Cryptocurrency-linked crime has grown in the last few years. Let’s take a look at the biggest crypto crimes in recent years and what we’ve learned from them.
The 6 Biggest Crypto-crimes in Recent Years: What Did We Learn?
From the beginning, the cryptocurrency ecosystem has been known for its uncertainty and volatility. Steadily pushing its way into the crypto zeitgeist is the role of cybercrime and the damage it brings to users and industry leaders.
Chainalysis reported that $7.8 billion worth of cryptocurrency was stolen from victims in 2021 due to various scams.
The scams continue to happen in 2022 too, and the most popular cryptocurrency crimes currently are:
- Decentralized Finance (DeFi) platform theft: when hackers use vulnerabilities in smart contract code to steal millions at a time;
- Money laundering via DeFi: this happens when criminals rinse stolen crypto through DeFi platforms, which makes it harder to trace;
- Rug pulls: when developers build legitimate-looking crypto projects before pulling all users’ funds and disappearing.
Of these crypto-crimes, none are more lucrative than DeFi and exchange platform theft, which has seen record-breaking amounts stolen from users.
Let’s dive into the biggest heists we’ve seen so far.
The 6 Biggest Crypto Hacks of Recent Years And The Lessons We’ve Learned
While blockchain is secure, it’s become increasingly evident that exchanges aren’t.
As a result, these trading platforms are the primary target for hackers. Let’s look at the biggest crypto crimes of the last few years and what we’ve learned from them.
#1. Bitfinex: $4.5 billion transferred to hackers
Bitfinex, at the time one of the largest cryptocurrency exchanges, was hacked in 2016. The thieves had breached Bitfinex weeks before and waited to collect private keys, upon which they initiated over 2000 unauthorized transactions.
Within 4 hours, the hackers had stolen 119,754 Bitcoin (worth over $60 million in 2016). The alleged hackers transferred approximately 25,000 of the stolen Bitcoin to other accounts under their control. When they were finally arrested in 2022, the 90,000 leftover Bitcoin were valued at $3.6 billion.
What we’ve learned
There are theories that the hack was initiated by social engineering. This means that old-school tactics are still relevant, making basic cyber safety knowledge essential. Strong passwords, regular software updates, and a reliable VPN will help to keep your funds safe. Learn about how a VPN can protect your data in this Surfshark review.
#2. Poly Network: $610 million in total loss
2021 saw Poly Network, a DeFi bridge, have $610 million worth of crypto stolen by anonymous hackers. Over the next 15 days, the hackers would come to return all the stolen assets.
The anonymous hackers went online to claim it was an attempt to show vulnerabilities in Poly Network’s security. Poly Network controversially named the hackers “Mr. White Hat”, which refers to the nickname for an ethical hacker.
What we’ve learned
Since learning of the vulnerabilities, Poly Network launched a bug bounty program. This encourages other ethical hackers and security groups to find more security issues in Poly Network for rewards of up to $100,000. This is a great example of how crypto giants and talented hackers can collaborate for a good cause.
#3. Coincheck: $532 million lost and 260,000 users affected
In January 2018, Japanese cryptocurrency exchange Coincheck lost over $500 million to hackers. The entire amount was taken in the cryptocurrency called XEM, which took an 11% dive in market value during the 24 hours following.
An interesting side effect was a 5% drop in Bitcoin’s value, even though not a single Bitcoin was stolen. The hack affected 260,000 users, and the hackers still remain anonymous.
What we’ve learned
The lesson from the Coincheck hack was a rather unexpected one, but important nonetheless. The drop in Bitcoin alongside the stolen XEM shows how volatile and connected major cryptocurrencies are.
#4. Wormhole: $325 million stolen in ETH
The second largest heist on a DeFi bridge came this year when 120,000 Etherium (ETH) were stolen from the Wormhole Portal. The interesting part of this heist was that the hackers never stole any users’ assets, instead minting their own ETH.
With ETH appearing out of thin air, the hackers exposed a large vulnerability in the Solana blockchain. Wormhole has since offered the hackers a $10 million bounty and a whitehat agreement on the return of the stolen ETH.
What we’ve learned
Through a small vulnerability in Wormhole’s smart contract code, the unknown hacker could have caused huge market volatility. Since then, there have been calls for more rigorous code audits, especially as cross-chain bridges like Wormhole have become critical to the cryptocurrency infrastructure.
#5. KuCoin: over $281 million stolen in crypto
KuCoin, one of the leading cryptocurrency exchanges, suffered a hack in 2020. The stolen coins were valued at over $280,000 in multiple cryptocurrencies. Of the assets stolen, 84% have since been recovered, and the rest was covered by KuCoin.
With a fast-acting team, KuCoin faced the hack head-on and immediately upgraded its security across the board. Since the hack, KuCoin created the Safeguard Program, which aims to spread knowledge and strategies for dealing with cybersecurity incidents.
What we’ve learned
Reacting quickly helped to effectively deal with the KuCoin hack. In 2021, the exchange’s CEO Johnny Lyu said “we chose to act” rather than accept the loss of a huge portion of funds. This hack highlighted the importance of emergency strategies and concise planning for all crypto market players.
#6. BitMart: $225 million
A stolen private key led to this 2021 hack that saw users lose more than $200 million. The stolen assets were comprised of more than 20 different tokens, which were then laundered through DeFi bridges and privacy mixers, making the coins harder to trace.
Soon after, BitMart promised to return what was lost to users from their own funds. The tokens were stolen from “hot” wallets (funds stored online), which are easier targets for hackers. Since then, the trading platform and its investors have been shifting towards “cold” wallets (funds stored offline), as they’re much safer.
What we’ve learned
The BitMart hack illustrated that hot wallets are vulnerable to attacks. Although they provide convenience and quicker access to funds, they’re a much bigger target for cybercriminals. For safety, store your unused crypto in a cold wallet until it’s needed.
Conclusion
The cryptocurrency market is, at its core, unstable. With the consistent hacking of DeFi and exchange platforms, the safety of your crypto is also being called into question.
Of all the recent crypto-related crimes, the aforementioned stand out for the value of funds stolen. Even though they’re devastating for some, each instance gives a lesson on how the security and stability of the cryptocurrency ecosystem can be improved.