Bitcoin is a digital currency that was created in January 2009. Marketplaces, also known as bitcoin exchanges, allow individuals to “buy or sell bitcoins using different currencies.” There have been a number of incidents of hacking, thefts, and/or disasters involving bitcoin since its inception in 2009. A ranked list of the top ten incidents is as follows.
#1 Mt. Gox Hack (Feb 2014)
- Mt Gox was a bitcoin exchanged based in Tokyo that operated between 2010 and 2014. At its peak, it was responsible for more than 70% of bitcoin transactions.
- The bitcoin exchange was hacked twice throughout its history. The first attack happened in 2011 when the hacker got hold of their auditor’s credentials and proceeded to transfer 2,609 bitcoins to an address “for which Mt. Gox had no keys.”
- The second attack happened in 2014, during a period when Mt. Gox was handling almost 70% of the world’s Bitcoin transactions. Mt. Gox halted operations soon after and filed for bankruptcy. At least 650,000 bitcoins were stolen, with several sources reporting that the actual number of bitcoins stolen from Mt. Gox being closer to 750,000.
- According to investigations, Mt. Gox’s unencrypted private key appears to have been copied prior to September 2011. The hackers then used the file “to access and gradually steal funds associated with Mt. Gox’s private keys without detection.”
#2 BitFinex (Aug 2016)
- On 2nd August 2016, BitFinex, a digital currency exchange, announced that it suffered a security breach. They were hacked for 119,756 bitcoins.
- The attack happened because the hackers were able to “exploit a vulnerability in the multisig wallet architecture of BitFinex.”
- In total, the attackers stole around 18% of what was taken from Mt. Gox a few years prior. On August 4th, 2020, Bitfinex announced that they would be offering a reward to any persons that connect them with the hackers responsible for the unauthorized transfer “of almost 120,000 bitcoins from the exchange in August 2016.”
- In order to compensate their users, “Bitfinex generalized the losses across all accounts and credited customers with BFX tokens at a ratio of 1 BFX to every dollar stolen.”
- As of 2019, 27.66270285 BTC, 0.023% of the total taken in the attack, had been recovered by U.S. law enforcement efforts.
#3 Bitcoinica (Mar 2012)
- Bitcoinica was launched by Zhou Tong, “who claimed to be a 17-year-old based in Singapore.”
- On March 2012, Bitcoinica announced that hackers had stolen from them 43,554 bitcoins.
- Users had trusted Bitcoinica with their money in part because of one of Bitcoinica’s features which “allowed speculators to short, or bet against, the digital currency.” Soon after the hack was announced, Tong made an announcement saying that he had sold Bitcoinica to a bitcoin exchange based in the UK called Intersango.
- In total, Bitcoinica had lost a total of 102,101 bitcoins in three separate incidents.
#4 BitFloor (Sep 2012)
- BitFloor was hacked for a total of 24,000 BTC on September 2012. “Although BitFloor encrypted the wallet keys needed to conduct transactions, it also kept an unencrypted backup.”
- The attack was assumed to have happened because the attackers likely got “hold of the unencrypted private keys that were kept online for backups.”
- In 2013, the founder, Roman Shtylman announced that they would cease all trading operations indefinitely.
#5 Bitstamp (Jan 2015)
- Bitstamp was a Slovenian bitcoin exchange startup that was founded in 2011. On 4th January 2015, “the operational hot wallet of Bitstamp announced that it was hacked by an anonymous hacker.”
- In total, 19,000 bitcoins were stolen. Soon after, the details of the Bitstamp hack was revealed in a report. There had been a string of phishing attempts targeted towards Bitstamp employees prior to the hack.
- It was discovered that those behind the attack used Skype and email to communicate with employees of Bitstamp in an attempt to distribute “files containing malware by appealing to their personal histories and interests.”
- Bitstamp’s system was compromised after a systems administrator by the name of Luka Kodric “downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership. After Kodric’s computer was infiltrated, according to the report, additional malicious files were created.” Ultimately, the hackers were able to gain entry to two servers which contain the “wallet.dat file for Bitstamp’s hot wallet and the passphrase for that file.”
- According to the report, the earliest phishing attempt took place on the 4th of November of the previous year, “when one of the attackers contacted Bitstamp’s chief technology officer, Damian Merlak, offering free tickets to a punk rock festival. Chief operating officer, Miha Grcar, was also contacted by Skype in mid-November by someone posing as a reporter. In that exchange, the individual cited past articles written by Grcar when he himself was a reporter covering news in Greece.”
- Bitstamp has since reopened and has continued to operate. Since the hack, it had “acquired stringent security measures like BitGo multisig wallets for operational purposes.”
- The report also illustrates the threats which bitcoin exchanges face, including social engineering attacks, where “personal information is used to trick victims into providing a means of access to sensitive materials.”
#6 BitMarket.eu (Dec 2012)
- Another notable heist in bitcoin history was the attack against BitMarket.eu.
- BitMarket.eu was hacked a number of times, with the most prominent incident taking place in 2012.
- Bitmarket’s developer, Maciej Trębacz, announced the exchange had lost “18,787.72139217 BTC as a result of his using Bitcoinica to set up a Bitcoin hedge fund. Unfortunately, Bitcoinica had also gotten hacked, losing all of BitMarket’s funds along the way.”
#7 Cryptsy (Jul 2014)
- Cryptsy is a now-defunct cryptocurrency exchange. A judge had ruled that 11,325 bitcoins had been stolen in 2014. The thief, however, was not identified.
- A federal judge from Florida had ordered the founder of the cryptocurrency trading platform to pay $8.2 million “to customers after he failed to respond to a class-action lawsuit.”
#8 BTER (Feb 2015)
- On February 2015, the Chinese bitcoin exchange, BTER, announced that it had been targeted by a major attack and had lost 7,170 bitcoins.
- The incident first came into attention when a couple of BTER users discovered that a number of elite transactions were being moved from BTER’s cold wallet and into a “random bitcoin wallet address.” After the successful transfer, another amount was further transacted to another wallet. A couple of hours after the bitcoin fund transfers, BTER announced that a total of 7,170 bitcoins had been stolen. BTER proceeded to say that, “all wallets have been shut down and withdrawals of unaffected coins will be arranged later.”
#9 Binance (May 2019)
- On May 2019, Binance, one of the world’s largest cryptocurrency exchanges, announced that hackers had stolen over 7,000 bitcoins from them.
- Binance said that the hackers had utilized a variety of methods to carry out the large-scale security breach. The attackers also managed to get “some user information such as two-factor authentication codes, which are required to log in to a Binance account.”
- According to a statement that was issued, Binance was able to “trace the stolen bitcoin to a single wallet.” The statement also mentioned that the hackers were able to structure the transaction in a way that bypassed Binance’s existing security checks.
- Binance said that the “theft occurred from the company’s so-called hot wallet.”
#10 Bitcoin7 (Oct 2011)
- On October 2011, Bitcoin7’s exchange website posted an announcement notifying its users that they had been subjected “to a hacking intrusion that compromised their wallets and their user database.”
- The company reported a theft of a total of 5,000 bitcoins. They also shared that the attacks had originated from Russia and Eastern Europe.