The 5 Biggest Hacks in Cryptocurrency HistoryDate Written: December 12 2017 Written By: George Miller
The history of cryptocurrency has been strife with high-profile hacks that have taken away credibility from the technology. The common theme between all of the hacks is that they all targeted centralized exchanges and hot wallet services. A hot wallet is defined as a digital cryptocurrency wallet that is ran by a centralized company on a singular database, making it much easier to access for hackers to access.
Anyone who would have had their holdings stored in a hard wallet or separate wallet service would not have lost any value in all of the following cases. These hacks all show the importance of keeping cryptocurrency decentralized, and avoiding gathering so much sensitive information onto a central ledger of information, as the following entities did.
Mt. Gox Hack
The largest cryptocurrency hack to date that resulted in the most total value lost, the Mt. Gox exchange was at one point handling nearly 70% of the world’s total Bitcoin transactions. This hack was not surprising in hindsight, as Mt. Gox ran poor code and was not prepared to securely handle the volume of currency that it was in charge of.
The CEO of Mt. Gox, Mark Karpeles, insisted that he be the only individual that could affect changes to the code. This resulted in code that was quickly dated and unable to safely handle the scale that Mt. Gox had achieved. While CEO’s normally handle larger business goals and operational strategies, Karpeles shot himself in the foot by foolishly trying to handle such a large scale company’s code on his own.
Due to these circumstances and an abysmal code engineering department, hackers were able to slowly but surely drain funds from the Mt. Gox exchange for years without being detected. Some have speculated that it was an inside job, done by a disgruntled engineer who was tired of the disorganization and poor coding implemented on such an important exchange.
Overall, over $470 million was stolen from the exchange.
The DAO Hack
The DAO, or Decentralized Autonomous Organization, was an Ethereum-based exchange built to be a decentralized organization that ran off of smart contracts and code, and did not need people or code for governing. The DAO began when a group of coders wrote smart contracts that would run the organization Then, an initial funding period took place, in which community members contributed funds to the DAO by purchasing tokens that represent ownership – better known as an initial coin offering (ICO) – to provide the necessary resources for the DAO to operate.
When the funding period ended, the DAO was able to autonomously operate. Participants could then make proposals to the DAO on how to spend the funds, and the members who had equity in the organization could vote to approve or deny these proposals.
The underlying smart contract code that the DAO operated over had a critical weakness – one that was quickly exposed by hackers. They were able to drain over $3 million in Ether from the organization. In response, the Ethereum foundation issued a hard fork to the protocol in order to move these stolen funds to a new address. While the money was recovered, the community was divided on whether the fork would undermine the decentralized manifesto the blockchain adheres to.
With a total of 120,000 Bitcoin ($72 million) stolen, the Bitfinex hack was the second largest hack of an exchange platform, right behind Mt. Gox.
Bitfinex’s exchange provided users with multi signature verification in order to protect the wallets used to store their customer’s funds. A multisignature wallet is a common technique used by many digital wallets, and it requires multiple passwords and identity verification steps to verify users. But, Bitfinex made a critical error.
Bitfinex had a partnership with another major crypocurrency company, BitGo. In this partnership, it was agreed that Bitfinex would store two of the three keys for every wallet and BitGo would store the last key.
In the arrangement between these two companies, BitGo would be an extra layer of security to verify any transactions leaving Bitfinex. Bitfinex adopted this strategy to reduce the use of cold storage wallets on their platform (which are the safest means of storing cryptocurrency to this day), and many customer’s funds were stored in hot wallets present on their site.
When the servers were breached, the attackers managed to not only get Bitfinex to sign off on all of the unauthorized Bitcoin withdrawals, but BitGo’s security patform was also unsuccessful in detecting any fraudulent activity, and these illegal transactions were approved by both BitGo and Bitfinex.
There are still no specific details or information about how these hackers were able to get BitGo to sign the transactions on all the stolen funds. BitGo has publicly confirmed that their own servers were not compromised. Rumors have circulated that BitGo’s servers had no autonomy, and simply did whatever was told of them by Bitfinex. This resulted in less security than Bitfinex had been preaching.
The Bitcoin Protocol Hack
In 2010, when Bitcoin was still making a name for itself, a lone hacker was able to exploit a bug within the code and triggered 184 billion Bitcoin transactions on a single block in the chain. Luckily, Bitcoin developer Jeff Garzik was able to detect the malfunction only a couple hours after it occurred.
It took 3 hours for the developers and inventor Satoshi Nakamoto to patch the bug, get it approved, and then deploy a hard fork. No funds were lost during this event, and it actually helped boost the credibility and mission of Bitcoin in the public eye, as they showed they could handle high-profile hacks and prevent any loss of value to its community members with speed and efficiency.
A popular social media blockchain site, Steemit was the first of its kind. It allows users to be rewarded in cryptocurrency for being “content curators”, or more simply put, by posting good content and participating and commenting on other good content throughout the site. It is still the most popular UI that is powered by the blockchain.
The big problem with Steem was the fact that they use Steem wallets, or hot wallets that are based on their centralized site. As we mentioned, these types of wallets that are associated with centralized entities are vulnerable, and hackers were able to steal over $85,000 worth of Steem dollars from multiple user wallets.
These funds were never recovered, and this event illustrates the danger of a centralized database storage of digital currency.
How to Safeguard Your Crypto from Hacks
As we have discussed throughout this article, the common theme behind hacks are hot wallets – or wallets that are directly associated with a singular entity. Storing your funds in a separate, physical cold wallet (such as the Ledger Nano S) will prevent any possibility of a hacker gaining access to your personal digital currency holdings.