Most Significant Hacks of 2019 — New Record of Twelve in One Year

Published at: Jan. 5, 2020

Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches.

As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s still unclear which regulatory agency has jurisdiction over the crypto markets.  

Although there are no established rules regarding how cryptocurrency exchanges should safeguard customer funds, there are crypto-friendly countries and states. Canada, Malta and the American state of Wyoming have created crypto-friendly legislation that makes it easier for businesses to operate and gives them guidelines regarding security practices.

Sadly, not all countries have created guidelines or laws that help crypto businesses operate and reduce the risk for consumers. The way cryptocurrency exchanges store and protect their customer’s wealth differs from exchange to exchange; unfortunately, this makes cryptocurrency exchanges a hotbed for hacks that result in the theft of cryptocurrency or customer data.  Let’s take a closer look at the cryptocurrency exchange hacks of 2019 and how much cryptocurrency, fiat and customer data was stolen in each incident.

Related: Crypto Exchange Hacks in Review

1. Cryptopia

Date: Jan. 14, 2019

Headquarters: New Zealand

Amount stolen: $16,002,108

Just two weeks into the year, the first hack on a cryptocurrency exchange took place. New Zealand-based Cryptopia was hacked for over $16 million worth of cryptocurrency at the time. Social media users started their own investigation, according to which, over 20 different cryptocurrencies were taken from the exchange’s hot wallet.

2. LocalBitcoins

Date: Jan. 26, 2019

Headquarters: Finland

Amount stolen: $27,000

A few weeks later, the popular over-the-counter Bitcoin exchange LocalBitcoins was the victim of a security breach. Attackers were able to replace the official link to the exchange’s forum with a fraudulent link that led users to a fake page that resembled the discussion board but collected the information of the users who attempted to log in.

The attackers used the information they obtained to steal 7.9 Bitcoin — worth $27,000 at the time — from at least six user accounts.

3. Coinmama 

Date: Feb. 15, 2019

Headquarters: Israel

Amount stolen: 450,000 account usernames and passwords

In just the second month of the year, Israel-based cryptocurrency broker Coinmama learned that its database had been breached. As a result, an estimated 450,000 user account logins and passwords had been compromised and posted on a darknet registry.

4. DragonEx

Date: March 24, 2019

Headquarters: Singapore

Amount stolen: $7.09 million 

On March 24, Singapore-based exchange DragonEx posted in its official Telegram group that it had experienced a hacking attack, and as a result, a portion of the users’ and the platform’s crypto assets had been stolen. Days later, DragonEx released an announcement on its website, saying: “On March 24th, DragonEx suffered APT attack, which is the greatest challenge since DragonEx was first launched in the year of 2017. 7.09 million USDT assets are stolen.”

5. CoinBene

Date: March 25, 2019

Headquarters: Singapore

Amount stolen: $105 million

Just two days after the DragonEx hack, another cryptocurrency exchange in Singapore, CoinBene, was hacked. Many CoinBene users became suspicious of a hack when the CoinBene site unexpectedly went down for maintenance. Individuals who were tracking the CoinBene hot wallet noticed that a whopping $105 million worth of crypto assets had been removed. Even though all of the evidence is on the blockchain, CoinBene continues to deny that it was ever hacked.

Related: Over $100 Million Missing: CoinBene Claims Maintenance, a Month of Questions Point Toward a Hack

6. Bithumb

Date: March 30, 2019

Headquarters: South Korea

Amount stolen: $18.7 million

March was a bad month for cryptocurrency exchanges. Just a few days after the CoinBene hack, Bithumb was hacked for an estimated $18.7 million — $12.5 million in EOS tokens and $6.2 million in XRP. Unlike other exchange hacks, Bithumb believed that the theft was an inside job committed by a former Bithumb employee who had access to its hot wallets.

Related: North Korea and Crypto: Is the Regime Responsible for Major Hacks?

7. Binance

Date: May 7, 2019

Headquarters: Malta

Amount stolen: $40 million

On May 7, Binance — the world’s biggest cryptocurrency exchange — experienced a security breach. As a result, 7,000 BTC, equivalent to $40 million at the time, was stolen. In addition, Binance said that hackers were able to obtain user API keys, two-factor authentication codes and possibly more user information.

Later, on Aug. 7, it was revealed that hackers were in possession of over 60,000 pieces of Know Your Customer data from the Binance exchange. An individual going by the name “Bnatov Platon” said he or she hacked the individuals that hacked Binance back in May and discovered that the original hackers had also gained access to 60,000 pieces of customer KYC data, including the photo IDs of 10,000 Binance users. 

Related: Binance KYC Breach — Did It Happen, and If So, Who’s to Blame?

8. GateHub

Date:  June 1, 2019 

Headquarters: United Kingdom

Amount stolen: $10 million

In June, GateHub made an announcement, saying 100 of its users’ XRP wallets had been compromised. A GateHub community member took a deep dive into the hack and discovered that by June 5, 23,200,000 XRP had been stolen from 80–90 of these wallets — the equivalent to about $10 million at the time. 

9. Bitrue

Date: June 26, 2019

Headquarters: Singapore

Amount stolen: $4.23 million

At the end of June, Bitrue was hacked, and roughly $4.23 million was stolen. Hackers learned of a vulnerability in Bitrue’s security that gave them access to about 90 user accounts. Afterward, hackers used what they learned from their 90-account takeover to successful compromise Bitrue’s hot wallet. As a result, 9.3 million XRP and 2.5 million ADA were stolen.

10. BITPoint

Date: July 11, 2019

Headquarters: Japan

Amount stolen: $32 million

On July 11, Japan-based cryptocurrency exchange BITPoint was alerted of an irregular outflow of XRP from its hot wallet. Several hours later, BITPoint became aware that Bitcoin, XRP, Ether, Bitcoin Cash and Litcoin had been moved from the exchange’s hot wallet without authorization. In total, $32 million worth of cryptocurrency was moved out of BITPoint’s hot wallet — $23 million of which belonged to BITPoint users.

Related: BITPoint Hack Shows That Regulators’ Scrutiny Does Not Equal Safety

11. VinDAX

Date: Nov. 5, 2019

Headquarters: Vietnam

Amount stolen: $500,000

For the most part, the VinDAX hack is a mystery. VinDAX is a small cryptocurrency exchange based in Vietnam that primarily hosts token offerings for unheard of companies. Information regarding this security breach is scarce. However, The Block took a deep dive into this mysterious hack and learned from the VinDAX support staff that roughly 23 cryptocurrencies — worth $500,000 in total — had been removed from its hot wallet without authorization.

12. Upbit

Date: Nov. 27, 2019

Headquarters:  South Korea

Amount stolen: $49,116,778.00

And finally, the last hack of the decade: Upbit. Upbit is a South Korea based cryptocurrency exchange that was hacked for 342,000 ETH — equivalent to $49,116,778 at the time — on Nov. 27. All that is really known is that hackers were able to gain access to Upbit’s hot wallet and move Ether without authorization. However, Upbit released a statement shortly afterward telling users that it would be covering all of the losses with the exchange’s assets.

Related: Upbit Promises Swift Reimbursement, Theories Over Missing Funds Swell

The damage

In total, $292,665,886 worth of cryptocurrency was stolen from 11 cryptocurrency exchanges and 510,000 pieces of user information were taken from the database of one exchange — a total of 12 cryptocurrency exchanges experienced security breaches.

So, what does this all mean? It means that cryptocurrency exchanges have to do better in terms of industry standards and security practices. Sadly, we did not see enough legislation and security improvement in 2019, and we experienced even more cryptocurrency exchange hacks than in any previous year. But hopefully, these things will change in 2020 and the cryptocurrency markets will be safer for every party involved in the cryptocurrency ecosystem.

Tags
Related Posts
NZ Exchange Cryptopia Reports Hack With 'Significant Losses'
New Zealand digital assets exchange Cryptopia has suspended services after detecting a major hack that has reportedly “resulted in significant losses,” according to a tweet posted today, Jan. 15. The exchange revealed in the tweet that the hack occurred yesterday, Jan. 14. The platform had initially informed the public it was undergoing unscheduled maintenance, issuing several similarly laconic updates before today’s official disclosure of the breach. According to today’s tweet, the exchange has notified government agencies and authorities, including the New Zealand Police and High Tech Crimes Unit, who have reportedly opened an investigation into the matter and are allegedly …
Ethereum / Jan. 15, 2019
A crypto New Year’s resolution: Modernize security infrastructure
It’s safe to say that 2020 has been a banner year for the digital-asset space. Bitcoin (BTC) soared past its previous high, and many other prominent cryptocurrencies reached their highest levels since the heyday of 2017 and early 2018. Across the financial services industry, institutional voices are expressing reinvigorated interest in digital assets. The growth and maturation of this space has been impossible to ignore, engendering plenty of optimism among those who build the platforms and systems on which it runs. Unfortunately, not all the headlines from the past year have been positive. Several well-known crypto exchanges and other organizations …
Technology / Dec. 31, 2020
New Zealand Blockchain Group to Request Government Blockchain Strategy
New Zealand-based blockchain industry group BlockchainNZ announced that it will request a national blockchain strategy from the government next Thursday, according to a press release on May 21. The executive director of Blockchain NZ, Mark Pascall, will give a presentation to the New Zealand parliament’s economic development, science and innovation select committee hearing on the potential economic advantages of implementing blockchain tech solutions in the country. The presentation will reportedly serve as an introductory seminar on blockchain, bitcoin, smart contracts, security tokens, and decentralized autonomous organisations. Pascall commented that Blockchain NZ wants to have its experts work together with the …
Blockchain / May 22, 2019
Signs Point to Inside Job in Upbit Crypto Exchange Hack, Says Commentator
Following the theft of 342,000 Ether (ETH) ($50 million) from major South Korean crypto exchange Upbit, some commentators have suggested that the hack was actually an inside job. As Cointelegraph contributor Joseph Young tweeted on Nov. 27: “The ‘hacker’ timed when UPbit was making crypto transfers to its cold wallet (other alts like TRON, etc.). Hence, I think the probability of it being an inside job is higher than external breach.” Hacker’s timing was advantageous As Cointelegraph reported, the incident was confirmed in an official statement published earlier today, which read: “At 1:06 PM on November 27, 2019, 342,000 ETH …
Ethereum / Nov. 27, 2019
Report: Crypto-Related Fraud and Theft Resulted in $4.4B Loss in 2019
In 2019, the total volume of cryptocurrency-related fraud and theft resulted in losses worth $4.4 billion, according to CipherTrace’s report for the third quarter of 2019. In its “Cryptocurrency Anti-Money Laundering Report, 2019 Q3,” security research firm CipherTrace delved into the 120 most popular cryptocurrency exchanges’ compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements and analyzed patterns in crypto-related crimes. Decline in crypto crime volume and weak KYC standards Per the report, Q3 2019 saw a notable reduction in total cryptocurrency crimes as compared with previous quarters, and thus the lowest quarterly thefts and scams in two …
Bitcoin / Nov. 27, 2019