While cryptocurrency has a reputation for being transparent, fraudsters have made a name for themselves by exploiting platforms and exchanges. Even if stock exchanges do their best to safeguard customer funds, sophisticated hackers can still find ways to steal money.
Due to the prevalence of open-source code libraries on exchanges, they are a frequent target of hackers. Cybercriminals frequently go after cryptocurrency exchanges because a single hack might give them access to the funds of thousands of users. As criminals get better at what they’re doing, we need to step up our protection.
In this piece, we take a look back at the most significant attacks ever seen on a centralized cryptocurrency exchange (CEX).
Coincheck (2018): The Greatest Cyberattack to Date
Coincheck, a Japanese crypto exchange created in 2012, is among the world’s top 20. The exchange has bitcoin and Ethereum. In January 2018, hackers stole $534m in cryptocurrency. It’s the biggest crypto attack ever. Coincheck stopped deposits and withdrawals after the incident. However, the exchange recognized it may not be able to reimburse user losses. Japanese officials probed the attack thoroughly. The hackers hacked hot wallets using phishing. They propagated malware and stole money. Early 2021, authorities said most of the attackers were high-income.
Coinbene (2019): The Breach that was Initially Denied
CoinBene is a cryptocurrency exchange run by Chinese nationals out of Singapore. In terms of daily trading volume, it is one of the top 10 cryptocurrency exchanges in the world. More than 192 countries’ worth of crypto enthusiasts can use the exchange. Over $105 million worth of cryptocurrency was stolen in an assault on CoinBene in March 2019. However, instead of admitting that an attack had occurred, the exchange claimed it was shutting down for maintenance. The fraud perpetrated on the exchange was uncovered after a careful examination of its financial dealings. The perpetrators successfully transferred the stolen coins to other cryptocurrency trading platforms, including Binance. None of the missing coins have been found as of yet.
Zaif (2018): Attack that was Discovered Too Late to Stop
One of Japan’s first cryptocurrency exchanges, Zaif has been around for quite some time. It was Japan’s first licensed exchange, operating there since 2014. For those interested, Zaif supports over 40 different digital currencies. Security at the exchange was seriously compromised in September of 2018 when hackers obtained access to the hot wallets. The breach occurred on September 14, but it took Zaif three days to realize it. The total amount of money lost was somewhere around $60 million. After analyzing all withdrawal transactions from Zaif, Crystal was able to trace the cash and issue a risk score of 100% by designating the hackers’ wallet. Subsequently, the bourse entered into an agreement with the Japanese investment firm Fisco. About $44.5 million in the capital was acquired as a result of the transaction. Users’ losses were compensated for with this cash. To compensate, Fisco was granted control of the bourse’s voting stock. This resulted in the reinstatement of the exchange’s deposit and withdrawal services in April 2019.
Bancor (2018): That Hack Where Nobody Got Hurt
2016 Israeli start-up Bancor It’s a cryptocurrency exchange that’s fully decentralized. 2017 ICO raised $150m for the company. The following year, it suffered a $23.5m attack. The criminals used a sophisticated method. They targeted a company’s smart contract wallet. After the incident, Bancor was offline. The company traced stolen coins. Some coins were transferred to other exchanges. Bancor asked exchanges to freeze stolen coins. The company said no user cash was lost. Bancor’s critics said the company didn’t protect its assets enough.
Bitfinex (2016): The Cyber Attack That Shared Losses
Bitfinex was established in 2012 as a cryptocurrency exchange in Hong Kong. The business behind it, iFinex Inc., is also responsible for creating another stablecoin called Tether. During a hacking attempt in 2016, hackers stole coins from the cryptocurrency exchange worth over $60 million. Bitfinex was able to recover some user assets and make equity-based returns to those affected by the assault. Everyone who used the service suffered the same amount of damage as a result of the hack. By the year 2019, the US government had recovered some of the stolen monies and had even tracked down a few of the hackers responsible. Two Israeli brothers were identified as the perpetrators of the crime. The authorities moved quickly to apprehend them and prosecute them for cybercrime. Some of the stolen coins were tracked down in a different wallet in 2021. The attackers, it is theorized, were motivated by the recent surge in bitcoin’s value.
Cryptopia (2019): An Unusual Incidence of Two Assaults
Founded in 2014 in Christchurch, Cryptopia was a New Zealand cryptocurrency exchange. The exchange suffered a devastating attack in January 2019 that cost the company a total of $15.5m. Approximately nine percent or more of the company’s holdings were lost in the attack, according to the management. Due to the severity of the attack, the entire market was wiped out.
Mt. Gox (2011): The First Major Security Breach in the Crypto World
As of its 2010 inception, Mt. Gox was a cryptocurrency exchange based in Tokyo, Japan. Once upon a time, it processed more than 70% of all bitcoin trades worldwide, making it the world’s largest cryptocurrency exchange. After being hacked in 2011, bitcoins worth $8.75 million were taken from the exchange.
Yet another incident occurred in 2014, despite the exchange’s promises to strengthen its defenses. It was on a much grander stage this time around. The theft amounted to over 850,000 bitcoins or $615 million at the time. They were able to accomplish this by flooding the exchange with phony bitcoins. It was one of the earliest major security breaches in the bitcoin community.
Customers, suppliers, and business partners all sued the corporation after the breach was discovered. A major player in many of these was the exchange’s CEO, Mark Karpeles, who didn’t use any version control software for the site’s source code.
Any developer can compromise the site’s security by inadvertently altering its code. So far, these legal actions have not benefited those who use the exchange. The marketplace has filed a civil rehabilitation plan with the Tokyo District Court in an effort to reimburse its customers.
KuCoin (2020): Most Recent Assault
KuCoin operates as a cryptocurrency exchange in Singapore. It started trading in Bitcoin, Ethereum, Litecoin, and Ardor when it first opened in 2013. In September 2020, it was hacked for more than $281 million in coins and tokens.
In addition, the hackers stole the private keys to some of the most popular wallets on the market. In spite of KuCoin’s prompt intervention, the harm had already been done. The scale of this hack is unprecedented in the world of cryptocurrency.
KuCoin’s leadership immediately began an in-depth inquiry as a result. Fast action paid off, as almost $204 million was recovered in a matter of weeks. As an added bonus, the conversation has helped narrow down the pool of possible bad guys.
According to reports, the attack was carried out by a North Korean cyber collective. Fast action and real-time transaction tracking are stressed as essential here. Furthermore, the exchange intends to compensate all users for their losses.
In the preceding sections, we described a number of the most serious security incidents that have occurred on the CEX cryptocurrency exchange. The scope of these assaults is just astounding. It’s also clear that even erecting formidable security fences isn’t enough to stave off skilled hackers.
Even more importantly, the scope of some of these attacks emphasizes the importance of exchanges and other crypto corporations maintaining a high level of vigilance in order to monitor suspicious behavior.
The best way to do this is to work with professionals in the field who can provide solutions such as transaction tracking, analytics, and risk evaluation for digital currencies. In the realm of blockchain analytics, Crystal Blockchain is one firm that offers specific risk reduction solutions.
Robofi is a Defi platform that envisions a marketplace for revolutionary Dao crypto trading bots. Through its IBO (Initial Bot Offering) system, community members can maximize their earnings in an easy, simple, and secure way. We create a safe and transparent environment based on blockchain technologies that help developers bring crypto trading bot platforms to the market. In addition, individuals will have easy access to these bot applications, thereby generating more earning opportunities. RoboFi ecosystem is fueled by the VICS token.
VICS token has a distinctive and enticing concept. VICS is the BEP-20 token, built on the Binance smart chain. It is a core utility token in the RoboFi ecosystem, the reliable crypto trading bot marketplace. One important utility is to own the governance token of DABots and participate in an IBO (Initial Bot Offering) to receive additional incentives. VICS is available on major exchanges for trading.
I'm Carina, a passionate crypto trader, analyst, and enthusiast. With years of experience in the thrilling world of cryptocurrency, I have dedicated my time to understanding the complexities and trends of this ever-evolving industry.
Through my expertise, I strive to empower individuals with the knowledge and tools they need to navigate the exciting realm of digital assets. Whether you're a seasoned investor or a curious beginner, I'm here to share valuable insights, practical tips, and comprehensive analyses to help you make informed decisions in the crypto space.