When Bitcoin first appeared, hackers didn’t pay much attention. It started at USD 0.08, so it just wasn’t worth it. Then, around 2011, it started to become valuable, thus becoming a juicy target for malicious entities. Since then, digital thieves have managed to get away with more than a million BTC coins from exchanges and trading platforms, especially from the centralized ones.
It seems that centralized exchanges are the hacker’s preferred target. There’s a good reason for that. Centralization means that you have all the things you need (or want) in a single visit. It’s a buffet for hackers. That’s one of the reasons why stealing digital assets from exchanges has been an excellent way for hackers to get money.
Exchanges have suffered from cyber-hits since 2010, approximately, and some are still having security problems. Last year alone, going by Chainalysis data, hackers went away with more than a billion dollars from cryptocurrency exchanges. And most of that activity (possibly all of it) can be traced to only two hacking groups. While nobody really knows the exact number of tokens that hackers have managed to steal over the years, conservative estimates go as high as a million BTC, from the exchanges exclusively.
It means that hackers have stolen more bitcoins than the number that Satoshi has ever owned, and maybe a lot more.
Most of that million coins got stolen in the two more massive hacks of the last eight years. The Mt. Gox hack, in 2014, saw about 650.000 BTC go away. Then the Bitfinex episode was around 120.000. So that’s 770.000 in just a couple of hits.
And while we’re focusing on Bitcoin, we shouldn’t forget that the stolen BTC also gave the hackers 770.000 BCH, before the BCH fork, when the asset had a rather high price. If you do the math on this and take into account current Bitcoin prices, hackers have stolen about USD 8,7 billion in total over the years. That’s just Bitcoin; we’re not considering other cryptocurrencies that have also been taken in high volumes.
The Bitcoin Jobs: A review from 2011 on
We start with Mt. Gox. It was June 19th of 2011 when the exchange announced that USD 8,7 million were lost because of a “security breach.” This was worrisome because this was the platform that managed about 70% of the world’s trading volume in BTC, so the company had to show it remained solvent.
It did that by moving 424.242 BTC into cold storage. You can see proof of that move in block 132749. Then it burned 2.609 BTC, probably by mistake. Previously it had already misplaced 850.000 BTC. It’s been said (but never corroborated) that Mark Karpeles, the platform’s CEO, managed to recover 200.000 tokens. The assets were distributed among the account holders that lost some of their digital capital, but the process has been going on for years, and it’s not been particularly quick.
Next, let’s remember Bitcoin7. Most people have already forgotten this platform, but at its height, it managed to become the world’s third-largest exchange, back in 2011. On October 5th, 2011, the exchange reported the loss of 5.000 BTC (almost USD 49 million in today’s market). This wasn’t that much money eight years ago, but it was enough to bring Bitcoin7 down. The company promised to refund the affected users, but that never happened because the website went offline and nobody ever heard from Bitcoin7 again.
During 2012 there was no single hack worth a lot of bitcoins. Instead, eight different crypto-based platforms (including Tradehill and Bitcoinica) were hit in relatively lower amounts that totaled 46.653 BTC. Bitcoinica got hacked twice (38.000 BTC in May, then 40.000 BTC in July. Bitfloor lost 24.000 BTC in a security breach on that same year.
2013 also was a good year for hackers, but not as spectacular. Vircurex Exchange lost 1.666 BTC, and Bitmarket.eu lost USD 400 million in stolen tokens. In October GBL Exchange allegedly stole 9.640 bitcoins from its clients. The BIPS digital currency payment provider suffered a security breach that leaked 1.295 BTC.
Things didn’t improve in 2014. That was the year of the prominent Mt. Gox heist. Cryptsy also lost 13.000 BTC, Mintpal lost 3.894. Then, the next year, Bitstamp’s hot wallet was hit for 19.000 BTC, 796 Exchange lost a thousand, and Bitfinex also lost 1.5000.
And that was just the start for Bitfinex. During the very next year it was hacked again, and this time it was massive, at the tune of 119.756 BTC. Just a few months later, Bitcurex lost 2.300 BTC.
Then came 2017 and with it, we had the biggest bullish run we’ve ever seen in the cryptocurrency market, which means that it was the most profitable year to be a Bitcoin hacker if that’s your cup of tea. Yapizon saw 3.831 BTC go away, Bithumb lost USD 31 million, BTC-e had a 66.000 BTC setback.
If you’d think that the 2018 bearish market lessened the interest of hackers in stealing Bitcoins, you’d be wrong. Maybe the market was bearish on BTC, but hackers remained optimistic enough to keep doing their thing. BTC Global took USD 50 million away from people. Gainbitcoin did the same with USD 300 million. And those are just the more significant episodes, but there were several smaller hits along the year worth less than a thousand tokens. It even included some Electroneum (ETN) users.
Which brings us to 2019, the current year. We’re not even halfway through it but we’ve seen some great hacks happen already, and they’re still happening at centralized platforms. There was the Quadrigacx misadventure in which anywhere from USD 140 to 200 million scattered in the crypto verse. But the most important one is undoubtedly the Binance hack, worth USD 7.000 because it’s a platform with an excellent reputation and very high trading volumes. Binance has managed it very well, it must be said.
Most of the hacks mentioned have several common factors. They happened in centralized exchanges that were storing their coins online, in thermal storage.
It’s clear that many of the world’s Bitcoin and digital coin exchanges have not learned the lessons from the past as many keep using centralized architectures and hot storage. Yes, hot storage is more convenient; it makes things easier for users to settle their trades more quickly. But in this, as in anything else, the more you gain in convenience, the more you lose in security.
Also, centralized exchanges are not the only problem in this system. Users keep using centralized services. Let’s say, that’s unavoidable (it isn’t, but that’s another article). The problem is that they keep storing their cryptocurrencies in exchange platforms.
One of the most basic facts every cryptonaut must know is that exchanges are not wallets. If you’re going to trade in digital assets, you send the tokens you need into your account in the platform, you make the trade you wanted to do. Then, once the deal is done, you send back your tokens to your offline wallet.
You’re not supposed to leave them there for any more time than it’s strictly necessary to settle your trade. That’s the only way to make sure that your hard-earned digital wealth is not accessible to hackers. Yes, it takes a little more time, and it may mean that you could need to buy a wallet. If you like to trade a lot, it could be annoying. But how much is it worth to you not to be among the victims of the next crypto big hack?
Disclaimer: Please do your ‘very own’ market research before making any investment in cryptocurrencies. Neither the writer nor the publication (TronWeekly.com) holds any responsibility for your financial loss.