Crypto in 2018: The Year in Hacks

Thursday, 06/12/2018 | 08:47 GMT by Rachel McIntosh
  • Eleven of the largest hacks of the past five years took place in the first half of 2018.
Crypto in 2018: The Year in Hacks
Finance Magnates

It’s been a big year for crypto in just about every way - positive and negative.

As cryptocurrency continues to become more and more popular, questions surrounding cybersecurity standards continue to surround the space, and with good reason.

Around $1 Billion in Crypto Has Been Stolen Throughout 2018, up 400% From 2017

In October, research from Blockchain security firm CipherTrace revealed that $927 million had been stolen as a result of hacks of cryptocurrency-related platforms, including exchanges. The research was presented in a report entitled “Cryptocurrency Anti-Money Laundering 2018 Q3,” which also noted that the amount stolen was 3.5 times the amount stolen throughout 2017 ($266 million.)

The report also contended that the total figure would reach over $1 billion by the end of this year and it may have already surpassed the billion-dollar mark, as several large crypto theft events were not taken into account. Most of the funds were stolen during larger hacks of more than $100 million, but the report also noted a rise in relatively smaller hacks (in which $20 to $60 million were stolen.)

“This data indicates a pattern of smaller robberies on a regular basis and sophisticated professional cyber thieves who carry out hacks at both the exchange and platform levels by capitalizing on exposed vulnerabilities, as well as by socially engineering employees who work at these companies,” the report reads.

$1 billion is a lot of money, especially considering that the ones most directly affected by the hacks were individual people who happened to be the unlucky users of the affected exchanges. CipherTrace’s figure joins the rank of estimates from Autonomous Research and cybersecurity firm Carbon Black, who respectively estimated that $800 million and $1.1 billion had been stolen throughout the first six months of the year alone.

How did these figures get so damn high? Autonomous Research data notes that 11 of the largest hacks of the last five years took place from January to July.

Where Did All the Money Go? A Lot of It Was Lost to Coincheck

The largest of all of these hacks, of course, was Coincheck. On January 26, as the cryptosphere was already reeling from sliding prices and widespread disillusionment, disaster struck. The Japanese exchange told its users and the world that hackers had managed to abscond with the equivalent of more than $530 million in NEM coins.

The Coincheck hack was more than $80 million higher than the infamous Mt Gox hack, previously known as the largest cryptocurrency hack in history.

Why were the hackers successful? The main problem lies in the fact that Coincheck was keeping the stolen NEM coins in a “hot wallet,” a digital storage space that was connected to the internet. Exchanges with better security practices keep the majority of their funds in “cold wallets,” digital storage units that are not connected to the internet.

As a reaction to the hack, the NEM Foundation originally proposed a software update known as a “hard fork” that would render the stolen coins useless. In the end, though, they ended up creating a tagging system that marked the stolen coins to prevent hackers from transacting with them.

BitGrail Rings in at the Second-Largest Hack of the Year

Not even a month after the Coincheck hack, hackers managed to hit the Italian ‘Bitgrail’ exchange to the tune of $195 million in Nano coins.

While it was widely accepted that the Coincheck hack was orchestrated by outside hackers who happened to luck upon a security vulnerability, some suspicions have been raised as to whether Bitgrail was somehow involved in its own hack.

Fortune reported that the exchange had halted all deposits and withdrawals and deposits of Nano coins in January, weeks before the hack. Then, the exchange announced that it would begin enforcing identity verification and AML measures for all of its users and that it was considering blocking non-European users. This sudden policy change reportedly led some users to suspect that a so-called “exit scam” was imminent. Eventually, the exchange's assets were seized by the government.

Following the hack, eyebrows were raised even further when Bitgrail founder Francesco Firano reportedly approached the group of developers responsible for the creation of Nano and asked that they would implement a hard fork in order to restore the funds stolen from the exchange.

The developers refused, and published records of their communication with Firano as well as a statement that declared: “we now have sufficient reason to believe that Firano has been misleading the NanoCore Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

“There is widespread speculation that Firano mismanaged customer assets and was claiming a ‘hack’ as cover,” Fortune reported. While suspicions still surround the hack ten months later, no major developments have been made in the case.

Coinrail, Bithumb, and Bancor

The third, fourth, and fifth-largest hacks are relatively small in comparison to Bitgrail and Coincheck, but they resulted in the loss of tens of millions of dollars nonetheless.

South Korean crypto exchange Coinrail revealed that $40 million in various cryptocurrencies had been stolen on June 10. A blog post by the exchange claimed that the hack had originally been more significant - 30 percent of the exchange’s reserves - but they had managed to recover two-thirds of the stolen funds. The exchange was reopened for business in mid-July, and affected users were offered compensation.

$31 million were stolen from the South Korean ‘Bithumb’ exchange ten days later on June 20. While the Bithumb hack was smaller than the Coinrail hack, the popularity of the bithumb exchange caused a larger reaction from the cryptocurrency community. There are varying reports on which assets were stolen from the exchange, although it was widely reported that XRP was involved.

The fifth-largest hack of the year involved Bancor, an Israeli-based token creation platform and exchange. $23.5 million were lost as a result of a breach in the Bancor network in ETH, NXPS, and BNT (Bancor’s native token) coins. The situation was partially resolved by the network’s decision to freeze $10 million in BNT, which caused criticism from the cryptocurrency community, who claimed that the network’s ability to freeze its own tokens proved that it wasn’t truly decentralized.

Where Does Dirty Money Go to Get Clean?

CipherTrace’s research found that 97 percent of Bitcoin Payments from addresses associated with known criminals went to countries without strong AML (anti-money laundering) laws, and alleged that exchanges had laundered more than $2.5 billion in crypto.

However, the hacks have also caused a number of the world’s governments to crank up their regulation efforts and end any association with bad business.

“Different geographies are competing on regulations and trying to become ‘trusted’ digital currency hubs in order to grow their economies,” said CipherTrace CEO Dave Jevans in an official statement. “We will see the opportunities to launder cryptocurrencies greatly reduced in the coming 18 months as cryptocurrency AML regulations are rolled out globally.”

We can hope so. There’s also hope that security practices on cryptocurrency exchanges will continue to improve as regulations improve.

More Regulations Could Improve Industry Security Standards

Japan is leading the way in government-enforced cryptocurrency exchange security standards; when the country passed its Virtual Currency Act in April of 2017, it created a process for cryptocurrency exchange to become licensed. A number of exchanges have raised their standards to meet the government’s requirements, but others have shut down as a result of failure to comply. As more governments become increasingly involved with cryptocurrency regulations, we can expect to see similar regulatory measures appearing around the world throughout 2019.

As hacks, money laundering, and other kinds of illegal activity continue to become less prevalent in the cryptosphere, we can also expect to see a growing number of businesses, financial institutions, and even government organizations that will be increasingly interested in interacting with cryptocurrency. In turn, this could work to stabilize the cryptocurrency markets.

One thing is almost certain--the cryptocurrency markets of 2018 will change drastically throughout 2019, and institutional constituents might just be the reason.

It’s been a big year for crypto in just about every way - positive and negative.

As cryptocurrency continues to become more and more popular, questions surrounding cybersecurity standards continue to surround the space, and with good reason.

Around $1 Billion in Crypto Has Been Stolen Throughout 2018, up 400% From 2017

In October, research from Blockchain security firm CipherTrace revealed that $927 million had been stolen as a result of hacks of cryptocurrency-related platforms, including exchanges. The research was presented in a report entitled “Cryptocurrency Anti-Money Laundering 2018 Q3,” which also noted that the amount stolen was 3.5 times the amount stolen throughout 2017 ($266 million.)

The report also contended that the total figure would reach over $1 billion by the end of this year and it may have already surpassed the billion-dollar mark, as several large crypto theft events were not taken into account. Most of the funds were stolen during larger hacks of more than $100 million, but the report also noted a rise in relatively smaller hacks (in which $20 to $60 million were stolen.)

“This data indicates a pattern of smaller robberies on a regular basis and sophisticated professional cyber thieves who carry out hacks at both the exchange and platform levels by capitalizing on exposed vulnerabilities, as well as by socially engineering employees who work at these companies,” the report reads.

$1 billion is a lot of money, especially considering that the ones most directly affected by the hacks were individual people who happened to be the unlucky users of the affected exchanges. CipherTrace’s figure joins the rank of estimates from Autonomous Research and cybersecurity firm Carbon Black, who respectively estimated that $800 million and $1.1 billion had been stolen throughout the first six months of the year alone.

How did these figures get so damn high? Autonomous Research data notes that 11 of the largest hacks of the last five years took place from January to July.

Where Did All the Money Go? A Lot of It Was Lost to Coincheck

The largest of all of these hacks, of course, was Coincheck. On January 26, as the cryptosphere was already reeling from sliding prices and widespread disillusionment, disaster struck. The Japanese exchange told its users and the world that hackers had managed to abscond with the equivalent of more than $530 million in NEM coins.

The Coincheck hack was more than $80 million higher than the infamous Mt Gox hack, previously known as the largest cryptocurrency hack in history.

Why were the hackers successful? The main problem lies in the fact that Coincheck was keeping the stolen NEM coins in a “hot wallet,” a digital storage space that was connected to the internet. Exchanges with better security practices keep the majority of their funds in “cold wallets,” digital storage units that are not connected to the internet.

As a reaction to the hack, the NEM Foundation originally proposed a software update known as a “hard fork” that would render the stolen coins useless. In the end, though, they ended up creating a tagging system that marked the stolen coins to prevent hackers from transacting with them.

BitGrail Rings in at the Second-Largest Hack of the Year

Not even a month after the Coincheck hack, hackers managed to hit the Italian ‘Bitgrail’ exchange to the tune of $195 million in Nano coins.

While it was widely accepted that the Coincheck hack was orchestrated by outside hackers who happened to luck upon a security vulnerability, some suspicions have been raised as to whether Bitgrail was somehow involved in its own hack.

Fortune reported that the exchange had halted all deposits and withdrawals and deposits of Nano coins in January, weeks before the hack. Then, the exchange announced that it would begin enforcing identity verification and AML measures for all of its users and that it was considering blocking non-European users. This sudden policy change reportedly led some users to suspect that a so-called “exit scam” was imminent. Eventually, the exchange's assets were seized by the government.

Following the hack, eyebrows were raised even further when Bitgrail founder Francesco Firano reportedly approached the group of developers responsible for the creation of Nano and asked that they would implement a hard fork in order to restore the funds stolen from the exchange.

The developers refused, and published records of their communication with Firano as well as a statement that declared: “we now have sufficient reason to believe that Firano has been misleading the NanoCore Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

“There is widespread speculation that Firano mismanaged customer assets and was claiming a ‘hack’ as cover,” Fortune reported. While suspicions still surround the hack ten months later, no major developments have been made in the case.

Coinrail, Bithumb, and Bancor

The third, fourth, and fifth-largest hacks are relatively small in comparison to Bitgrail and Coincheck, but they resulted in the loss of tens of millions of dollars nonetheless.

South Korean crypto exchange Coinrail revealed that $40 million in various cryptocurrencies had been stolen on June 10. A blog post by the exchange claimed that the hack had originally been more significant - 30 percent of the exchange’s reserves - but they had managed to recover two-thirds of the stolen funds. The exchange was reopened for business in mid-July, and affected users were offered compensation.

$31 million were stolen from the South Korean ‘Bithumb’ exchange ten days later on June 20. While the Bithumb hack was smaller than the Coinrail hack, the popularity of the bithumb exchange caused a larger reaction from the cryptocurrency community. There are varying reports on which assets were stolen from the exchange, although it was widely reported that XRP was involved.

The fifth-largest hack of the year involved Bancor, an Israeli-based token creation platform and exchange. $23.5 million were lost as a result of a breach in the Bancor network in ETH, NXPS, and BNT (Bancor’s native token) coins. The situation was partially resolved by the network’s decision to freeze $10 million in BNT, which caused criticism from the cryptocurrency community, who claimed that the network’s ability to freeze its own tokens proved that it wasn’t truly decentralized.

Where Does Dirty Money Go to Get Clean?

CipherTrace’s research found that 97 percent of Bitcoin Payments from addresses associated with known criminals went to countries without strong AML (anti-money laundering) laws, and alleged that exchanges had laundered more than $2.5 billion in crypto.

However, the hacks have also caused a number of the world’s governments to crank up their regulation efforts and end any association with bad business.

“Different geographies are competing on regulations and trying to become ‘trusted’ digital currency hubs in order to grow their economies,” said CipherTrace CEO Dave Jevans in an official statement. “We will see the opportunities to launder cryptocurrencies greatly reduced in the coming 18 months as cryptocurrency AML regulations are rolled out globally.”

We can hope so. There’s also hope that security practices on cryptocurrency exchanges will continue to improve as regulations improve.

More Regulations Could Improve Industry Security Standards

Japan is leading the way in government-enforced cryptocurrency exchange security standards; when the country passed its Virtual Currency Act in April of 2017, it created a process for cryptocurrency exchange to become licensed. A number of exchanges have raised their standards to meet the government’s requirements, but others have shut down as a result of failure to comply. As more governments become increasingly involved with cryptocurrency regulations, we can expect to see similar regulatory measures appearing around the world throughout 2019.

As hacks, money laundering, and other kinds of illegal activity continue to become less prevalent in the cryptosphere, we can also expect to see a growing number of businesses, financial institutions, and even government organizations that will be increasingly interested in interacting with cryptocurrency. In turn, this could work to stabilize the cryptocurrency markets.

One thing is almost certain--the cryptocurrency markets of 2018 will change drastically throughout 2019, and institutional constituents might just be the reason.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 60 Followers
About the Author: Rachel McIntosh
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
  • 1509 Articles
  • 60 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}