Cryptocurrencies are often touted as a secure and decentralized alternative to traditional money systems. However, they are not immune to hacking and theft, as many unfortunate investors have learned over the years. In this article, we will look at some of the biggest hacks in crypto history, how they happened, and what we can learn from them to protect our own digital assets.
1. Ronin Network: $625 Million (March 2022)
The largest cryptocurrency hack to date was conducted in March 2022 and targeted the network that supports the popular Axie Infinity blockchain gaming platform. Hackers breached the Ronin Network and made off with around $625 million worth of Ethereum and the USDC stablecoin. The U.S. officials said that a North Korean state-backed hacking collective, Lazarus Group, was linked to the theft. Binance was able to recover $5.8 million of the stolen funds a month later, but it would still be the largest hack in history.
The hack occurred because the developers were experimenting with code that had not been deployed yet. The code was meant to fix bugs in the project but actually provided a loophole for the hacker to enter the project and send themselves 120,000 wETH, worth over $325 million at the time. The hacker also exploited a vulnerability in the Ronin Bridge smart contract, which allows users to transfer assets between Ethereum and Ronin, and drained another $300 million worth of USDC. The hacker later claimed that they did it for fun and returned some of the funds after communicating with the Poly Network team.
The Ronin Network hack shows the importance of testing and auditing code before deploying it on a live network. It also highlights the risks of trusting third-party platforms and bridges that may have security flaws or malicious actors. Users should always do their own research and due diligence before using any service or product in the crypto space.
2. Poly Network: $611 Million (August 2021)
In August 2021, a lone hacker pounced on a vulnerability in the Poly Network decentralized finance platform and made off with over $600 million. The project’s developers issued an appeal on Twitter for the stolen funds, which included $33 million Tether. The Poly Network then established several addresses for the funds to be returned and the unknown hacker began to cooperate. After only two days, around $300 million had been recovered and it emerged that the hacker had targeted the network “for fun” or as a challenge.
The Poly Network is a cross-chain protocol that allows users to swap tokens across different blockchains, such as Bitcoin, Ethereum, Binance Smart Chain, and Polygon. The hacker exploited a flaw in the contract calls between these chains and transferred large amounts of various tokens to their own addresses. The hacker later said that they wanted to expose the vulnerability and teach people a lesson about security. They also claimed that they did not intend to keep the money and returned most of it after negotiating with the Poly Network team.
The Poly Network hack demonstrates the complexity and fragility of cross-chain interoperability. It also shows that hackers may have different motives and ethics than simply stealing money. Users should be aware of the potential risks and trade-offs involved in using cross-chain platforms and services.
3. Coincheck: $534 Million (January 2018)
One of the most notorious hacks in crypto history occurred in January 2018, when Japanese cryptocurrency exchange Coincheck was hacked for $534 million worth of NEM coins (XEM). The attack was one of the largest thefts of digital assets ever and shook the confidence of many investors in the crypto market. Coincheck later compensated its customers with its own funds and resumed its operations after improving its security measures.
The hack happened because Coincheck stored most of its NEM coins in a single hot wallet, which is connected to the internet and vulnerable to hacking. The hackers gained access to the wallet’s private key and transferred 523 million XEM to multiple addresses.
The Coincheck hack illustrates the importance of using cold wallets, which are offline and more secure, to store large amounts of cryptocurrencies. It also shows that hackers may use clever or malicious techniques to evade detection or mock their victims. Users should always choose reputable and regulated exchanges that have adequate security and insurance policies.
4. Mt. Gox: $470 Million (2011-2014)
The Mt. Gox hack was the first major cryptocurrency theft and it remains one of the most well-known. Once the world’s largest exchange, Mt. Gox was a company in Tokyo, Japan that handled over 70% of all Bitcoin transactions at its peak. However, it was plagued by security breaches, technical issues, and legal troubles that eventually led to its downfall. In February 2014, Mt. Gox suspended its operations and filed for bankruptcy claiming that it had lost 850,000 bitcoins, worth around $470 million at the time, due to hacking. The company later said that it had recovered 200,000 bitcoins from an old wallet, but the remaining 650,000 bitcoins were never found.
The hack was a result of a combination of factors, including poor management, inadequate security, and regulatory issues. The hackers exploited a vulnerability in the Bitcoin protocol called transaction malleability, which allowed them to alter the transaction IDs and make it seem like they had not received their bitcoins from Mt. Gox. They then requested the exchange to resend the bitcoins, effectively doubling their money. The hackers also stole bitcoins directly from Mt. Gox’s hot wallets and servers over a period of several years. The exchange failed to notice the theft until it was too late, as it relied on faulty accounting systems and did not perform regular audits.
The Mt. Gox hack is a cautionary tale of how not to run a cryptocurrency exchange. It also shows that hackers may exploit weaknesses in both the technology and the human aspects of the crypto industry. Users should always be vigilant and cautious when dealing with exchanges and wallets, and never store more than they can afford to lose.
5. KuCoin: $281 Million (September 2020)
In September 2020, Singapore-based cryptocurrency exchange KuCoin suffered a massive hack that resulted in the loss of $281 million worth of various tokens. The hackers managed to access the exchange’s hot wallets and transferred the funds to their own addresses. KuCoin quickly froze all deposits and withdrawals and launched an investigation into the incident. The exchange also worked with other exchanges, projects, and law enforcement agencies to track and recover the stolen funds.
The hack was possible because KuCoin did not implement sufficient security measures to protect its hot wallets. The hackers used a phishing attack to obtain the private keys of the wallets and bypassed the multi-signature verification system. The hackers also used a technique called “dusting”, which involves sending small amounts of tokens to multiple addresses to disguise their tracks. The hackers tried to launder the stolen funds through various platforms, such as decentralized exchanges, mixers, and gambling sites.
The KuCoin hack shows that even large and reputable exchanges can be vulnerable to hacking and theft. It also shows that hackers may use sophisticated methods to evade detection and traceability. Users should always use strong passwords and two-factor authentication for their accounts, and avoid clicking on suspicious links or emails. Users should also diversify their holdings across different platforms and wallets, and use cold wallets for long-term storage.
Cryptocurrencies are an exciting and innovative technology that offer many benefits and opportunities for users. However, they also come with risks and challenges that require vigilance and responsibility. Hackers are constantly looking for ways to exploit vulnerabilities and weaknesses in the crypto space, and users should always be prepared for the worst-case scenarios. By learning from the past hacks and following best practices, users can protect their digital assets and enjoy the crypto revolution.