806 hack event(s)
Description of the event: BitGrail claims that $195 million of customers have stolen cryptocurrencies in Nano (XRB).
Amount of loss: 195,000,000 USD Attack method: Unknown
Description of the event: Unidentified assailants stole 523 million NEM coins (about $534 million) from the exchange's hot wallet. According to Coincheck, NEM coins are kept on a single-signature hot wallet instead of a more secure multi-signature wallet, and the stolen coins are confirmed to be Coincheck customers.
Amount of loss: 534,000,000 USD Attack method: Stolen hot wallet
Description of the event: User orbit84 posted on Reddit that a hacker entered his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attacker's wallet seems to have accumulated about $400,000 worth of cryptocurrency, and its market value has almost tripled in the past month. In a statement, the founder of BlackWallet claimed that the open source online "star wallet" BlackWallet had been hacked.
Amount of loss: $ 400,000 Attack method: DNS hijacking
Description of the event: In the wee hours of December 19, Youbit was dealt a death blow in the form of another hack. The exchange, which was also hit in April, is closing down in the fallout of the most recent attack. As revealed on its website, they had been forced to terminate its services after suffering another hack. The hackers ran off with 17% of Youbit’s funds, enough to drive the exchange into bankruptcy.
Amount of loss: - Attack method: Unknown
Description of the event: Nicehash appears to have shuttered their website with a notice saying “a security breach involving NiceHash website” and “our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen”.
Amount of loss: 4,736.42 BTC Attack method: Unknown
Description of the event: Tether, the issuer of USDT, issued a statement stating that its system was hacked by an external attacker on the 19th of this month and stolen USDT tokens worth approximately $31 million from its Tether Treasury wallet.
Amount of loss: 31,000,000 USD Attack method: Tether Treasury wallet stolen
Description of the event: On June 18,2019, the US Commodity Futures Trading Commission (CFTC) announced it had initiated a civil enforcement action against a now-defunct cryptocurrency trading and investment company for misappropriating $147 million worth of Bitcoin. The Complaint charges the defendants—Control-Finance Limited and its principal, Benjamin Reynolds—with exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22,858.822 Bitcoin from more than 1,000 customers through a classic (HYIP) Ponzi scheme called the Control-Finance Affiliate Program.
Amount of loss: 22,858.822 BTC Attack method: Scam
Description of the event: According to internet rumors, 66,000 bitcoins were suspected to have been stolen from the BTC-e exchange. The user inquired on the blockchain that the block with a block height of 477472 was transferred out of 66163.40004136 bitcoins. It is suspected that the BTC-e user was stolen by hackers of a huge amount of bitcoins.
Amount of loss: 990,000,000 USD Attack method: Unknown
Description of the event: On July 29, 2017, the Ethereum multi-signature wallet company Parity issued a security alert, notifying users of serious vulnerabilities in its wallet v1.5 or later. That day, a black hat hacker used the vulnerability to exhaust the Parity wallets of three Ethereum projects, stealing a total of 153,037 ETH from Swarm City, Edgeless, and Aeternity.
Amount of loss: 153,037 ETH Attack method: Unauthorized operation
Description of the event: Hacker steals $7.4 million in ethereum during CoinDash ICO launch. At the time of the ICO, in which CoinDash posted a string of characters which represented its wallet address for investors to send funds to, it appears that the hacker compromised the website and changed this text to a wallet they control. It was a matter of minutes before the platform realized the security breach had taken place and warned investors, but it was too late -- and now the stolen funds intended for CoinDash are simply sitting in a wallet awaiting collection.
Amount of loss: 7,400,000 USD Attack method: Destroy the website, replace the address.
Description of the event: Bithumb is one of the five largest bitcoin exchanges in the world. Hackers succeeded in grabbing the personal information of 31,800 Bithumb website users, including their names, mobile phone numbers and email addresses. The exchange claims that this number represents approximately three percent of customers. And the exchange further claims that the breach was made to a personal computer belonging to an employee, and not the exchange’s internal network, servers nor digital currency wallets. Attackers appear to have stolen enough credentials to begin a process of “voice phishing,” where the scammers call up victims one at a time and pose as representatives of Bithumb.
Amount of loss: 1,000,000 USD Attack method: Phishing attack
Description of the event: Yapizon, a South Korean Bitcoin exchange, announced last week it lost 3831 Bitcoin (over $5.5 million) after an unknown hacker breached its system and stole funds from its server.
Amount of loss: 3,831BTC Attack method: Stolen hot wallet
Description of the event: Messari, a cryptocurrency research organization, announced on the 27th that Stellar's blockchain protocol had an inflation loophole in April 2017. An attacker used the loophole to create 2.25 million XLM (worth about 10 million US dollars). This bug was discovered by the Stellar Development Foundation (SDF) and patched after the accident.
Amount of loss: 10,000,000 Attack method: Inflation
Description of the event: Bitfinex suffered a cyber attack in August 2016. 2,072 Bitcoin transactions were transferred out without Bitfinex's authorization, and then the funds were scattered and stored in 2,072 wallet addresses. Statistics show that Bitfinex lost a total of 119,754.8121 BTC. It was worth about $60 million at the time of the incident, or about $4.5 billion in today's prices. The U.S. Department of Justice (DOJ) announced on Tuesday (February 8, 2022) that it has seized $3.6 billion worth of bitcoin in connection with the 2016 hack of cryptocurrency exchange Bitfinex. Ilya Lichtenstein, 34, and his wife Heather Morgan, 31, were arrested in New York on charges of conspiracy to launder money and defraud.
Amount of loss: $ 900,000,000 Attack method: Unauthorized theft
Description of the event: The DAO smart contract running on the Ethereum suffered a reentrancy-attack-on-smart-contract.
Amount of loss: $ 60,000,000 Attack method: Reentrancy attack
Description of the event: Gatecoin experienced a cyberattack on its hot wallets that resulted in the loss of funds. A new update from the exchange team indicated that as much as $2m was lost, confirming rumors that circulated soon after the hack became apparent. Gatecoin has claimed that it lost as much as 185,000 ethers and 250 bitcoins, an amount worth roughly $2.14m at press time.
Amount of loss: 2,000,000 USD Attack method: Server is hacked
Description of the event: KipCoin announced that the attacker gained access to the server in 2014 and downloaded the wallet.dat file. A few months later, the attacker stole more than 3,000 BTC.
Amount of loss: 3,000 BTC Attack method: Server is hacked
Description of the event: BTER announced that it lost 7,170 BTC (then worth $1.75 million). The company claims that BTC was stolen from a cold wallet.
Amount of loss: 1,750,000 USD Attack method: Cold wallet stolen
Description of the event: Bitstamp reported that multiple operating wallets were damaged, resulting in the loss of 19,000 bitcoins. The company was hacked by multiple phishing attacks in the months before the attack. An employee downloaded a malicious file that allowed an attacker to access the password of the company's hot wallet and the server including the wallet.dat file.
Amount of loss: 19,000 BTC Attack method: Phishing attack
Description of the event: MintPal announce that the attacker stole 8 million VeriCoins ($1.8 million) from the company's hot wallet. The attacker exploited a vulnerability in its system that allowed them to bypass the security controls to withdraw funds.
Amount of loss: 1,800,000 USD Attack method: Stolen hot wallet