013, Bittrex is a United States-based cryptocurrency exchange with a team of 49 members. Recently, the exchange decided to delist Bitcoin Gold (BTG) from its platform after a hack.
A series of hacking attacks on the exchange led to the loss of over $18 million in funds from the exchange. Back in May 2018, hackers took control of more than 51% of the overall hash power of Bitcoin Gold, more than 388,000 BTG.
A method called “double-spending” was used by hackers to trick the exchange into transferring double the amount of coins than needed. The exact amount of Bitcoin Gold stolen from Bittrex was not mentioned, but Bittrex had reportedly requested more than 12,000 BTG (worth around $255,000) as a compensation from Bitcoin Gold.
These hacks have damaged the reputation of Bitcoin Gold: Earlier, BTG worth $3.3 million was stolen after hackers tricked users into downloading a fake wallet. These hacks have declined BTG's rank in the crypto market, as it is currently ranked 43rd, according to Coin360.
Apple macOS hack, corporation hack, malware attack
North Korea is known for its notorious acts, as it continues to exploit the crypto market with illegal activities and constant attempts of hacking various systems. In recent news, hackers sponsored by North Korea, disguised under the so-called Lazarus Group, tried to hack into Macs via fake cryptocurrency software.
The U.S. government and numerous other cybersecurity companies have claimed that the Lazarus Group is an organization sponsored by North Korea. The group tried to hack Apple's macOS by creating a fake company with an official website and wrote an open-source code for a cryptocurrency trading app that was uploaded on GitHub.
Within this code was a piece of malware that, when downloaded, would attack Apple computers and give the hacker access to do anything on the system. According to a United Nations report, North Korea has made about $2 billion by hacking various traditional exchanges and banks.
Apple products are known for their security and functionality, and the company even claims that Apple products cannot be hacked or manipulated.
The infamous Mt. Gox hack, $460 million stolen
Mt. Gox, was leading the crypto exchange market in 2013, with over 70% of the world’s Bitcoin exchanges taking place on its platform. Mt. Gox was first struck was in 2011, when 80,000 BTC was stolen from the exchange’s founder, Jeb McCaleb, who was in the process of selling the exchange to Mark Karpeles. Shortly after, a hacker was able to get into McCaleb’s account, which still had admin access, and artificially dropped the price of Bitcoin from around $17 to just about $0.01, allowing for about 2,000 BTC to be bought and transferred out of the exchange before the attack was noticed and resolved.
The most significant attack, however, occurred over a number of years — 2011 to 2014, when it finally came to light that the exchanges cold wallets were virtually empty. During that time, 850,000 Bitcoins were stolen from the exchange, 750,000 Bitcoins of which were owned by users, while the rest were the exchange’s. The value of the stolen Bitcoins at the time was $460 million, making it the most significant amount of Bitcoins ever stolen.
Mark Karpeles, who was the head of Mt. Gox, went on trial in Japan. After such a colossal failure of Mt. Gox as a crypto exchange platform, the rules and regulations related to cryptocurrencies were changed in the country.
In 2014, Mt. Gox was forced to file for bankruptcy and was forced to shutdown.
During the investigation, 200,000 Bitcoin were discovered, but these Bitcoin have not yet been distributed among users as compensation.
There is a lot of complexity with Mt Gox, so it is hard to cover it in only 3-4 paragraphs.
Conclusion
Cryptocurrency assets are a modern form of investments by many people, as they have moved from traditional investments like real estate and gold. But with the ease of online transactions comes the risk of getting attacked by hackers and malware. It is essential to use proper software that provide two-factor authentication service, such as Google Authenticator, and other services like email verification or IP address tracking.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Heena Vinayak is the founder of KillerLaunch.com, a company that helps startups and companies find catchy, killer domain names. They offer domain broker services to corporations as well as early stage companies to hand pick catchy domain names. Heena and her company became interested in the cryptocurrency space in 2017.