Hackers are dogging cryptocurrencies.
It starts with nightmarish messages like this:
Yesterday, we discovered that funds were improperly removed from the Tether treasury wallet through malicious action by an external attacker. Tether integrators must take immediate action, as discussed below, to prevent further ecosystem disruption.
Disappeared: $31 million in tether tokens. This was reported Monday night by Tether, the company behind the cryptocurrency “tether,” with a market capitalization of $673 million, according to CoinMarketCap. The value of tether, which is “tethered” to the US dollar, continued to hover around $1.
But bitcoin plunged 5% and then recovered. Tether is used is used as a medium to transfer cryptocurrencies to other exchanges in other countries without using the dollar and without using banks.
The hack had taken place on November 19, Tether said. The tokens were sent to an “unauthorized bitcoin address.” The company said it’s trying to prevent the stolen tokens from being converted into dollars or enter “the broader ecosystem.”
Sure, there are thefts of all currencies. But there’s a difference. When someone steals money from your bank account by hacking into the bank, the bank is responsible and makes you whole. When someone hacks into a cryptocurrency, no one covers it.
These hacks of cryptocurrencies are just about as old as cryptocurrencies themselves. In June, 2011, a user named ALLINVAIN made off with 25,000 bitcoins, at the time valued at $775,000, today valued at $200 million. It went on from there.
The biggest hack remains Mt. Gox, which at the time was handling 70% of the global bitcoin transactions. The exchange, located in Tokyo, revealed the hack in February 2014. Apparently 650,000 bitcoins ($473 million at the time) had disappeared over a period of several years. At today’s prices, the hack would have amounted to $5.2 billion.
Here are some of the major cryptocurrency hacks:
August 2017, Enigma ICO (Initial Coin Offering) was hacked, 1,500 Ether ($500,000) stolen. Store of Value writes:
The hacker was able to break into Enigma’s website, Slack group, and mailing list and sent fraudulent messages to the project’s community asking for money. This allowed the hacker to gather almost 1,500 Ether (about $500,000). This is despite a previous warning by Enigma that it would not collect money in this way until its ICO in September.
July 2017, Veritaseum’s Ether wallet hacked, about $8 million stolen after its ICO on May 26th. Store of Value:
[O]n July 23rd, Middleton [founder Reggie Middleton of the Boom Bust Blog] claimed in Veritaseum’s Slack group that hackers stole 36,000 VERI tokens out of a wallet held by the company. This is how Middleton described the hack: “The hackers thwarted 2FA, on two different accounts, and finagled 3rd parties security among several other things. They went through quite a bit of effort, alas going through that much effort caused them to leave a bread crumb trail as well. I hate thieves.”
July 2017, Parity Multisig Wallet was hacked, according to ParityTech. “A vulnerability in the Parity Wallet library contract of the standard multi-sig contract has been found,” the company said. Via this vulnerability, hackers drained 153,037 Ether ($32 million) from three multi-signature contracts that were used to store funds from prior ICOs (Swarm City, Edgeless Casino, and æternity).
July 2017, Bithumb, the world’s fourth largest Bitcoin exchange and largest Ether exchange, was hacked, according to Hacker News. Claims “started to surface” that “billions of won” disappeared from compromised accounts at the Korean exchange. At the time, actual loss data remained unclear.
July 2017 (a busy month for cryptocurrency thefts), CoinDash ICO was hacked and 37,000 ether ($7 million) were stolen. Store of Value:
CoinDash is an Israeli startup that conducted an ICO in July of this year to raise funds. However, just 13 minutes into the crowdsale, a hacker was able to change the Ethereum address posted on the ICO’s website. This address is where interested investors should send their Ether to in order to receive CoinDash tokens in return.
October 2016, Bitcurex, a bitcoin trading platform in Poland, suddenly shut down. A few days later, it posted a notice on the otherwise dead site that an update had gone awry and asked customers to be patient. January 2017, the owner of the exchange “disappears,” as the exchange remained shut down and its 2,300 bitcoins ($2.6 million) are gone. Polish authorities started investigating.
August 2016, Bitfinex, which doesn’t even disclose where it is located (it’s incorporated in the British Virgin Islands at a mailbox address and files some paperwork in Hong Kong), was hacked again, after its May 2015 hack. This time, 119,756 bitcoins were stolen ($72 million), at the time the second largest heist, after Mt. Gox. The exchange is the world’s largest dollar-based bitcoin exchange. The same people that own Bitfinex set up Tether, also in the British Virgin Islands, a fact that became known via the leaked “Paradise Papers.”
July 2016, social media blockchain Steemit was hacked, 260 accounts compromised, and $85,000 in Steem and Steem Dollars stolen.
June 2016, Ethereum project Decentralized Autonomous Organization (DAO) was hacked, “more than 3,600,000 ether” ($72 million at the time) were stolen. Hackers had exploited a known vulnerability. CoinDesk explains:
Unfortunately, while programmers were working on fixing this and other problems, an unknown attacker began using this approach to start draining The DAO of ether collected from the sale of its tokens.
May 2016, Gatecoin, a Hong Kong based exchange, was hacked. It claimed it lost 250 bitcoins and 185,000 Ether, about $2.14 million at the time.
March 2016, Canada-based Cointrader shut down after an audit showed “a deficiency of bitcoin.”
March 2016, ShapeShift which on its site claims to be “the safest, fastest asset exchange on Earth” was hacked three times in a two-week period. Each time, the hot wallets were cleaned out. Disappeared: 469 bitcoins, 5,800 Ether, 1,900 Litecoins ($230,000 in total).
January 2016, Cryptsy claimed it had been hacked and shut down. Disappeared: about $6 million in bitcoin and Litecoin. In August 2016, CoindDesk reported:
Cryptsy CEO Paul Vernon may have stolen as much as $3.3 million from the now-defunct digital currency exchange and destroyed evidence of his illicit actions. That’s according to new court documents from the ongoing class action lawsuit filed against the troubled industry exec.
May 2015, Bitfinex announced that it was hacked and its “hot wallet might have been compromised.” Turns out, 1,500 bitcoin (at the time $350,000) were stolen.
January 2015, BTer in China was hacked, 7,170 bitcoins ($1.8 million at the time) were stolen.
January 2015, KipCoin in China was hacked, about 3,000 bitcoins were stolen ($800,000 at the time).
And there more:
Going deeper into history, here are some more cryptocurrency hacks, via Bitcoin Exchange Guide:
July 2014, 3,700 bitcoins ($2 million) stolen on Mintpal.
July 2014, 5,000 bitcoins ($1.8 million) stolen on Bitpay.
March, 2014, 150 bitcoins ($101,000) stolen on bitCoin.
March 2014, 896 bitcoins ($572,000) stolen on Flexcoin.
February 2014, 650,000 bitcoins stolen on Mt.Gox, largest heist so far (see above).
November 2013, 1,296 bitcoins ($1.46 million) stolen on BIPS.
November 2013, 4,100 bitcoins ($5.6 million) stolen on Inputs.
November 2013, $6,000 bitcoins ($6.7 million) stolen on PicoStocks.
November 2012, 263,024 bitcoin ($3.4 million) stolen on ironically named Bitcoin Saving & Trust. That would amount to $2 billion at today’s price.
September 2012, 24,000 bitcoins ($250,000) stolen on Bitfloor.
March 2012, 46,703 bitcoins ($6 million) stolen on Bitcoinica.
June 2011, 25,000 bitcoins ($775,000) stolen by a user known as “ALLINVAIN.”
Is his Peak Crypto Craziness? This is what happened over the weekend ten days ago. Read… “Bitcoin Cash” Quadruples in 2 Days. Bitcoin Crashes by $35 Billion
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.