Cryptocurrencies have made headlines recently due to their surging value and plentiful tales of early investors becoming very rich. Cryptocurrency has also become strongly associated with cybercrime, with its lack of regulatory oversight and virtual nature making it easier to launder than conventional money. Indeed, it is often the currency demanded by ransomware operators.
These factors mean that organizations involved in legitimate cryptocurrency transactions are particularly high-value targets for hackers, who know they can potentially make their fortune through a single exploit.
Following several recent high-profile incidents of this nature, Infosecurity has compiled a list of the biggest known cryptocurrency heists to date. Hopefully, this will lay bare the scale of this problem and highlight why companies offering cryptocurrency services require the most stringent cybersecurity measures.
1) Poly Network (August 2021) – $610m
A record $610m worth of cryptocurrency was stolen when a hacker exploited a vulnerability in blockchain connection platform Poly Network. The funds were subsequently returned by the hacker, dubbed ‘Mr. White Hat,’ who claimed to be ethically motivated.
2) CoinCheck (January 2018) – $547m
NEM tokens, to the value of $547m, were stolen from Japanese cryptocurrency exchange Coincheck following a cyber-attack. The company quickly pledged to return 90% of the stolen tokens to affected customers, amounting to $425m.
3) Mt. Gox (March 2014) – $460m
The bitcoin exchange Mt. Gox was forced to file for bankruptcy after losing an astonishing $460m worth of the cryptocurrency to attackers in 2014 – when its value was far lower than it is today. There were fears at the time that the incident would spell the end of cryptocurrencies.
4) KuCoin (September 2020) – $281m
A cyber-attack on crypto exchange service KuCoin led to the theft of $281m worth of funds, although the company revealed that $204m was recovered by the following week. A subsequent United Nations report blamed the incident on North Korean threat actors.
5) Bitgrail (February 2018) – $170m
Italian cryptocurrency exchange Bitgrail suffered a cryptoheist of 17m Nano, equivalent to around $170m. In 2019, a landmark court ruling found that Bitgrail’s owner, Frances Firano, was at fault for the loss and was mandated to return the assets to those affected.
6) Liquid (August 2021) – $97m
The Japanese cryptocurrency exchange was estimated to have lost $97m in cryptocurrencies after being targeted by threat actors.
7) Bitfinex (August 2016) – $72m
Customers of Hong Kong-based bitcoin exchange Bitfinex were estimated to have lost $72m of the cryptocurrency following a security breach. Five years later, in 2021, the 120,000 bitcoins stolen are estimated to be worth almost $7bn, and most of the funds have still not yet been laundered or exchanged.
8) NiceHash (December 2017) – $64m
Cryptomining firm, NiceHash, suffered a payment system compromise that led to the theft of $64m worth of currency. Three years later, in December 2020, the company fully reimbursed users who were affected by the hack.
9) Zaif (September 2018) – $60m
Another Japanese cryptocurrency exchange, Zaif, lost $60m worth of funds following a cyber-attack, $40m of which belonged to its customers. The firm quickly took steps to reimburse affected users.
10) Upbit (November 2019) – $52m
South Korean cryptocurrency exchange Upbit was forced to temporarily suspend account transactions after being hit by a major online heist. Subsequent investigations found the money was laundered using highly sophisticated techniques.