3 months ago

    An abridged history of exchange hacks

    An abridged history of exchange hacks
    Table of contents

      In this book, we’ve cautioned against holding large amounts of money in online exchanges. The reasoning behind that has a long and storied history of crime, skullduggery, and extremely poor choices.

      If an institution holds a large sum of money, someone will eventually try to steal some. The cryptocurrency era has seen its fair share of would-be Bonnies and Clydes. Whether or not thieves are successful mainly relies on a combination of factors: the exchange’s competence, the hacker’s luck, and some skill.

      Extremely attractive targets with insane amounts of money. Bitcoin and cryptocurrencies in general are attractive to criminals because the transactions are irrevocable, and the funds can be laundered. Contrary popular belief, laundering money via crypto isn’t easy at all. As KYC and AML legislation becomes more common, hacking exchanges has become significantly more difficult. However, people are still managing, with 1.4 billion in crypto stolen in the first five months of 2020 alone.

      Beyond hacks, there are many different ways to lose funds to a crypto exchange. Below are some representative examples of what has befallen exchanges.

      Mt. Gox – major incompetence

      No discussion of exchange hacks is complete without a reference to Mt. Gox, a hack so large it has become legend. The sheer incompetence of the owner leading to such catastrophic losses makes the Mt. Gox hack the Bitcoiner’s equivalent to a campfire ghost story. Mt Gox also stands out as a two-parter, with breaches in 2011 and 2014.

      Mt. Gox was founded in 2006 in order to facilitate the trading of fantasy game “Magic: The Gathering Online” cards. Founder Jed McCaleb relaunched Mt. Gox as a bitcoin exchange in 2010, selling the exchange to French developer Mark Karpeles in March 2011. In June 2011, 25,000 BTC was stolen, and Mt. Gox’s user database leaked. Famously, the price of Bitcoin dropped from $17 to one cent after a large BTC transfer.

      Mt. Gox proceeded to become even more successful, at one point processing 70% of the world’s Bitcoin transactions.

      In February 2014, Mt. Gox paused all bitcoin withdrawals, stating that the issue was due to a bug in the Bitcoin software. A few weeks later, the exchange wiped their Twitter feed, moved their office, and took the website offline. Leaked documents revealed that Mt. Gox was insolvent after losing 744,408 bitcoins over the span of years. The value of Bitcoin plummeted, dropping 36%, and a major liquidity crisis ensued.

      QuadrigaCX – force majeure

      At one point, QuadrigaCX was Canada’s largest Bitcoin exchange, processing nearly $2 billion in trades at a high point in 2017. Everything was going well for the exchange, up until founder Gerald Cotten died. With him went all knowledge of the private keys to cold wallets storing a fortune in Bitcoin. Cotten left behind a wife, two Chihuahuas, and 76,000 clients owed a combined $215 million in assets. Initially, the story went that Cotten had died and took all access to the exchange’s cold wallets with him to the grave. As more details came out, however, it became apparent that Cotten was running QuadrigaCX like a Ponzi scheme, and had misused client assets at will for years. Some even believe that Cotten faked his death in an elaborate exit scam. As of now, there are no solid answers.

      Coinbase

      In 2019, Coinbase was subject to a chillingly well thought out attack by a professional hacker group known as CRYPTO-3, or HYDSEVEN. The group spent between half a million to a million dollars to create an elaborate, multi-stage setup using the most sophisticated tools available at an incredible speed. Coinbase’s security team narrowly avoided disaster by catching and blocking the attack at the last minute. Had it succeeded, the hackers could have gained access to billions of dollars worth of customer funds. Hackers are taking the crypto space seriously, and large exchanges like Coinbase are tempting, high-profile targets.

      BTC-e – force majeure (US gov’t)

      Does the US government count as force majeure? BTC-e was a Russia-based exchange founded in 2011. Thanks to its lack of KYC requirements for users and relaxed approach to regulation, by 2016 BTC-e was the third biggest crypto exchange in the world, attracting legitimate investors as well as criminals looking to launder funds. The exchange’s owner, Alexander Vinnik, was indicted by the US Department of Justice in 2017 on 21 counts of money laundering. BTC-e was also suspected of being heavily involved with laundering some 300,000 BTC from MtGox. The exchange quickly folded. Another apparently unrelated but clearly connected exchange called WEX was set up soon after. WEX resulted in another set of scandals involving the Kremlin, the FSB (or FSB impersonators), and further losses.

      BTER – not a cold wallet!

      When is a cold wallet not a cold wallet? A cold wallet is commonly accepted to mean a cryptocurrency wallet that is not connected to the Internet. Cold wallets are conceptually much more difficult to hack. In 2015, China-based exchange BTER announced that 7,170 BTC had been stolen from cold storage. This puzzled users, leading some to believe it was an inside job. Seeing as the exchange had been hacked the previous year, and would then be hacked twice more after it rebranded to Gate.io, there may be some endemic security problems that haven’t yet been dealt with.

      So, to cap that off, there are a few key principles to observe.

      Crypto is borderless and has amassed a huge following around the world. With that in mind, it was difficult to choose the top 20 countries. Over the course of two months we combed through a wealth of primary and secondary sources to arrive at these conclusions. Of course, things are constantly changing, and there might be something you think we’ve missed. We’re already refining our methodology for the next global crypto ranking, but we’d love your feedback. What do you think? Share, comment, or take us to task for not including Switzerland.

      • Don’t put bitcoin that you aren’t transacting with in hot storage
      • Don’t keep bitcoin in an exchange for longer than absolutely necessary
      • Never, ever, ever share your private keys or recovery phrase. With anyone. Ever. For any reason at all. Unless you want them to steal your bitcoin, in which case go for it.

      References

      1. https://www.coindesk.com/crypto-criminals-have-already-stolen-1-4b-in-2020-says-ciphertrace
      2. https://arstechnica.com/tech-policy/2011/06/bitcoin-price-plummets-on-compromised-exchange/
      3. https://web.archive.org/web/20140210122955/https://www.mtgox.com/press_release_20140210.html
      4. https://blog.coinbase.com/responding-to-firefox-0-days-in-the-wild-d9c85a57f15b
      5. https://www.technologyreview.com/2019/08/08/133823/an-attempted-heist-at-coinbase-was-scary-good-even-though-it-failed/
      6. https://www.bbc.com/news/world-europe-50821547
      7. https://www.theverge.com/2017/7/29/16060344/btce-bitcoin-exchange-takedown-mt-gox-theft-law-enforcement
      0 0 votes
      Rating
      Subscribe
      Notify of
      guest
      0 Comments
      Inline Feedbacks
      View all comments
      CryptoNFT
      What is the metaverse?
      Sometimes when things come along that are brand new and generating quite a buzz, like the metaverse, it’s often as useful to know what they aren’t...
      5 months ago
      Cryptocurrencies
      An abridged history of exchange hacks
      In this book, we’ve cautioned against holding large amounts of money in online exchanges. The reasoning behind that has a long and storied history o...
      5 months ago
      CryptoTax
      The Coincub’s crypto continent ranking for 2022
      Which continents lead the way in crypto adoptions, and which are falling behind? Do continents display individual traits and characteristics? And is ...
      5 months ago

    Choose the best for you

    Want to know the best countries in the world for doing business, where crypto tax implications are more favourable, which countries have the most progressive crypto legislation? The Coincub rankings are already an indispensable part of the crypto and blockchain world. Find out how Coincub can provide you orgnaisation with information and analysis tailored to your specific needs and/or to meet your planned activities.

    Report
    $191pcs / Last report (#1)
    Your Coincub report: “Best countries for doing crypto business” can be downloaded after the payment is successful.
    Buy report now
    Subscription
    $114$955pcs + 1 free / Year’s subscription
    Why not sign up for a year’s subscription and get one for free? Six exclusive crypto report for only $95.
    Subscribe now
    Institution
    Contact us
    Professional data, metrics and analysis, custom features, and bespoke market reports for even the most demanding organizations.
    Contact us now

    Crypto insights delivered straight to your inbox

    Subscribe to our newsletter, you are in very good company

    Loading
    This is not financial advice. Coincub is an independent publisher and comparison service. Its articles, interactive tools and other content are provided to you for free, as self-help tools and for informational purposes only. This space changes rapidly and evolving, so please make sure to do your own research. Although we do our best to provide you the best information, we cannot guarantee the accuracy or applicability of any information on this site or in regard to your individual circumstances.
    1
    0
    Would love your thoughts, please comment.x
    ()
    x