Even though cryptocurrency uses nearly unbreakable mathematical principles to create the most secure form of currency ever devised, it’s by no means a flawless system. The networks may be secure, but the software written and used by cryptocurrency exchanges and companies can be surprisingly vulnerable to attack. When hackers find a flaw in this code, it’s only a matter of time before those once-safe crypto tokens start disappearing from seemingly locked-down hot wallets and customer accounts.
Here are nine memorable examples of truly catastrophic cryptocurrency thefts.
1. Binance: Late in the evening of May 7, 2019, Taiwan-based cryptocurrency exchange announced that a “large scale security breach” involving “phishing, viruses and other attacks” had resulted in the theft of 7000 BTC (worth about $40 million at the time) from the company’s hot wallet. No user funds were impacted by the hack, and Binance soon resumed operations following a thorough security review.
2. Tether: This U.S. dollar-pegged “stable coin” experienced a major headache in 2017, when a “malicious action by an external attacker” resulted in the loss of over $30 million USDT tokens. This resulted in serious backlash, with Tether halting operations and releasing an emergency hard fork to prevent the stolen coins from being sold.
3. The DAO: Created with the intention to establish a truly decentralized investment fund running on the Ethereum network, the DAO (Decentralized Autonomous Organization) was a an exciting experiment in smart contract technology. Unfortunately, a flaw in the project’s code resulted in an attacker stealing roughly $50 million from the DAO before anyone could stop them. Worse yet, the Ethereum community was completely divided in how to respond to the hack, with one faction splitting off to form a new token called Ethereum Classic.
4. Zaif: In September of 2018, Japan-based exchange Zaif issued a statement confirming the theft of 6.7 billion yen (roughly $60 million) in bitcoin and bitcoin cash, as well as an undisclosed amount of MonaCoin (marketed as the “first Japanese cryptocurrency”). The exchange was forced to sell off around $44.5 million in equity in order to restore stolen funds and continue operations.
5. NiceHash: In December of 2017, hackers stole 4,700 BTC (worth around $80 million) from Slovenia-based bitcoin mining company NiceHash using a “compromised company computer.” In an ironic twist, NiceHash founder Matjaž Škorjanc was one of the creators of the Mariposa botnet, which infected more than one million computers with information-stealing malware before it was dismantled in 2009.
6. CoinCheck: Tokyo-based exchange CoinCheck faced a nightmare scenario in early 2018, discovering that hackers had swiped some 523 million NEM tokens (worth around $530 million) from the company’s hot wallet. This makes the CoinCheck hack the single largest theft of cryptocurrency in history, even if it wasn’t widely felt by the wider cryptocurrency community due to NEM’s relative obscurity.
7. MtGox: It’s no accident that MtGox is blamed for the 2014 bitcoin crash that saw prices fall from $1,000 to $450 in just a few months. The historic hack — 744,408 BTC, worth around $473 million at the time — didn’t happen in a single attack, but was instead the result of a slow, steady siphoning of MtGox’s wallets dating back to at least 2011.
8. Bitpoint: In the summer of 2019, Japan-based exchange Bitpoint revealed that it had been hacked. Thieves made off with around $32 million in cryptocurrency, including $23 million in customer funds.
9. Bitfinex: Once one of the largest cryptocurrency exchanges on the planet, the Hong Kong-based Bitfinex faced a major setback in August of 2016 when hackers stole 120,000 BTC ($72 million) from customer accounts. The company would face many issues moving forward, including a 2019 lawsuit brought by the New York Attorney General claiming that Bitfinex had tried to cover up a loss of more than $850 million due to a shady deal with a Panamanian financial firm.