The Leading Cryptocurrency Hacks and How to Avoid Losing Your Funds from Theft Attacks

Cryptocurrency hacks are in the tongue of almost every blockchain enthusiasts. This is probably so because the risk of losing cryptocurrency investments to hackers must be the single scariest thought that every crypto investor walks around worrying about. Every serious investor makes efforts to understand the causes of hacking and learns the most effective ways of avoiding the associated risks. Of late, cryptocurrency hacks have increased among the world’s opportunistic attackers. And, many cryptocurrency hacks have occurred over time as a result, however, some of the notable ones include:

1. The Mt. Gox Cryptocurrency Hacks

Mt. Gox is an abbreviation of Magic The Gathering Online Exchange. The exchange was based in Japan and was once the world’s largest Bitcoin intermediary that controlled 70% of the world’s Bitcoin exchanges.

The first attack on this cryptocurrency exchange took place in June 2011. It took down their server for many days. During this period, a hacker successfully accessed the exchange’s auditor machine and stole the credentials which he later used to transfer thousands of Bitcoin. Furthermore, the hacker also used Mt. Gox’s software to sell Bitcoins at a nominal value leading to a loss of approximately $8,750,000.

Another hack occurred in February 2014.

The effect on the company was so staggering to the extent that it sought bankruptcy. It then stopped all withdrawals and closed its operations. The hack had been going on for many years that by the time it was unearthed, the exchange had lost about 740,000 Bitcoin belonging to their customers, which was about 6% of the entire cryptocurrency’s circulation at the time. In addition, Mt. Gox lost another 100,000 of their own. The total cumulative loss was estimated at about $470 million.

2. The DAO Cryptocurrency Hacks

The Decentralized Autonomous Organization (DAO) was founded in 2016 as a venture capital fund for decentralized cryptocurrency projects. The organization was created as a smart contract on the Ethereum blockchain and it operated a crowdfunding campaign that pooled nearly $150 million worth of Ether at inception. It became the most successful token sale then.

DAO was hacked in June 2016, losing about 3.6 million ether valued at about US$ 70 million on June 18th. The funds were drained off by a hacker within a few hours. The attacker identified a flaw that permitted the DAO smart contract to return Ethereum many times before updating its balance.

The aftermath of the attack is the hard fork of the Ethereum protocol that enabled reimbursements. The divergence in the Ethereum protocol also led to the development of Ethereum classic.

3. The Bitfinex Hack

Bitfinex is one of the world’s leading Bitcoin exchanges. It suffered an attack in August 2016, which caused a loss of 119,756 Bitcoin, worth nearly $72 million at the time.

The hack was possible because of a vulnerability in the company’s multi-signature system that was applicable during Bitcoin withdrawal. The weakness affected the manner in which Bitfinex organized its accounts in line with their Bitcoin wallet provider BitGo.

The plan was to have Bitfinex own two secret keys and BitGo to own one key. Bitfinex thought that this segregation is a perfect safeguard against the potential risk of hacking. The exact manner in which the attack occurred remains a mystery to date.

4. NiceHash Hack

Image courtesy The Block Genesis

NiceHash is a Slovenian-based cryptocurrency mining brokerage that connects hashing power sellers with suitable buyers. It suffered a hack on December 6, 2017, where it lost 4,700 Bitcoin valued at $80 million.

According to the company’s CEO Marko Kobal, the attackers used an employee’s credentials to gain access to their system and stole the contents of the brokerage’s Bitcoin wallet. Following the attack, NiceHash operations were suspended for 24 hours for a thorough checkup, analysis, and investigation was undertaken.

5. IOTA Phishing Attack

IOTA coins worth $4 million were lost to a fraudulent phishing website on January 19, 2018. Customers who created an IOTA wallet on this website revealed private keys of their wallets to hackers.

The hackers had collected IOTA users’ passwords and other personal information for an unknown period before emptying their wallets. IOTA also noted that some of the full nodes on its network had suffered an attack from a Distributed Denial of Service (DDoS). The ability of the network to validate and process transactions was thus compromised. There was little that IOTA authorities could do to save the situation.

6. Coincheck Hack

Coincheck is a cryptocurrency exchange based in Japan. Its user accounts were compromised by hackers on January 26, 2018. They managed to steal a staggering 560 million NEM tokens valued at approximately $530 million.

This attack remains one of the most significant ever witnessed in the industry. After investigation, Coincheck exchange found that they were suffering from a security lapse that enabled the attack. One of their computer systems had a malware infection that led to a breach in their data security.

The malware enabled hackers to collect several private keys some weeks before the attack. Coincheck exchange also realized that it was not safe for them to keep their assets in hot wallets because such value was more vulnerable to attacks than investment stashed in cold wallets.

The hot wallets are connected to external networks which expose them to attacks. The company also lacked a multi-signature security process and this made it even more vulnerable to the hackers. NEM developers responded quickly to the attack and they were lucky to recover nearly all the stolen funds.

7. POWH Coin Hack

POWH is an abbreviation for Proof of Weak Hands, a coin promoted as a legitimate and independent pyramid scheme that paid its early users 10% dividends. Many investors ignored warnings on this scheme, and they went ahead to participate. The value of the POWH coin rose quickly beyond two million dollars in a short span of time.

The architects crafted the pyramid scheme to appear as transparent as possible. Using Ethereum smart contracts and POWH tokens, it increased in value by 0.25% every time a unit someone bought a unit and decreased by the same percentage after every sale.

Many people invested in the project thinking that it was a get-rich-quick scheme.

On January 10, 2018, a white hat hacker drained all the user wallets by taking advantage of an unsigned integer underflow. The total loss was 866 ether was about $950,000.

8. Verge Hack

The Verge network cryptocurrency hacks fraudulently created excess Verge (XVG) coins, instead of stealing the coins directly from unsuspecting customers. The hackers used many blockchain security vulnerabilities like manipulating the blockchain’s difficulty, faking timestamps, dominating the hash rate of the network among other vulnerabilities.

These criminal actions allowed the attackers to generate new coins at a higher rate. The cumulative value of counterfeited coins generated had a value of more than $1 million.

The platform later discovered that the hackers dominated the Verge network three times at an interval of several hours and they managed to disable payments from other participants.

Attackers also mined new cryptocurrency, reduced the mining difficulty of the blockchain, and abused a single algorithm to quickly create new blocks.

Verge developers mitigated the attack by setting limits on consecutive blocks created with one algorithm.

The measure that Verge developers did not last long because the initiators of these cryptocurrency hacks attackers bounced back and resorted to exploiting two algorithms at once. Ultimately, Verge developers reduced the block development period to 10 minutes thus making the timestamp fraud impossible.

9. Bancor Exchange Hack

Image courtesy CCN

This exchange suffered a hack attack on July 9, 2018, where criminals made away with tokens worth $23.5 million stolen. The hackers managed to access a wallet created for the purpose of upgrading certain smart contracts.

How cybercriminals obtained wallet credentials remains a mystery. An accusing finger, however, points to a breach from one of Bancors’s developers. This infraction enabled attackers to access the wallet and invoke the “withdraw to” function.

In response to the attack, the developers of the exchange froze $10 million in BNT and changed the denominator of the rest of the stolen coins to other cryptocurrencies. The exchange also transferred the ownership of the smart contracts from the attacked accounts to other accounts.

In an effort to prevent similar attacks in the future, Bancor introduced a multi-signature security process in their smart contracts. This feature requires at least two trusted accounts to confirm and verify each transaction.

10. Parity Wallet Hack

During this attack, an unknown hacker took advantage of a flaw in the Parity Ethereum client. The platform lost more than 150,000 Ether worth about $30 million. The attacker managed to access Parity multi-signature wallets created with the Parity client and drained the altcoin.

The hacker sent two transactions to each of the affected multi-signature contracts. One transaction obtained exclusive ownership of the multi-signature wallets, and the other to remove all funds. This attack made The White Hat Group moved Ether stored in the rest of the Parity wallets to a different Ethereum wallet.

How to Keep Funds Safe From the Highlighted Cryptocurrency Hacks

The interest surrounding the cryptocurrency industry will not die soon. If anything, it will continue for as long as the coins are relevant. Simply, the attacks associated with crypto will not abate either. Therefore, it is prudent to know a few ways of keeping your cryptocurrency portfolio safe.

Five of the most trusted of these are:

  • Only use wallets from verifiable and trusted sources.
  • Cold wallets are preferable to their hot counterparts.
  • Spread your loot; do not keep everything in a single place.
  • Keep your crypto private keys safely.
  • Use the combo of strong passwords and access accounts only in secure networks.

Clearly, these measures target the individual cryptocurrency holder. However, what happens to institutional holders such as exchanges? They can start by strengthening their security. In addition, constant troubleshooting, detection of bugs and elimination may also work well.

To Wrap

Despite the appreciable strength of the blockchain technology in securing cryptocurrency interests, several large scale attacks have occurred. Some of these cryptocurrency hacks have caused staggering losses and severe effect on the reputation of cryptocurrency business and the spirit of investment in the industry. However, it is inspiring to note that the industry has always found a way of neutralizing the attacks, making the necessary corrections, and bouncing back to vitality.

Stay Up to Date

Daniel Ayuko