South Korea’s Bithumb has become the latest cryptocurrency exchange to have been hit by hackers, with 35bn South Korean won ($31.5m) reported to have been stolen.
This is the latest in a growing list of attacks on South Korean exchanges this year. Last week saw millions of dollars go missing from the Coinrail exchange. Likewise, Coincheck was the victim of the biggest attack on an exchange yet earlier this year.
There has been much debate over the safety of keeping your coins in an exchange and these costly cryptocurrency hacks suggest that investing in an offline wallet is probably a good idea. According to cybersecurity company Carbon Black, more than $1.1bn worth of cryptocurrencies was stolen in the first half of 2018.
In the grand scheme of things, the money taken from Bithumb this week was merely spare change.
To get an idea of the frequency and scale of how much has gone missing, here are the most costly cryptocurrency hacks in history:
Parity multisig wallet exploit – July 2017
Value then: $32m
Value now: $80m
A hacker was able to steal 153,000 Ethereum tokens after discovering a vulnerability that allowed them to drain funds from wallets belonging to three high-profile Ether addresses.
The owners of these addresses were believed to be the Ethereum-powered online casino Edgeless, decentralised commerce platform Swarm City and smart contracts platform aeternity.
These three companies had recently held initial coin offerings (ICOs) and their wallets therefore contained large amounts of money.
Swarm City has since confirmed that it was one of the targets.
Coinrail – June 2018
Value then: $37m
Value now: $47m
Just a week before the Bithumb hack, another South Korean exchange, Coinrail, was the target of an attack. According to the platform, hackers made off with as much as $40m worth of cryptocurrencies Pundi X and Aston.
Immediately after the attack was discovered, Coinrail was put into maintenance and all remaining tokens (thought to be about 70% of all tokens that were stored in the Coinrail exchange) were moved to a cold (offline) wallet. It has yet to be confirmed whether customers will be reimbursed for the lost coins and when, or if the exchange will return.
The hack has been traced to an Ethereum address which received large amounts of various cryptocurrencies just before the attack was discovered. The address tried to sell a large amount of NPXS tokens on the IDEX exchange soon after. This addresses’ assets have since been frozen.
NiceHash – December 2017
Value then: $64m
Value now: $31m
Hackers switched their attention from exchanges to the NiceHash mining service in late 2017. Making use of something as simple as a compromised company computer, the hacker was able to get away with 4,400 bitcoins, worth more than $60m at the time, from customers’ accounts.
While the funds weren’t recovered, NiceHash promised to compensate their customers in full. Within a few weeks, the lost bitcoins were back in customer accounts.
Bitfinex – August 2016
Value then: $72m
Value now: $79m
A vulnerability in the way that cryptocurrency exchange Bitfinex processed transactions allowed a hacker to steal 120,000 bitcoin from its customers.
At the time, this was the second largest cryptocurrency hack in history and customers expected that their funds were lost forever. The news forced the price of bitcoin down by almost 20%.
Rather than ceasing operations, Bitfinex instead reduced the balance of all of their accounts by 36%, regardless of whether they had been compromised, to cover the losses. Customers were given an alternative cryptocurrency, BFX tokens, in exchange, which Bitfinex promised to buy back over time.
By April 2017, Bitfinex had fully reimbursed all of its customers.
BitGrail – February 2018
Value then: $195m
Value now: $46m
There are doubts in the crypto-community whether the 17m Nano tokens, worth approximately $195m, that went missing from the BitGrail exchange was the result of a hack or a well-planned exit scam.
Following the cryptocurrency hack, many accused BitGrail founder Francesco Firano of siphoning off customer funds and claiming theft to cover up his actions. Many pointed to the fact that BitGrail had recently halted withdrawals of Nano to support this claim.
The developers behind Nano were among those that accused Firano. However, the BitGrail founder maintained that it was the result of a hack.
Rumours also circulated that a withdrawal bug had allowed customers to essentially double their balance by placing two orders at once, before making off with the gained funds.
Mt. Gox – February 2014
Value then: $340m
Value now: $5.6bn
Many cryptocurrency hacks involve small, shoddily ran exchanges. However, Mt. Gox was a reputable company that the vast majority of bitcoin buyers trusted to safely handle their funds. In 2014, the exchange was involved in 70% of all bitcoin transactions.
However, its status wasn’t able to protect it from attackers.
In 2014, the company announced that somebody had been stealing cryptocurrencies from Mt. Gox addresses since 2011, with as much as $460m having gone missing. While 200,000 of the 850,000 stolen bitcoins have since been found, as much as $4.2bn in lost cryptocurrency has never been recover.
The hack forced Mt. Gox to suspend all trading and declare bankruptcy. In the wake of the theft, the value of bitcoin also dropped by 36%.
Coincheck – January 2018
Value then: $526m
Value now: $96m
Coincheck made the mistake of storing customer funds in hot wallets, addresses that were accessible over the internet, and a hacker duly exploited it, making off with the largest haul in the history of cryptocurrency.
A South Korean intelligence agency that was tasked with investigating the hack concluded that Kim Jong-un’s North Korea regime was likely behind the attack.
The currency stolen, NEM, was in the middle of a huge peak. However, prices have sharply fallen since the attack occurred. The hacker made off with more than half a billion dollars. However, the stolen funds are now worth just a fraction of that.
Bitcoin exploit – August 2010
Value then: $21.2bn
Value now: $1.8 quadrillion
The Coincheck hack was the biggest attack on a cryptocurrency exchange to date. However, it wasn’t the largest theft of cryptocurrency. That title is owned by the value overflow incident, in which a hacker was able to exploit a flaw in the bitcoin system to create 184bn units of the cryptocurrency.
At the time, a single bitcoin was worth less than a dollar. However, the hacker still saw their worth grow by more than $20bn.
Given the value of bitcoin has since increased 6,000-fold, the same haul would be worth approximately $1.8 quadrillion today, which would make the hacker the richest person in the world.
However, the rogue transactions were quickly discovered and the community agreed to “fork”, or reverse the transaction, meaning all other transactions, legitimate or otherwise, that were completed after this were also reversed.
The person(s) behind the exploit has never revealed themselves. The legitimate 0.5 BTC used in the exploit remains unspent to this day, despite being valued at more than $3,000.