< Back to all articles

The Most Infamous Crypto Hacks: Part 2

June 25, 2024

Throughout the relatively brief timeline of the crypto industry, numerous unscrupulous individuals have attempted to exploit vulnerabilities in the crypto ecosystem, leading to some of the most well-known hacker attacks in the industry's history. Let's continue exploring the most infamous hacker attacks in the cryptocurrency sphere, examining their executions, people's mistakes, and the valuable insights the crypto community has gained. The first part can be found here.

Coincheck Hack (2018)

In January 2018, the Japanese cryptocurrency exchange Coincheck experienced one of the most significant breaches in history, resulting in the loss of around $530 million worth of NEM (XEM) tokens. This breach, attributed to security weaknesses in Coincheck's systems, sparked concerns about the security protocols of cryptocurrency exchanges and led to demands for stricter industry regulations. Subsequent to the breach, Coincheck was purchased by Monex Group, and measures were taken to compensate impacted users and enhance security protocols.

Coincheck, the Japanese cryptocurrency exchange, was infiltrated on January 26, 2018. Coincheck staff was unaware of the breach until more than eight hours later, making their chances of stopping the attack even more minor. Even though they halted all deposits and withdrawals after the violation occurred, substantial damage has already been done. 

It was later revealed that the hackers successfully executed their mission due to inadequate security measures in place. Specifically, the NEM coins were held in a hot wallet instead of the far more robust cold wallets, which are not directly connected to the internet. The hackers employed a phishing technique to gain access to hot wallets. Subsequently, they disseminate malware and siphon funds. To make matters worse, Coincheck also stated that it did not employ an additional layer of security called a multi-signature system and acknowledged the shortage of employees that could have contributed to the attack being carried out so successfully. The culprits who compromised the security system remain unidentified. Despite extensive efforts by the authorities, the lost assets and the hackers' identities could not be recovered. 

At the time, Coincheck stated that they were striving to recuperate the lost assets, but later, such a possibility was deemed impossible. Subsequently, the exchange used its own funds to compensate for the losses suffered by approximately 260,000 customers. While the reimbursement process took some time, all customers were eventually reimbursed for their exact losses incurred during the hack (with some sources saying that the exchange covered not all but 90% of losses).

Even though this breach had a profound impact on Coincheck, it also prompted numerous cryptocurrency exchanges to recognize the importance of addressing their security weaknesses to safeguard their customers' assets in the event of a security breach in the future. Similarly, it once again reminded crypto owners to be more cautious and try to avoid storing extensive parts of their funds on exchanges and other platforms. Moreover, Coincheck's actions in compensating for their customers' losses set a strong precedent, earning admiration from both their existing customers and potential ones. As a result, Coincheck did not cease to exist and managed to grow further. It is now esteemed as one of the most dynamic platforms on the web.

Coincheck's incident has significantly impacted the crypto regulation in Japan, bringing into focus the country's approach to controlling cryptocurrency exchanges. In 2017, one year before the hack, Japan became the first country to regulate exchanges at the national level—a move that won praise for boosting innovation and protecting consumers. This included exchanges needing to obtain a license, which was given only to those adhering to certain rules. However, pre-existing operators, such as Coincheck, were able to continue offering services before formal registration. Others stated that the regulator did not have any rules banning the use of hot wallets by exchanges, nor did it set requirements on how much should be kept in cold wallets.

Nevertheless, the Coincheck hack prompted the FSA to tighten its rules regarding exchange licensing. Additionally, as one of the biggest hacks in crypto history, it has encouraged developers to explore additional methods to safeguard these platforms against potential cyber-attacks. These measures may include implementing face ID verification, biometric passcodes, and two-factor authentication processes.

Binance Hack (2019)

In May 2019, Binance, one of the world's largest cryptocurrency exchanges, was the victim of a sophisticated hacking attack that resulted in the theft of over 7,000 Bitcoins, worth approximately $40 million at the time. This was the first of the two major attacks targeting Binance ( the second being the hack of its BNB bridge). Since Binance was and still is one of the most popular and trusted exchanges, this hack once again made crypto users question the security of crypto. 

On May 7, Binance Exchange revealed that it had detected a large-scale security breach. The exchange found that unauthorized individuals were able to access user API keys, two-factor authentication codes, and potentially other sensitive information, as stated by the then-exchange's CEO, Changpeng Zhao. Consequently, these malicious actors gained access to Binance's hot wallets and withdrew approximately $41 million in Bitcoin from the exchange.

Interestingly, the announcement was made shortly after Zhao tweeted that the exchange was undergoing "unscheduled server maintenance" and assured users their funds were safe. Following the disclosure, Zhao tweeted that the exchange would "shortly provide a more detailed update."

Binance was lucky that the breach only impacted its hot wallet, which contains roughly 2 percent of the exchange's total Bitcoin holdings. The attack seemed to be extremely well thought-out and sophisticated, unlike some major previous hacks. The hackers carried out well-planned actions using several apparently unrelated accounts, and the transaction was organized in a manner that bypassed Binance's existing security measures. The withdrawal triggered internal alarms after it was executed, and the exchange froze withdrawals following the discovery. While deposits and withdrawals remained suspended for some time, trading was re-enabled, though Binance cautioned users that the hackers might still control certain user accounts.

Despite the hack, Binance managed to cover the losses using its Secure Asset Fund for Users (SAFU) and implemented additional security measures to prevent future breaches. This fund is composed of 10 percent of the total trading fees collected by the exchange and was first introduced to safeguard Binance's users in "extraordinary circumstances," as stated in a prior announcement. It is securely stored in its own cold wallet. 

Final Thoughts

The cryptocurrency industry has been marked by numerous well-known hacker attacks that have unsettled investor confidence, eroded trust, and cast doubt on the safety of digital assets. These events have unquestionably affected the crypto sphere, but they have also provided important opportunities for learning, leading industry participants to emphasize security, adopt optimal methods, and create inventive measures to protect against upcoming risks.

Kinetex Network: Website | Kinetex dApp