The birth of cryptocurrency in January 2009 marked a momentous shift in the way the ordinary man thinks about money. For the first time, people had the freedom to exchange value without banks as intermediaries. Essentially, cryptocurrency placed complete control of one’s finances into one’s hands.
While blockchain – the technology that underlies cryptocurrencies – brings peers in a transaction closer than ever, compared to the traditional financial system, there is still a need for specific third parties to facilitate transactions. For example, third-party crypto wallet providers offer users the chance to store coins safely and conveniently. Other third parties enable cross-chain transactions and so on.
Over the years, bad actors have exploited susceptibilities within the third-party platforms and made away with large sums of cryptocurrencies. Hackers have stolen an equivalent of $5.9 billion in crypto to date. But the most critical question is: who got hacked and how much value did they lose? Read on to find out the ten biggest crypto hacks in the industry’s history.
Ronin Network is a sidechain built on the Ethereum blockchain to support Axie Infinity, an online video game. Vietnam-based Sky Mavis developed Ronin in 2020 to increase transaction speeds and player satisfaction in Axie Infinity by circumventing the inadequacies of Ethereum.
For example, Ronin implements cheap and fast micro-transactions, unlike Ethereum’s slow and gas-intensive transactions. As a sidechain, Ronin Network runs parallel to Ethereum and performs critical functions, such as authenticating transactions.
But problems arise when the sidechain’s architecture is not robust enough to withstand intrusion by bad actors. On 29 March 2022, Ronin Network revealed to its users that the platform had “been exploited for 173,600 Ethereum and 25.5M USDC.” At the time of the heist, the total value of the stolen cryptocurrencies was $615 million.
According to the statement, the attacker compromised the Ronin bridge (Ronin validator), which facilitates the cross-platform transfer of crypto assets, and stole the private keys.
Following investigations by the US Federal Bureau of Investigations (FBI) and the Treasury Department, the hack was attributed to the Lazarus Group, a group of hackers based in North Korea. Also, the US Treasury has sanctioned the wallet address that received the loot, meaning the hackers cannot move the coins.
When Satoshi Nakamoto described the Bitcoin blockchain architecture, they defined interactions within the network. The same happened with the Ethereum network and all the layer one blockchains. Thus, the initial networks are isolated ecosystems where users cannot transfer assets across the chains.
Like Ronin Network, the Poly Network developers envisioned a bridge to facilitate information transfer between chains. Specifically, Poly Network provides cross-chain technology for interactions in the decentralized finance (DeFi) ecosystem.
As the DeFi ecosystem expanded exponentially and the total value locked in projects skyrocketed, Poly Network began to experience elevated demand. It also means the network was handling many transactions per day. Meanwhile, bad actors were also hard at work looking for susceptibilities.
In August 2021, Poly Network noticed that hackers had exploited a vulnerability in a smart contract that maintains the bulk of the network’s liquidity. The hackers overrode the smart contract’s instructions and commandeered about $610 million worth of crypto.
Thankfully, the hackers later claimed the attack was in jest, after which they returned all the coins.
Before demand for cross-chain technology platforms became mainstream, cryptocurrency exchanges were the most popular crypto platforms. Coincheck, a cryptocurrency exchange based in Japan, faced its date with hackers during this period.
The cryptocurrency market was near the peak of the first massive rally in early January 2018. This means the number of transactions taking place in a day was huge. Coincheck chose to store funds in a hot wallet to keep up with the market’s tempo. A hot wallet is a crypto wallet that is always online. The connectivity enables users to make transactions quickly.
The problem with a hot wallet is that third parties can easily hijack and take control of the private keys. This is what befell Coincheck on 26 January 2018, when hackers compromised the hot wallet and funneled out 523 million NEM coins, worth around $530 million at the time.
An analysis of the hack established that Coincheck suffered a severe staff shortage, which might have created security lapses. However, Coincheck reimbursed all of its 260,000 customers affected.
The Mt. Gox hack is the earliest known incidence that captured global attention. In February 2014, a series of events happened quickly, spooking the entire cryptocurrency ecosystem. First, Mt. Gox, a Tokyo, Japan-based and largest cryptocurrency exchange at the time since Bitcoin launched, suddenly ceased operations. Next, users could not access the exchange’s website, and even more mysterious, its entire Twitter feed vanished.
On 28 February 2014, Mt. Gox sought protection under Japan’s Civil Rehabilitation Law, citing consequential events that hampered the exchange’s operations. According to a statement, a bug in the Bitcoin system gave bad access to the exchange, after which they disappeared 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to the exchange.
Interestingly, this wasn’t Mt. Gox’s first encounter with hackers. The exchange had, on various occasions, lost a substantial amount of crypto to intruders before the fateful day. For example, the exchange admitted that it had been hacked on 19 June 2011, after which it lost $500,000 worth of bitcoin.
Before February 2014, Mt. Gox handled close to 80% of the entire bitcoins in circulation. But all that changed when the 2014 hack came to light. From 2011 to 2014, the exchange had lost close to $500 million worth of cryptocurrency, affecting about 24,000 customers.
The Wormhole network is a messaging protocol that enables interoperability between blockchain networks. The platform connected Ethereum, Solana, Binance Smart Chain (BSC), and Terra at launch. However, the technology has matured into a communication bridge between Solana and other significant decentralized finance (DeFi) projects.
On 3 February 2022, the Wormhole team sent out a tweet announcing that the network had been compromised and 120,000 wrapped ETH or wETH stolen. The coins were worth over $320 million at the time of the incident.
As a bridge between major chains like Ethereum and Solana, Wormhole acts like an escrow that links cross-chain transactions. It locks transactions until all the instructions contained in smart contracts are fulfilled.
However, a hacker infiltrated the network’s liquidity by exploiting a critical vulnerability within the bridge. The attacker then exploited the breach to mint new wETH tokens.
Besides Coincheck and Mt. Gox, KuCoin is another cryptocurrency exchange with an unsavory experience with attackers. In a statement to users on 26 September 2020, the KuCoin leadership shared the results of an “internal security audit report” that established the loss of thousands of bitcoins and other altcoins worth over $275 million.
Further investigations established that the attackers had obtained the private keys to the Singapore-based crypto exchange’s hot wallets. They then withdrew 1,008 BTC, 11,543 ETH, and millions of ERC-20 and other digital assets.
An analysis by Chainalysis attributed the intrusion to the North Korea-based Lazarus Group, the same culprit in the Ronin Network hack. However, the exchange later assured users that it had recovered coins worth about $204 million.
PancakeBunny adds to the growing list of DeFi projects attacked in the recent past. According to a CipherTrace report released in May 2021, DeFi hacks made up over 60% of all crypto hacks by the end of April 2021. Incredibly, the theft volume in the ecosystem was virtually non-existent just two years ago. What gives?
The case of the PancakeBunny theft offers an apt illustration of why DeFi is a prime target for hackers. PancakeBunny is decentralized finance (DeFi) lending platform that provides flash loans and other packages. A flash loan is an unsecured debt lent to a borrower, and the borrower is supposed to pay it back soonest possible. In a sense, the DeFi ecosystem is a fertile space where new products are sprouting relentlessly.
Unfortunately, the flash loan service can hurt a platform severely if attackers find and exploit susceptibilities.
On 20 May 2021, the PancakeBunny team revealed, in a series of tweets, that the unthinkable had happened. Attackers had orchestrated a flash loan attack that enabled them to make off with BUNNY and Binance Coin (BNB), amounting to $200 million. BUNNY is the PancakeBunny network native coin.
Apparently, the attacker utilized the platform’s proprietary protocol called PancakeSwap, which facilitates the borrowing process.
On 5 December 2021, BitMart CEO Sheldon Xia tweeted information that roiled the crypto exchange’s users. He said his team had identified “a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets.” Essentially, attackers accessed the exchange’s hot wallets and withdrew crypto assets worth approximately $196 million.
We explained earlier that a hot wallet is always online and, thus, highly susceptible to unauthorized access. Specifically, the hackers siphoned off $100 million worth of tokens from the Ethereum blockchain and $96 million off the Binance Smart Chain. Over 20 tokens were targeted.
The cryptocurrency ecosystem has been a frequent target for hacks since bitcoin revolutionized global finance. However, the rate of attacks is rising, especially with the increased popularity of DeFi. Unfortunately, there is no telling with certainty if the trend will halt soon because blockchain technology is nascent, and the world is only learning the first principles.