We live in uncertain times when the things that used to serve as beacons of hope for humanity have proven to be unreliable after all. When cryptocurrency first came along, it was touted as the most impregnable financial system the world has ever known. This has been shamefully debunked by both previous and recent scandals that have rocked the very industry that served as a beacon of hope to a new generation of investors.
While it's more soothing to point fingers at hackers when there's a breach in the security of Fintech companies, there are certainly no words to describe the disappointment when it comes from within the company. Take, for instance, the FTX fraud, which has taken the crypto world by storm. As the saying goes, nothing stays hidden, and Sam Bankman-Fried's covert activities were recently revealed.
It has been discovered that Sam Bankman-Fried, the former CEO of FTX, was using the funds of his customers to rescue Alameda Research, its affiliated trading firm, from financial ruin. This storm might have been weathered had it not been centered around billions of clients' money. The young former CEO expertly covered up his crime for months, and not even his employees were any the wiser. The cat was finally let out of the bag when FTX filed for bankruptcy on November 10.
These mind-boggling events beg one question - why are cryptocurrency firms still susceptible to attacks and scandals? The answer is simple; cryptos are digital and are housed in online wallets, which makes them a target for hackers. Having said that, let's take a look at some of the ice-cold crypto heists the world has ever recorded.
Ronin network (Axie Infinity) – $620 million lost
When the investors of Ronim Network began the day on March 29th, 2022, little did they know that their beautiful Sunday was about to be ruined with the news of a hack attack on their cherished gaming-based crypto network. The company announced a heavy loss of $620 million, which it has yet to recover from.
The perpetrators of the dastardly act carried out the theft in two phases; first, they took an estimated $595 million in the form of 173,600 ETH, and the rest of the money was in fiat money, an additional $25.5 million. To this day, no crypto heist comes close to this one. The Lazarus group of North Korea was fingered by the US Treasury Department as the brains and manpower behind the event.
Poly network – $610 million lost
The Poly Network hack comes with a little twist. Unlike hackers whose modus operandi is to steal and escape, this particular hacker decided to hang around for a bit and even went ahead to chat with the operators of Poly Network. How did they gain access to the platform? Simple - a loophole. As most systems have one vulnerability or another, the hacker found that of the Poly Network and took advantage of it, syphoning over $600 million from the company.
One would have imagined that they would make a break for it, but they did the opposite by opening a line of communication with the company, promising to return the money, save for $33 million of tether (USDT) that the issuer had frozen. As if that was not enough drama, $200 million of the funds found their way into an account that could only be opened using a combined password from both the hacker and the Poly Network.
This soon turned into a standoff as the hacker refused to part with their password. The Poly Network was forced to bargain with $500,000 and a job offer before the hacker released the private key to them.
FTX – $600 million lost
Just as the world was getting used to the idea of FTX becoming insolvent, hackers took the opportunity to wreak more havoc by stealing $600 million, which additional information might reveal to be more. This caused the exchange to launch an investigation into the hack, while the remaining funds were transferred to cold storage. No individual or organisation has been blamed for the act yet, but from the tweet of Nick Percoco, Kraken’s Chief Security Officer, which reads "We know the identity of the user," there's a possibility that we'll have a culprit soon.
Binance – $570 million lost
In 2022, hackers had a field day ransacking cryptocurrency exchanges and leaving depleted coffers in their wake. Even the mighty Binance wasn't spared by hackers, who targeted the exchange in October 2022 and attempted to steal a whopping $570 million in 2 billion BNB tokens via the cross-chain bridge. Thankfully, the exchange caught wind of this early and quickly reacted by freezing a large percentage of the funds. In the end, the firm could not account for $110 million.
Coincheck – $532 million lost
Back then, in January 2018, tragedy struck Coincheck, a crypto firm based in Japan, in the form of hackers, and its NEM (XEM) tokens worth over $530 million were cleaned out. Always on the lookout for vulnerabilities, the hackers discovered that the firm used a "hot wallet," which kept tokens connected to the internet, as opposed to a "cold wallet," which takes them offline. Although the stolen tokens were marked as such, there were rumors that people were buying them on the black market.
This hacking event dealt such a huge blow to Coincheck that its coin lost a lot of value. So even if the stolen coins are still being offered for sale, not many people will consider it worth the trouble.
MT Gox – $470 million lost
For every series of events, there's always a point of origin. So if you've ever wondered about the first crypto firm to fall victim to hackers on a large scale, the answer is staring you in the face right now, it's MT Gox. In the case of this company, the hackers stole Bitcoins, and the heist remains the largest Bitcoin theft. Unlike the others we've mentioned, the attack on MT Gox didn't happen all at once. This one was stretched out over years.
The event began in 2011 and was only discovered in 2014. Over this time, the hackers stole 100,000 bitcoins from the firm, and the customers also suffered losses to the tune of 750,000 bitcoins. When this news broke, the value of the stolen Bitcoins was $470 million. If we're to compare it with the current price of Bitcoin, its value will be around $4.7 billion. MT Gox was soon liquidated after the attack, and about 200,000 of the stolen Bitcoins were recovered.
Lessons learned
One takeaway from these events is that hackers are always on the prowl, searching for loopholes in crypto exchanges that they can take advantage of. The successful heists all had the same thing in common: hot wallets (the variant that needs an internet connection to function) and low security. Also, the fact that exchanges are the main target didn't go unnoticed. They rarely go after individuals; what would be the gain in that? The idea is to hit exchanges where a lot of money will be realised from the risk.
In the end, the clients bear the brunt of the attacks. More often than not, they never recover their lost investments. This is, thus, a wake-up call for crypto enthusiasts to be mindful of where they decide to store their digital assets.
For the longest time, people have longed for the power to have complete control over their finances. The answer to this came in the form of cryptocurrencies and blockchain technology. However, this liberty came at a cost: extreme caution, both on the part of the individual and the crypto exchange. Unlike traditional banking services, where individuals will be compensated if there is a hack, in the crypto industry, it is everyone for themselves. If your crypto transaction ends up at the wrong address, the fund is gone forever. There will be no one to report to, and neither will anything be done to retrieve it.
Here are three great tips that will help you stay safe in the crypto community:
-
No matter what you do, stay away from hot wallets. An example of this is the exchange of wallets. If you must use them, only do so for a short period. Preferably when you're trading or exchanging funds. Once that's over, move your assets to a more secure wallet.
-
Opt for wallets that provide cold storage with unbreakable security. You can also invest in a hardware wallet, though it will cost you some money. But you can't put a price on safety, right?
-
Don't fall for scams. When a deal appears too good to be true, it probably is. When you come across an offer like "send 0.1 BTC to this address and receive 55 BTC immediately," take to your heels and don't look back!