Cryptocurrencies have been making waves in the financial world, with their skyrocketing values and stories of early investors striking it rich. However, alongside this prosperity, cryptocurrencies have also become synonymous with cybercrime. The lack of regulatory oversight and the virtual nature of these digital currencies make them an attractive target for hackers looking to launder money and carry out illicit activities. Ransomware operators, in particular, often demand payment in cryptocurrencies.
As a result, organizations involved in legitimate cryptocurrency transactions are prime targets for cybercriminals. These bad actors know that a successful attack on a cryptocurrency service provider could yield a substantial payoff, making the need for robust cybersecurity measures all the more critical.
In light of several high-profile incidents, Infosecurity has compiled a list of the largest cryptocurrency heists to date. These examples underscore the magnitude of the issue and underscore the importance of stringent cybersecurity protocols for companies operating in the cryptocurrency space.
1) Poly Network (August 2021) – $610m
In a record-breaking heist, a hacker exploited a vulnerability in the blockchain connection platform Poly Network, making off with $610 million in cryptocurrency. Surprisingly, the hacker, known as ‘Mr. White Hat,’ returned the stolen funds, claiming ethical motivations.
2) CoinCheck (January 2018) – $547m
Japanese cryptocurrency exchange Coincheck fell victim to a cyber-attack that resulted in the theft of $547 million worth of NEM tokens. The company swiftly pledged to return 90% of the stolen tokens to affected customers, totaling $425 million.
3) Mt. Gox (March 2014) – $460m
One of the most infamous cryptocurrency heists, the Mt. Gox exchange lost a staggering $460 million in bitcoin to attackers in 2014. This incident, occurring when bitcoin’s value was significantly lower than today, raised concerns about the future of cryptocurrencies.
4) KuCoin (September 2020) – $281m
A cyber-attack on the KuCoin crypto exchange resulted in the theft of $281 million in funds. While $204 million was recovered within a week, a United Nations report attributed the incident to North Korean threat actors.
5) Bitgrail (February 2018) – $170m
Italian exchange Bitgrail suffered a $170 million cryptoheist involving 17 million Nano tokens. A landmark court ruling held Bitgrail’s owner responsible for the loss and ordered the return of assets to affected users.
6) Liquid (August 2021) – $97m
Japanese exchange Liquid lost an estimated $97 million in cryptocurrencies to threat actors in a targeted attack.
7) Bitfinex (August 2016) – $72m
Hong Kong-based exchange Bitfinex saw customers lose $72 million in bitcoins following a security breach. The stolen bitcoins, now valued at nearly $7 billion, remain largely unrecovered.
8) NiceHash (December 2017) – $64m
Cryptomining firm NiceHash fell victim to a payment system compromise, resulting in the theft of $64 million. The company fully reimbursed affected users three years later.
9) Zaif (September 2018) – $60m
Another Japanese exchange, Zaif, lost $60 million in a cyber-attack, with $40 million belonging to customers. The firm promptly reimbursed affected users.
10) Upbit (November 2019) – $52m
South Korean exchange Upbit had to halt account transactions temporarily after a significant online heist. Investigations revealed the stolen funds were laundered using sophisticated techniques.
These examples serve as a stark reminder of the risks associated with cryptocurrencies and the importance of implementing robust security measures to safeguard against cyber threats. As the popularity of cryptocurrencies continues to rise, organizations must prioritize cybersecurity to protect their assets and customers from falling victim to such devastating heists.