In recent years, over a billion dollars in cryptocurrency has been stolen from the accounts of users of cryptobirth. In this article, we will look at the 5 of the loudest and most significant hacks that have shaken the crypto community and the main strategies of the attackers. The purpose of this article is not to scare you or convince you of the vulnerability of cryptocurrency assets, but, on the contrary, to show clearly why such attacks have occurred and how to secure your savings as much as possible.
1. Mt Gox
- Date of attack: June 2011 and February 2014
- Stolen: 2609 BTC | + 750,000 BTC
The most famous and sensational attack was made on the Japanese-based Mt.Gox crypto-exchange, operating from 2010 of the year, which is at that time the largest Bitcoin exchange that processes more than 70% of Bitcoin operations in the world.
It is rarely mentioned that the stock exchange was attacked not once, but twice and, without looking at the fact that the stolen sums differ significantly, both attacks are very indicative for further discussion, therefore we will consider them in more detail.
The first attack was carried out in June 2011. Hackers managed to gain access to an account with auditor access, as a result of which they got access to a database of exchange users consisting of names and hashed passwords, as well as more 2600 BTC.
The second attack took place in February 2014, when more 750 000 BTC disappeared from users ’accounts. The owner of the exchange, Mark Karpeles, said that the attackers managed to find and use the vulnerability in one of the protocols.
After these events, Mark Karpeles declared bankruptcy of the exchange. Announced a process to recover damages to former customers of Mt.Gox. The lists for reimbursement promise to review 2019 by the end of January and, presumably, a reimbursement plan will be drafted and approved within a month.
2. Coincheck
- Date of attack: January 2018
- Stolen: 523 000 000 NEM
In our list, this is the only theft of cryptocurrency assets that did not occur in BTC coins, but in the New Economy Movement (NEM). That, however, did not prevent him from becoming the second in terms of the amount of damage done in dollars - the losses of users of the Japanese cryptocurrency exchange amounted to more than $ 534 million.
In this case, the hackers again managed to gain access to the “hot” wallet and withdraw funds from it. The experts, reviewing the incident, also refer to Japan’s problems in the field of cyber security. On the one hand, firms have better software, consulting and auditing services, but, on the other hand, responsible employees ignore simple security measures: operating systems are not patched in time, the firewall is not updated after initial configuration, and system backups are not tested.
Coincheck announced their willingness to pay damages and provided a plan to pay damages, which has been in effect since March 2018. In connection with the events described, Coincheck was sold to the Japanese brokerage firm Monex Group for $ 33,5 million.
3. Bitfinex
- Date of attack: August 2016
- Stolen: 120 000 BTC
Second in the number of funds stolen in bitcoin, the attack was made in the summer of 2016 on the Hong Kong-based Bitfinex exchange. 120 000 BTC, which then cost $ 72 ml. dollars were stolen.
In 2016, most exchanges used “hot” wallets, where user funds are stored online, to conduct exchange transactions, which leads to increased security risks. Bitfinex found a way to keep its users safe and improve its security by partnering with BitGo in 2015. The collaboration involved the use of multi-signature to confirm monetary transactions. The system perceived the transaction as legitimate if it was confirmed with three keys, two of which were stored on Bitfinex servers, and BitGo was responsible for the safety of the third.
Thus, it was assumed that BitGo acts as an additional layer of security and you can get rid of the need to store funds in “cold” or offline wallets.
The idea looked great: to increase the speed of transaction processing, without sacrificing security. No matter how ironic it may sound, but it is this approach that provided hackers with a loophole to steal funds. The attackers managed to bypass the BitGo computational algorithm and, after attacking the Bitfinex servers, approve the illegal output of more than 120 000 BTC.
It is worth mentioning that Bitfinex took measures to compensate for the damage by issuing BFX tokens. The victims could convert them to USD, slowly but surely recovering the stolen funds.
Bitfinex continues to work and is currently one of the most liquid cryptobirds in the world.
4 Bitstamp
- Date of attack: January 2015
- Stolen: 19,000 BTC
Another attack took place in January 2015 on a stock exchange registered in Slovenia. Bitstamp was founded in 2011 year as an alternative to Mt.Gox, but, unfortunately, also could not resist the attack of hackers. The amount of funds stolen at that time was equivalent to $ 5 million.
It is worth noting the nature of the attack, which became known later. According to the investigation, a massive phishing attack was carried out against the company's employees. The purpose of such attacks is to force the user to open the received electronic file on a corporate computer in any way. The user is sure that he opens a long-awaited e-mail or looks at a picture with a cat on the network, but at the same moment, malware is already beginning to steal data from the company's servers.
Bitstamp managed to recover from the damage (in the first place - reputational damage) and continue its activities. Currently, the security system has been redesigned and uses a multi-signature algorithm to confirm transactions.
5. Bitfloor
- Attack date: September 2012
- Stolen: 24,000 BTC
In 2012, the attackers managed to steal the order of 24 000 BTC from the accounts of BitFloor users.
According to reports, hackers gained access to a backup copy of the keys of the “hot” wallet, which was created during the next update of the system.
BitFloor managed to compensate users for losses, however, soon, the exchange was closed due to the requirement of the US banking regulator to stop any trading operations.
Results
Examples show that attackers use two methods of embezzling funds: hacking a security algorithm and social hacking.
To protect your savings in cryptocurrency, it is important to remember about such incidents and not to disdain storing funds on a “cold” wallet in favor of the speed of processing transactions and competently diversify funds in storages. No matter how advanced the protection algorithm is: you can hack it, or people working with it.