Following the release of the new Netflix series “Trust No One: The Hunt for the Crypto King”, we decided to take a look at some of the biggest crypto hacks that have taken place since 2010. Plus, discuss the steps that you can take to keep your crypto assets safe.
You may be surprised to know that more than 14% of Bitcoin and Ethereum have been stolen to date from cryptocurrency exchanges. Cryptocurrency exchanges, especially those that are centralised, have a longstanding history of getting hacked and losing their customers’ funds.
Most thefts on the blockchain occur on centralised exchanges that keep your crypto on centralised hot wallets, but your crypto can be stolen in a variety of unique ways!
6 Biggest Crypto Hacks: Trust No One!!
1. AFRICRYPTO Exchange
Exchange Hacked: AFICRYPTO
Alleged Hackers:Raees & Ameer Cajee
Amount: 3.6 Billion USD
You might not have heard their name before, but Africrypt is the biggest crypto heist to date. Africrypt was started by two teenage brothers who used to mine Bitcoin. In 2019, Raees and Ameer Cajee (aged 18 and 20) claimed to revolutionise the South African economy using cryptocurrency. Through this promise, they attracted millions to their platform from the elites of Africa.
In April 2021, a week before the heist took place, Africrypt employees were demoted and lost access to the back-end platform of the website. The workers reported this to the administration but nothing came of this.
In the following days, one of the brothers announced that Africrypt was attacked, and $3.6 billion worth of invested money in BTC was stolen. They cautioned investors not to report this incident to any legal bodies. Stating that this would delay the process of regaining the stolen crypto. However, a few investors decided to hire a reputable South African crypto law firm Hanekom Attorneys, to investigate the matter.
When investigated, they found out that the stolen funds were mixed and transferred to larger BTC wallets owned by the Cajee brothers. Meaning that technically they were untraceable by authorities. The coins are still not retrieved, and nothing has been legally proven against the Cajee brothers.
Word of advice from this heist: Always do your research when it comes to crypto exchanges. Never trust a bunch of teenagers with your money. The team behind the project is vital and must have the administrative, financial, and soft skills required to run a project.
2. BitFinex Exchange
Exchanged Hacked: BitFinex Exchange
Alleged Hackers:Ilya Lichtenstein &Heather Morgan
Amount: 120,000 Bitcoin
In August 2016, hackers managed to breach Bitfinex’s security systems and stole almost 120,000 Bitcoin. The stolen bitcoin was worth roughly $70 million at the time when the price of bitcoin was around $600. With a current worth now of roughly $4.5 billion.
At the time, Bitfinex withdrawals were suspended, and trading was stopped. Bitfinexinfromed their customers they would lose 36% of their funds to account for the losses. It also created special digital tokens that recorded customers’ losses. Some of the tokens could be exchanged for shares of iFinex, the company that operates Bitfinex. While other tokens could be redeemed if the stolen bitcoins were recovered in the future.
Then in February 2022 (almost 6 years later), a husband and wife from Manhattan were arrested and charged with attempting to launder the stolen bitcoin. This was after the Government Seized $3.6 billion dollars in stolen crypto that was directly linked to the 2016 Hack of Bitfinex.
Heather Morgan, a published Forbes writer and rapper, who goes by the nickname ‘Crocodile of Wall Street”. Plus, her husband Ilya Lichtenstein, a startup founder, was arrested for swindling money from the exchange. The couple are entrepreneurs with deep ties to the tech industry, founding multiple startups over the year.
It’s alleged that they took part in a sophisticated, years-long scheme to launder the proceeds from the hack. Having set up a number of sophisticated techniques which were obscured under the disguise of their start-up business activities.
The couple has been charged with conspiracy to commit money laundering. Carrying a maximum sentence of up to 20 years in prison, and conspiracy to defraud the US, which carries a maximum term of up to five years.
However, they have not been charged with conducting the actual hack itself. This entity is still unconfirmed, even after all these years. Even so, this has come as a win for US law enforcement amid a slew of heists from cryptocurrency platforms in the past.
3. Poly Network Hack
Exchanged Hacked:Poly Network
Alleged Hackers: Mr WhiteHat
The tale of Poly Network and Mr White Hat might be the most exciting story in the cryptocurrency space. Poly Network was a DeFi protocol that used a smart contract to allow users to exchange tokens between multiple blockchains like BSC, Ethereum and Polygon. In August 2021, Mr White Hat stole around $611 million worth of digital tokens. He did this by exploiting a technical flaw in one of the smart contracts on Poly Network.
But, Mr White Hat did not run away with the money but instead reached out to Poly Network. Offering to return all the money and claimed that the only reason for hacking the Poly Network was to improve its security. As promised, in less than 24 hours, he had returned $260 million.
However, $200 million was still trapped in an account that required passwords from the hacker and Poly Network. Initially, Mr White Hat refused to hand over the password for this account. But Poly Network pleaded with him to return the money. Offered him $500,000 as a reward and a job offer of the chief security advisor at the company for his services in identifying the flaws in their smart contract code.
Mr White Hat did return all the money to Poly Network. Except for $33 million in USDT, which the USDT issuers froze to maintain market stability.
4. Coincheck Exchange Hack
Exchanged Hacked: Coincheck Exchange
Alleged Hackers: Unknown
In 2018, one of the largest cryptocurrency exchanges in Japan lost $523 million from one of its hot wallets. On a Friday afternoon in Tokyo, hackers broke into the Coincheck digital vault and stole $523 million worth of NEM, according to Coincheck CEO Yusuke Otsuka.
However, the breach was not confirmed by the Coincheck team until midnight. Shortly after, Coincheck froze all deposits and withdrawals except Bitcoin to stop any further losses. After a detailed investigation, Coincheck identified and published 11 addresses that contained the $523 million worth of coins.
Unfortunately, no one knows who owns the accounts, and there are no ways of retrieving the money from these accounts. NEM developers have created a tracking tool that automatically allows exchanges to reject stolen funds.
Lesson from this heist: When you’re not trading, send and store your crypto assets in a cold, hardware wallet like Ledger Nano X or Nano S, not on a centralised exchange where you don’t control your crypto. If you’re are don’t already have a hardware wallet check out our deals and promotions page for the best offers.
5. MT. Gox Exchange Hack
Exchanged Hacked: BitFinex Exchange
Alleged Hackers: Unknown
Amount: 850,000 Bitcoin
Established in 2010 in Tokyo, Japan, Mt. Gox was the largest crypto exchange handling 70% of all Bitcoin transactions at its peak in 2012. In 2011, the crypto exchange was hacked due to a malicious computer that belonged to one of the auditors at the company. Losing around 2,000 Bitcoins from its reserves.
However, the real blow came in 2014 when the company announced that it had lost 850,000 Bitcoins in a hack. This was 6% of all Bitcoin in circulation at the time and valued at close to $460 million.
In today’s market, the same 850,000 Bitcoin would be around $34 billion dollars. According to a leaked document by the exchange, this hack wasn’t a one-time thing. Robbers had been transferring assets from Mt. Gox for years. A few months after the hack, Mt. Gox filed for bankruptcy and was unable to refund its customers for their losses.
6. KuCoin Exchange Hack
Exchanged Hacked:KuCoin Hack
Alleged Hackers: Unknown
On September 25th, 2020, the People’s exchange KuCoin was attacked. With the hackers taking $281 million in popular cryptos like BTC, ETH and XRP. The hackers succeeded in finding out the private keys of one of KuCoin’s hot wallets. Then moved millions to their accounts.
After the hack, KuCoin froze transactions and refunded all customer wallets in full for their losses. KuCoin could do this because of the insurance fund they had in place for such emergencies.
These hackers have been clever, moving the money consistently since the hack happened. Using decentralised protocols and exchanges like UniSwap and Kyber. Plus, a portion of the stolen money was sent to currency mixing platforms like Chipmixer and Wasabi Wallet. Which they did to stay clear of any red flags.
Out of the $281 million, 84% of the funds have been recovered with the help of other crypto exchanges and security institutions. Whereas $45.5 million is still controlled by hackers.
What we’ve learnt from this heist: If you are using a centralised exchange like Binance or Coinbase, make sure to select one with insurance funds. Using an insured crypto exchange can often guarantee that you will be reimbursed for your loss.