Present a motivated attacker with a bounty lucrative enough, and they will find their way through even the most robust of systems. Prolific data breaches hitting everything from financial institutions like Equifax, to social media companies like Facebook, are proof of this. In the digital age, data is a powerful commodity.
This is particularly true for cryptocurrencies. A private key – a single string of hexadecimal characters – can provide the holder with unrestrained access to a highly liquid and highly portable digital money that can be moved around the globe in relative stealth. As such, cryptocurrency exchanges, which hold hugely valuable private keys, are often an attractive target for malicious actors.
Unsurprisingly, these actors have been responsible for a number of breaches in recent years. Below, we’ll explore some of the most prolific events.
Mt. Gox (2014)
Mt. Gox is a notorious name in the Bitcoin space, and it will likely be remembered for decades to come as the victim of one of the most prolific exchange hacks of all time, if only for its impact on the wider space. At the time of its breach, Mt. Gox was responsible for over 70% of the transactions occurring on the network.
Though it isn’t entirely clear how the attackers gained access (it’s speculated that they siphoned funds from hot wallets), it was revealed that their staggering take of ~850,000 Bitcoins had begun as early as 2011.
200,000 were later recovered, but the remaining 600,000+ have yet to be accounted for.
As a result of the hack, the Bitcoin price dipped by over 30%.
Cryptocurrency enthusiasts may remember the CoinCheck hack in January of last year, which – in terms of dollar value at the time – remains the biggest exchange breach to date.
In this instance, those responsible targeted the exchange’s NEM holdings (via malware emailed to unsuspecting employees). The critical flaw here was that CoinCheck relied on a single hot wallet to store the token – a major faux pas, as these are inherently more vulnerable than cold wallets.
It was later revealed that the hackers had escaped with ~500 million NEM tokens, worth approximately $530m at the time. The funds were distributed into a series of wallets, which are visible to this day.
Much like the aforementioned CoinCheck incident, the breaching of Bitstamp in 2015 targeted employees as an entry point into the exchange, with a phishing campaign carried out via Skype and email.
Once the payload had made its way onto the exchange’s servers, the attackers gained access to the hot wallet file, and were able to make off with an estimated 19,000 BTC (worth approximately $5m at the time).
With 120,000 BTC ($72m) stolen, the Bitfinex hack earns its place as one of the most gainful exchange heists. In its wake, the Bitcoin price plunged by 20%.
Worth noting is that Bitfinex appeared to avoid some of the pitfalls seen in earlier entries on this list – for instance, it implemented a multisignature scheme, which requires a handful of signatures to spend funds.
It’s difficult to ascertain what went wrong in the exchange’s setup, however, as the details have not been made public.
The Binance hack garnered a lot of discussion on social media earlier this year. Using a variety of techniques, the attackers were able to collect user data in order to withdraw 7,000 BTC in a single transaction – structured in such a way that the platform was unable to detect foul play in time.
The hackers were only able to access a small amount of the exchange’s total holdings, as they only kept a small portion in hot wallets.
- - -
It should be clear that security is not binary – it’s a spectrum that takes into account a myriad of factors at the human, hardware and software levels. Cryptocurrency exchanges have the difficult task of adhering to rigorous procedures in order to protect their funds from a rich ecosystem of creative attackers.
For our part, at BTSE, we aim to adhere to the highest of standards: we keep all funds in cold storage wallets that can only be accessed with multiple keys, ensure high redundancy of our data with a multi-site setup, and offer robust two-factor authentication verifications to protect our users from malicious parties.