The Biggest Cryptocurrency Hacks of 2018 (A Year in Which $1 Billion Crypto Was Stolen)

$927 million worth of cryptocurrency was stolen in 2018 according to a new report by CipherTrace.  The vast majority of this money was taken from cryptocurrency exchanges in high-profile hacks.

Block Explorer decided to review the biggest crypto hacks of 2018 to remind our readers about the importance of taking all the possible measures to keep their digital fortunes safe. Meet the notorious winners:

January: Coincheck ($532.6 Million Hack)

This year started with one of the biggest crypto heists ever. Around 500 million XEM coins (native cryptocurrency of the NEM project) were stolen from the hot wallet of Tokyo-based crypto exchange Coincheck. 

At the date of the incident, the coins were worth roughly $532.6 million, beating the well-known disastrous Mt. Gox hack, when 850,000 of Bitcoins disappeared. The damage at the time was around $450 million.

Coincheck’s misadventures led to its acquisition by Monex Inc., a Japanese financial services group in April 2018. Monex was interested to increase the company’s international outreach.

It took ten months for the dust to settle, but Coincheck has now resumed its trading services.

February: BitGrail ($170 Million Hack)

Another month, another hack. This time the bad luck happened to BitGrail, a small Italian crypto exchange. And even though its trading volumes were not impressive, it was a perfect place for trading Nano (XRB). The asset went from $0.1 back in November 2017 to as high as $34 in January 2018 and was trading around $9-$18 at the moment of the hack. Its volatility made it very attractive for speculative traders, and the prospect of potential gains made them blind to the risk of using the non-mainstream exchange. 

And so it happened: BitGrail reported that hackers get away with 17 million nano, worth around $170 million at the time of the incident. Francesco Firano, known as @bomberfrancy on Twitter, the man behind the exchange, tried to put the blame on the Nano developers and claiming that they didn’t want to collaborate.

Firano offered the project’s team a solution for recovery after the hack: to modify the ledger. But the answer was negative. 

This story quickly became more and more controversial due to the endless discussions and theories suggested by social media users. They included the hypothesis that the nano hack was an exit scam.   

April: Ian Balina ($2 Million Hack on YouTube Live Stream)

Ian Balina, quite an established crypto influencer, investor and advisor, was hacked during his live stream ironically named “Hacking the System”. Approximately $2 million worth of tokens were snatched during this attack. Some participants of the crypto sphere speculated that it was a foxy trick to avoid taxes. 

Later in September, two young men, Fletcher Robert Childers, 23 and Joseph Harris, 21 (believed to go by the alias ‘Doc’), were arrested on suspicion of carrying out the attack. As reported by Motherboard, Balina confirmed he thought persons named Doc and Veri were behind the hack. 

June: Coinrail ($40 Million Hack)

June started with some noise in South Korea when a tiny exchange Coinrail lost more than $40 million worth of crypto in yet another hack. The biggest hit was taken by payment processing startup called Pundi X, with around 3% of total NPXS token supply affected. 

The project’s team was very eager to cooperate by freezing the stolen tokens immediately and halting trading to help with the investigation.

To this date, there are no major announcements on identifying the criminal behind the Coinrail’s heist. 

June: Bithumb ($31 Million Hack)

Bithumb is one of the most popular crypto exchanges in South Korea; one of the top ten in the world by volume for trading bitcoin cash and ethereum at the time of the hack. 

In spite of being a mainstream exchange, Bithumb was the subject of a hack in June 2018. During the attack, approximately 35 billion of Korean won worth of crypto was stolen ($31 million equivalent).  

According to some reports, the exchange’s management was aware of security issues prior to the breach and took measures to enhance the exchange’s safety, but it still didn’t work out. 

After the hack was discovered, the exchange’s management made a pledge to refund the losses to all affected customers from its own reserves. 

The investigation of the event was held by South Korea’s National Police Agency and its cybersecurity division. However, at the moment of writing, no definite suspects were found. 

September: Zaif ($60 Million Hack)

Another Japanese exchange came under attack. Hackers accessed the exchange’s hot wallets, which resulted in the loss of $60 million worth of crypto assets, including monacoin, bitcoin cash, and bitcoin.

The owner of the exchange, Tech Bureau Corp., promised to cover the losses of all affected customer and to do so got into a deal with Fisco Ltd. They agreed to exchange the major stake of Zaif exchange for financial support to resolve the issue. The total amount received was 5 billion yen (approximately $45 million). 

October: MapleChange (Unknown Figures)

Later in October, MapleChange, a tiny Canadian crypto exchange reported a hack, losing practically all the funds the exchange had at their disposal. The announcement was followed by the company’s management shutting down its website and social media accounts. They deleted everything that might have led to identifying the owner’s names. Many of MapleChange’s customers were not buying the “hack” story and suspected that it was a scam exit. 

October: Trade.io ($8 million Hack)

Another crypto exchange was hacked in October. Swiss-based Trade.io reported the loss of about $8 million worth of TIO tokens, apparently stolen from a company’s cold wallet. 

The stolen tokens were intended to be used as a project’s liquidity pool. Therefore, the management performed a fork to get the funds back. 

Interestingly enough the team stored the wallet itself in a local bank’s deposit safe. And since it was reported that the safe wasn’t compromised the only explanation is that hackers somehow managed to access the wallet details for making the transfers, that normally indicates an “inside job”. 

SIM Swap Hacks Turn Mainstream. Millions of Dollars Lost

 Towards the end of the year, we saw a new trend emerge: sim swap hacks.

By November these got completely out of hand and became a real pain for the members of the crypto community. 

In the nutshell, the SIM swap method gives the criminal the access to someone’s crypto wallets. By using SMS backup it’s possible to bypass two-factor authentication commonly used to protect the digital fortunes. 

Among the possible scenarios of a perfect SIM swap heist are: 

  • Bribing the mobile operator’s employees to get some inside help with the crime
  • Intentional abuse of customers’ data by former or current employees
  • Employees tricking innocent colleagues to swap the potential target’s SIM cards. 

As for the victims… Robert Ross, an angel investor from San Francisco, lost around $1 million due to the SIM swap. Christian Ferri, the head of BlockStar lost over $100,000. Michael Terpin, a well-known veteran of crypto space, is suing AT&T over a SIM swap that cost Terpin around $23.8 million at the time. And that’s just to name a few.

The list is living proof that with the evolution of blockchain-based projects comes the increased level of sophistication and persistence of crypto criminals. Don’t let them get you and be safe! 

Please don’t keep your crypto on an exchange

It might be simple and convenient, but it is not safe. Instead, move your funds to a secure wallet of your own where it is less vulnerable to hacks.

Essential further reading: 12 Best Bitcoin Wallets (For Safe and Secure Crypto Storage in 2018)

 

Ana Balashova

Ana is a former ICO marketer in love with storytelling and disruptive technologies. Find her on Twitter @CoinJive

One Reply to “The Biggest Cryptocurrency Hacks of 2018 (A Year in Which $1 Billion Crypto Was Stolen)”

  1. If you put a VPN on the router level, you will have a layer of advanced encryption for all of your devices. You can flash a router with DD-WRT firmware (which is available online for free) and with this, open the door to using the router as a VPN hub. If flashing your router sounds intimidating, you could always purchase a pre-flashed device from FlashRouters.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.