The distributed, decentralized ledgers known as blockchains have been hailed as impenetrably secure by many in the cryptocurrency community. How could a blockchain be hacked, the thinking goes, when the ledger of transactions for a cryptocurrency ecosystem is publicly available and shared across a network, and when transactions themselves are verified by members of the community? Unfortunately for cryptocurrency market participants, though, some of these systems are not as impregnable as originally thought.
As the public awareness of crypto has grown and as token valuations skyrocketed in recent years, hackers and fraudsters may have had added incentive to find a way to steal digital currencies because of the potential for an even greater payday. Indeed, stealing cryptocurrencies—again, when tokens are massively popular in part because they have been marketed as highly secure ways of transacting and storing value—has become big business. In 2022 a record $3.8 billion worth of crypto tokens was stolen globally.
Nonetheless, blockchain and crypto hacks appear to be getting bolder than ever before. Below, we take a closer look at the most brazen blockchain and cryptocurrency hacks ever.
Mt. Gox Opens the Gates to Crypto Theft
The now-defunct crypto exchange Mt. Gox is notorious for being the target of the first major crypto hack and theft. In 2011, Mt. Gox handled about two-thirds of all bitcoin transactions when it suffered the theft of 25,000 BTC, worth roughly $400,000. While this sum may seem relatively minor compared with the valuation of bitcoin since that time, it was not the only such attack on Mt. Gox. In 2014 another incident resulted in 750,000 bitcoins lost, worth $473 million. At the time, this accounted for about 7% of all bitcoins in existence.
Binance Suffers a BNB-Related Hack
Binance remains one of the major crypto exchanges globally as of this writing, but in late 2022 it suffered losses of about $570 million when hackers were able to exploit a smart contract bug that left the blockchain vulnerable. The thieves made use of the cross-chain bridge BSC Token Hub to create extra Binance Coins (BNB) and withdraw about 2 million of these tokens, which are native to Binance.
FTX Implodes and Thieves Take Advantage
One of the boldest cryptocurrency thefts is also one of the most recent. In November 2022, cryptocurrency exchange and hedge fund FTX dominated the news when it filed for Chapter 11 bankruptcy, eventually collapsing entirely. On the same day, thieves stole more than $600 million from the company’s cryptocurrency wallets. The brazen attack may have capitalized on internal turmoil, leading the company to later announce to users that its own apps were hacked and that they should delete them. Unfortunately, the theft left many FTX account holders tokenless.
The Largest-Ever Hack: A Blockchain Gaming Platform
To date, the largest crypto hack occurred when $625 million in ethereum and the USDC stablecoin were stolen from the Ronin Network, an ecosystem affiliated with the Axie Infinity blockchain gaming platform. U.S. officials attributed the attack to the Lazarus Group, a North Korean state-backed hacking collective. The hackers reportedly were able to access private keys and forge transactions on the blockchain.
Major DeFi Attack on the Poly Network
One of the largest DeFi-related attacks took place in the summer of 2021. A single hacker exploited a vulnerability in the DeFi platform of the Poly Network to steal $611 million in a variety of tokens. Poly Network developers pleaded with the anonymous hacker to return the funds. Oddly, two days after the attack the hacker did, in fact, return about half of the stolen tokens, acknowledging that they had targeted Poly “for fun.”
Another DeFi Casualty: Wormhole
Last year, experimental DeFi platform Wormhole, a popular bridge service, suffered the loss of about $326 million in Wrapped Ethereum (WETH) tokens. Hackers attacked the platform’s leg on Solana, where users lock ETH tokens in order to receive WETH. Fortunately in this case, the parent company of Wormhole, Jump Trading, replaced the stolen funds and repaired the bridge, but this is nonetheless a lesson that hackers are ready and waiting to exploit new protocols the moment a weakness is found.
Nomad Hackers Inspire Copycats
In August of last year, another token bridge, Nomad, lost about $190 million when it suffered multiple attacks as a result of a smart contract weakness that left transaction inputs unvalidated. The particularly bold aspect of this incident was that an original attacker seems to have inspired several copycats who utilized the same weakness before it was corrected. Some of these copycat hackers even attempted to intercept stolen funds and return them to the Nomad protocol, while others followed the original hacker and stole additional tokens.
Thieves Exploit Governance Protocols
Some of the boldest blockchain thefts are not “hacks” exactly, but rather attacks on crypto ecosystems that take advantage of the structure of those systems to complete malicious actions. The infamous 51% attack—in which bad actors assume control over a blockchain by gathering a majority of participants in the network and falsifying or otherwise redirecting transactions—is one of the best-known examples of this type of exploitation. But there are many other approaches that clever teams of thieves have devised as well.
In 2022, the stablecoin protocol Beanstalk Farms fell victim to an attacker who stole $76 million by manipulating the system’s governance. The attacker used a flash loan to purchase governance tokens, and then used the authority from those tokens to pass proposals inserting malicious smart contracts.
Not all of the above attacks have targeted blockchains specifically. Some have identified security weaknesses for crypto exchanges that can be exploited, while many others have taken advantage of newer offerings like crypto bridges and DeFi protocols. In some cases, thieves have found unsecured wallets, while in other situations attackers find clever ways to take control of an entire ecosystem. Regardless of the means, the fact that crypto attacks occur as frequently as they do—and that even some of the largest players in the crypto space have suffered from thefts—should be a reminder to all cryptocurrency holders to be as careful as possible when it comes to keeping tokens secure.
Interestingly, trends may be shifting. The first quarter of 2023 witnessed some 40 attacks on crypto projects, resulting in about $400 million stolen. This is only about 30% of the attacks perpetrated during the first three months of 2022. The average hack size also declined by about two-thirds to just over $10 million as well. And perhaps most puzzlingly, more and more hackers seem to return the money that they steal: victims received back nearly half of all stolen token funds in the first quarter of this year. Hackers may truly be doing this “for fun,” as a way to exploit and reveal weaknesses in developing blockchain ecosystems, and to earn so-called “white hat” rewards offered by companies in exchange for returning their stolen funds.
Top 5 Essential Tips to Protect Yourself from Crypto Hacks
Now that we have a basic understanding of the types of hacks around, let’s dive into the top 5 essential tips to protect yourself from crypto hacks.
Tip #1: Secure Your Passwords and Use Two-Factor Authentication
Securing your passwords is the first line of defense against crypto hacks. Never ever use the same password for multiple accounts or use easy-to-guess passwords, like your name or date of birth. Instead, create a unique combination of upper and lower case letters, numbers, and special characters, making it virtually impossible to guess.
There’s more to security than just difficult to guess passwords though. It’s also a good idea to use two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring you to enter a code on top of your password to access your account. It may seem frustrating to have to go through an extra stage to access your assets, but 2FA will massively improve your security. Rather than a potentially hackable SMS-based solution, use an authenticator app, such as Google Authenticator or Authy, to generate the codes.
Tip #2: Keep Your Software and Hardware Up-to-Date
Keeping your software and hardware up-to-date is crucial to protecting yourself from any potential crypto hacking. Over time, vulnerabilities are uncovered in software code, and cybercriminals can exploit these vulnerabilities to gain access to your digital assets. Therefore, regularly updating your software and hardware, including your operating system, web browser, and antivirus software can make a real difference.
Tip #3: Use a Cold Storage Wallet
A cold storage wallet stores your digital assets offline, making it more difficult for hackers to get their hands on them. There are a few different types of cold storage wallets out there, including hardware wallets and paper wallets. Hardware wallets are physical devices that store your digital assets and require a PIN to access, while paper wallets are as simple as printed copies of your private keys that you can keep in a safe place.
Tip #4: Be Careful Where You Store Your Crypto
Precisely where you store your crypto is a key aspect of protecting against any cryptocurrency hacks. If you are going to store your digital assets on an exchange or hot wallet, then make sure the one you choose is reputable and has a proven track record of keeping bad actors at bay. You should also avoid storing your crypto on exchanges for extended periods of time, as they are more susceptible to attacks.
Tip #5: Educate Yourself and Stay Informed
Finally, educating yourself and staying in the loop with any new developments in the crypto space is a good way of protecting yourself. Regularly read news and updates about the crypto industry to keep on top of the latest security threats and best practices. You might want to do a bit of crowdsourcing on security matters too. By joining online communities and forums, you can learn from other crypto enthusiasts and experts.
Over the years, billions of dollars worth of digital assets have been stolen in crypto hacks, and crypto hacks still pose notable danger to crypto investors and blockchain users.
To mitigate the risks of becoming a victim of a crypto hack, consider using a crypto hardware wallet to store the private keys to your digital assets offline.