731 hack event(s)
Description of the event: A failed cold storage restoration exercise seems to have exposed private keys intended for offline storage (effectively making them online). However, the CEO has expressed an insider’s involvement. Police found private keys exposed online for more than 12 hours.
Amount of loss: 438 BTC Attack method: Private key leak
Description of the event: The Verge network was attacked by 51% for the first time. According to Bitcointalk forum user ocminer, a malicious miner can use forged timestamps to mine blocks, thereby tricking the network into thinking that the new block was mined one hour ago, so that when the next mined block is immediately added to the network, it also added to the blockchain. This allowed the attacker to mine one block per second, which is said to have mined 250,000 XVG.
Amount of loss: 250,000 XVG Attack method: 51% attack
Description of the event: The attacker has a large amount of computing power to launch 51% attack
Amount of loss: - Attack method: 51% attack
Description of the event: Binance security incident occurred in March 2018 when a phishing campaign impacted a large number of Binance users. At the time, Binance offered a $250,000 reward for any information that would have led to the arrest of those involved in the phishing campaign.
Amount of loss: - Attack method: Unknown
Description of the event: A hacking organization in Ukraine has stolen cryptocurrencies worth more than $50 million from the Blockchain.info by purchasing keyword advertisements related to cryptocurrencies in the Google search engine and masquerading as malicious websites of legitimate websites.
Amount of loss: $ 50,000,000 Attack method: Phishing attack
Description of the event: BitGrail claims that $195 million of customers have stolen cryptocurrencies in Nano (XRB).
Amount of loss: 195,000,000 USD Attack method: Unknown
Description of the event: Unidentified assailants stole 523 million NEM coins (about $534 million) from the exchange's hot wallet. According to Coincheck, NEM coins are kept on a single-signature hot wallet instead of a more secure multi-signature wallet, and the stolen coins are confirmed to be Coincheck customers.
Amount of loss: 534,000,000 USD Attack method: Stolen hot wallet
Description of the event: User orbit84 posted on Reddit that a hacker entered his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attacker's wallet seems to have accumulated about $400,000 worth of cryptocurrency, and its market value has almost tripled in the past month. In a statement, the founder of BlackWallet claimed that the open source online "star wallet" BlackWallet had been hacked.
Amount of loss: $ 400,000 Attack method: DNS hijacking
Description of the event: In the wee hours of December 19, Youbit was dealt a death blow in the form of another hack. The exchange, which was also hit in April, is closing down in the fallout of the most recent attack. As revealed on its website, they had been forced to terminate its services after suffering another hack. The hackers ran off with 17% of Youbit’s funds, enough to drive the exchange into bankruptcy.
Amount of loss: - Attack method: Unknown
Description of the event: Nicehash appears to have shuttered their website with a notice saying “a security breach involving NiceHash website” and “our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen”.
Amount of loss: 4,736.42 BTC Attack method: Unknown
Description of the event: Tether, the issuer of USDT, issued a statement stating that its system was hacked by an external attacker on the 19th of this month and stolen USDT tokens worth approximately $31 million from its Tether Treasury wallet.
Amount of loss: 31,000,000 USD Attack method: Tether Treasury wallet stolen
Description of the event: On June 18,2019, the US Commodity Futures Trading Commission (CFTC) announced it had initiated a civil enforcement action against a now-defunct cryptocurrency trading and investment company for misappropriating $147 million worth of Bitcoin. The Complaint charges the defendants—Control-Finance Limited and its principal, Benjamin Reynolds—with exploiting public enthusiasm for crypto assets by fraudulently obtaining and misappropriating at least 22,858.822 Bitcoin from more than 1,000 customers through a classic (HYIP) Ponzi scheme called the Control-Finance Affiliate Program.
Amount of loss: 22,858.822 BTC Attack method: Scam
Description of the event: According to internet rumors, 66,000 bitcoins were suspected to have been stolen from the BTC-e exchange. The user inquired on the blockchain that the block with a block height of 477472 was transferred out of 66163.40004136 bitcoins. It is suspected that the BTC-e user was stolen by hackers of a huge amount of bitcoins.
Amount of loss: 990,000,000 USD Attack method: Unknown
Description of the event: On July 29, 2017, the Ethereum multi-signature wallet company Parity issued a security alert, notifying users of serious vulnerabilities in its wallet v1.5 or later. That day, a black hat hacker used the vulnerability to exhaust the Parity wallets of three Ethereum projects, stealing a total of 153,037 ETH from Swarm City, Edgeless, and Aeternity.
Amount of loss: 153,037 ETH Attack method: Unauthorized operation
Description of the event: Hacker steals $7.4 million in ethereum during CoinDash ICO launch. At the time of the ICO, in which CoinDash posted a string of characters which represented its wallet address for investors to send funds to, it appears that the hacker compromised the website and changed this text to a wallet they control. It was a matter of minutes before the platform realized the security breach had taken place and warned investors, but it was too late -- and now the stolen funds intended for CoinDash are simply sitting in a wallet awaiting collection.
Amount of loss: 7,400,000 USD Attack method: Destroy the website, replace the address.
Description of the event: Bithumb is one of the five largest bitcoin exchanges in the world. Hackers succeeded in grabbing the personal information of 31,800 Bithumb website users, including their names, mobile phone numbers and email addresses. The exchange claims that this number represents approximately three percent of customers. And the exchange further claims that the breach was made to a personal computer belonging to an employee, and not the exchange’s internal network, servers nor digital currency wallets. Attackers appear to have stolen enough credentials to begin a process of “voice phishing,” where the scammers call up victims one at a time and pose as representatives of Bithumb.
Amount of loss: 1,000,000 USD Attack method: Phishing attack
Description of the event: Yapizon, a South Korean Bitcoin exchange, announced last week it lost 3831 Bitcoin (over $5.5 million) after an unknown hacker breached its system and stole funds from its server.
Amount of loss: 3,831BTC Attack method: Stolen hot wallet
Description of the event: Messari, a cryptocurrency research organization, announced on the 27th that Stellar's blockchain protocol had an inflation loophole in April 2017. An attacker used the loophole to create 2.25 million XLM (worth about 10 million US dollars). This bug was discovered by the Stellar Development Foundation (SDF) and patched after the accident.
Amount of loss: 10,000,000 Attack method: Inflation
Description of the event: Bitfinex suffered a cyber attack in August 2016. 2,072 Bitcoin transactions were transferred out without Bitfinex's authorization, and then the funds were scattered and stored in 2,072 wallet addresses. Statistics show that Bitfinex lost a total of 119,754.8121 BTC. It was worth about $60 million at the time of the incident, or about $4.5 billion in today's prices. The U.S. Department of Justice (DOJ) announced on Tuesday (February 8, 2022) that it has seized $3.6 billion worth of bitcoin in connection with the 2016 hack of cryptocurrency exchange Bitfinex. Ilya Lichtenstein, 34, and his wife Heather Morgan, 31, were arrested in New York on charges of conspiracy to launder money and defraud.
Amount of loss: $ 900,000,000 Attack method: Unauthorized theft
Description of the event: The DAO smart contract running on the Ethereum suffered a reentrancy-attack-on-smart-contract.
Amount of loss: $ 60,000,000 Attack method: Reentrancy attack