Hardly a day goes by without issues of an exchange being hacked or a new phishing campaign doing the rounds on the internet. Even then, many newbie investors make the mistake of keeping their crypto holdings in hot wallets hosted by their parent exchange. 

The Countdown

If ever you needed convincing about the need to cold store your tokens, these ingenious hacks should do the job.

5. Bitfinex

Bitfinex remains one of the world’s top cryptocurrency exchanges, moving billions of dollars’ worth of digital currencies on a daily basis. However, despite being well-known and well-used, in August 2016, the trading platform fell victim to an attack which has been deemed to be the second largest in crypto history at the time. It has been noted that hackers took off with 120,000 Bitcoins, which were worth $73 million at the time.

How was this attack possible? Ironically, the weak link in the mega-exchange was its use of multi-signature wallets that were brought on to improve customer security. Bad coding meant that instead of multiple points of entry, there was just one point of failure. This made Bitfinex an easy victim, causing Bitcoin’s value to plummet by 20 per cent back then.

4. The Smominru Miner

Unlike a high-profile hit-and-run attack at an exchange or a 51 percent attack on a network, this cryptojacking deserves a place on the list for its brazen ingenuity. Running for several months, the giant cryptocurrency mining botnet was able to infect over half a million computers using EternalBlue, the same vehicle that made the WannaCry ransomware outbreak so destructive.

Unlike making off with millions of dollars in one swoop, the Smominru Miner cryptojacked multiple devices and fed off their CPUs, collecting the power of over 500,000 machines to mine $3 million of Monero over time— without the victims even noticing.

3. The DAO

Of course, no cryptocurrency hacking list would be complete without a mention of the DAO that turned Ethereum on its head for a while. As usual, the flaw was not with the underlying blockchain technology itself, but a loophole in a smart contract.

In case you hadn’t heard, The DAO was an Ethereum based smart contract that worked like a venture capital fund. Investors used crowdfunding and then got a vote in which companies to invest in.

Enter an ingenious hacker to add a recursive function in the withdrawal request that made The DAO hand over more and more Ether for the same DAO tokens, resulting in a loss of $50 million and a divorce within the community— leading to the creation of Ethereum Classic and Ethereum as we know them today.

2. Coincheck

Surpassing the Bitfinex hack in terms of lost funds, in January 2018, hackers stole $532 million of NEM cryptocurrency from the Tokyo based exchange.

What makes this hack so noteworthy (apart from the scale and epicness of it) is the fact that hackers didn’t go after Bitcoin or Ethereum. Instead, they targeted the significantly less popular NEM currency.

The Coincheck hack also had a slightly rosier outcome since all affected users were repaid in Yen by the exchange and while the hacker created 11 different accounts, they are now all tagged with:

coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker.

1. Mt. Gox

Still the number one hack till date to have affected the cryptoverse. There isn’t a single person who still doesn’t take a deep breath when they hear the words “Mt. Gox” mentioned.

In 2014, Mt. Gox was handling a whopping 70 percent of all Bitcoin transactions and despite the security breach of 2011, hackers were able to enter the system and steal almost 850,000 Bitcoins, valued around $450 million. While some of them were later recovered, hardly any Mt. Gox victims have yet to see the benefits.

In Closing

The takeaway? No matter how safe you believe blockchain to be, secondary exchanges are not. As Bitfinex proved, exchanges can try to improve their security, but that only makes hackers step up their game even more.

So, be cautious out there and get your crypto holdings into a cold storage platform ASAP.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.