Crypto exchanges keep on evolving and gaining traction, but the statistics of accomplished cyberattacks suggests that platforms underperform to protect hot wallets and their private keys. Though revenues of major exchanges allow them to hire and sustain competent security engineers, some of them fail to timely address this concern. Practice even knows some cases when employees clean out the exchanges they had been working at. Let’s recall all the burglaries of H1 2019 and bottom-line the situation.
Incident date: 14 January.
Reason: security system breach that ushered hackers to the wallets.
Stolen: 29.2 thousand ETH, 24.4 billion DCN, 3.8 million PRL, 15.4 million LML, 48.2 million CENNZ, and 93 types of ERC-20 tokens.
Total damage: $16 million.
Loot transferred to: Bibox, Binance, EtherDelta, Huobi, KuCoin.
Incident date: 24 March.
Reason: advanced persistent threat (targeted cyberattack) resulted in hackers having stolen users’ and exchange’s assets.
Stolen: 19 types of coins (BTC, ETH, LTC, BCH, XRP, and 14 other altcoins) and stablecoin USDT.
Total damage: $7.1 million.
Loot transferred to: Binance, Bittrex, Huobi, Gate.io.
Incident date: 30 March.
Reason: private keys stolen by former employees.
Stolen: 3 million EOS and 20 million XRP.
Total damage: $18.7 million.
Loot transferred to: Binance, BW.com, Changelly, ChangeNOW, CoinSwitch, EXMO, HitBTC, Huobi, KuCoin.
Incident date: 7 May.
Reason: security system breach that ushered hackers to one hot wallet.
Stolen: 7 thousand BTC.
Total damage: $40 million.
Loot transferred to: in May-June, small amounts were laundered through bitcoin mixers (including ChipMixer); in July, funds were transferred to Bitfinex, BitMarket, KuCoin, Kuna.
From the exchanges mentioned, DragonEx was the only one to face getting hacked for the first time, while the others have already had some experience.
Speaking of, once upon a time, Cryptopia has lost 15.7 thousand AU (~$571 thousand) after a 51% attack on AurumCoin in November 2018. Before that, in February 2018, a New Zealand bank stopped running its account. This made Cryptopia suspend fiat transactions. Chances are those failures led the company to the shutdown.
Bithumb suffered its third hacking. During the first one back in June 2017, intruders hacked an exchange employee’s computer and stole user data. Having gained access to the data, they exploited voice phishing to embezzle customers’ bitcoins for the total amount of $1.5 million. Once again, in June 2018, 11 various cryptocurrencies, totally worth $31 million, were stolen from the exchange.
Binance is also not a first-time victim. The first attack (March 2018) went wrong for the fraudsters as the risk management system had discovered the suspicious activity and timely prevented all the fraudulent outgoing transactions. The platform even announced a reward worth $250 thousand (in BNB tokens) for capturing the hackers. Moreover, Binance has found a special fund of $10 million for the purposes of preventing future attacks and chasing offenders.
It’s worth noting that the crypto community and most competing platforms never disregard the difficulties other platforms happen to face. Market rivals exchange valuable information and use blockchain analysis to track the stolen funds down and prevent cash-out.