In the early hours of September 20, the Singaporean cryptocurrency exchange BingX confirmed that there had been a security breach. The incident resulted in "minor asset loss," according to company officials. But experts have already said that it could have led to millions of dollars being stolen. That’s not the first big crypto exchange hack in years.
As the market ballooned in value, so did the risks associated with it. Hackers are going after centralized crypto exchanges because they are the entrance to the world of digital assets. These platforms hold billions in user funds, making them as attractive as traditional banks were in earlier times for cybercriminals. Cryptocurrencies are decentralized, and different exchanges have different levels of security. This has led to some of the biggest thefts in the history of money.
The increase in exchange hacks shows a significant truth about cryptocurrencies: blockchain technology is praised for being safe, but the places where users store and trade their assets are still open to attack. Many of these hacks took advantage of holes in security protocols, mistakes in the code, or even carelessness on the part of employees. Millions of dollars have been stolen as a result, which has hurt public trust and made people wonder if crypto will ever be widely used without better infrastructure.
While the BingX scandal plays out, let's look at the 10 biggest crypto exchange hacks of the past few years and talk about the technical flaws, financial effects, and lessons learned.
1. Mt. Gox (2014) – The Giant’s Fall
The Japanese Mt. Gox exchange ruled Bitcoin trading in the early 2010s. It was the site of what is likely the most famous hack in the history of cryptocurrencies.
The exchange handled more than 70% of all Bitcoin transactions around the world at its busiest. A lot of people were scared when Mt. Gox stopped trading all of a sudden in February 2014. Soon after, the exchange went bankrupt and said that 850,000 BTC, which was worth $450 million at the time, had been stolen. In today's money, that amount would be billions. So even 10 years later the story sounds pretty scary.
The attack unfolded over several years. Hackers slowly took Bitcoin out of Mt. Gox wallets by taking advantage of flaws in the company's hot wallets and bad security practices inside the company. The main problem was a weakness in the exchange's system for verifying transactions. This weakness, called "transaction malleability," let thieves change transaction IDs and take money without being caught.
Mark Karpeles, who was CEO of Mt. Gox, was later caught and charged with theft. The hack is still remembered as a lesson in the crypto world because it showed how dangerous it can be when management is bad and security isn't strong enough. Some of the Bitcoin that was stolen has been found.
2. Coincheck (2018) – The $500 Million NEM Heist
Over $500 million worth of NEM (XEM) tokens were stolen from the Japan-based exchange Coincheck in January 2018.
NEM transactions are more complicated than Bitcoin transactions because they need to be approved by more than one person. But that didn’t help. How’s so? Well, unfortunately, Coincheck kept most of its NEM in "hot wallets». The ones that are online and can be hacked, relatively easily.
Hackers infiltrated Coincheck’s servers and gained access to the exchange's hot wallet. One major security flaw in the exchange was that multi-signature wallets were not used for such a large number of assets. Once they were inside, the hackers moved the NEM to different accounts. Although blockchain technology can't be changed, Coincheck couldn't undo the transactions because NEM is decentralized.
The openness of the NEM blockchain helped the police find some of the stolen money, but a lot of it is still missing. Because of the hack, Coincheck had to pay back users who were affected out of its own pocket. This led to tighter oversight of exchanges in Japan by the government.
3. Bitfinex (2016) – The Multi-Sig Conundrum
Bitfinex was one of the biggest cryptocurrency exchanges in August 2016 when a hack stole 120,000 BTC, or about $72 million.
A blockchain security firm called BitGo supplied Bitfinex with a multi-signature wallet system. Nevertheless, this setup was found to have vulnerabilities due to the hack.
The hackers breached Bitfinex's security and gained access to its hot wallets. Security flaws in Bitfinex's key management and coding mistakes in the multi-sig implementation were the reasons the hackers were able to get access, as it was later discovered.
Both the financial impact and the subsequent handling of the Bitfinex hack are noteworthy. In order to represent the lost funds, the exchange created a token (BFX) that users could trade or hold onto until the exchange's finances improved. While Bitfinex did compensate the impacted customers, the episode cast doubt on the security of centralized exchanges and the usefulness of multi-signature wallets.
4. Binance (2019) – A Target Too Big to Fail
In May 2019, a major hack occurred at Binance, which is one of the biggest cryptocurrency exchanges in terms of volume. At the time of the attack, 7,000 BTC—equivalent to around $40 million—were stolen. And that was a major event in the crypto industry, to say the least.
The hackers used a combination of phishing, viruses, and other sophisticated techniques to obtain a large number of user API keys, 2FA codes, and potentially other info that could help to sneak to the internals of the giant crypto exchange.
Because of the sophisticated methods used, the Binance hack stands out. The hack was carried out in a very organized fashion by the attackers, who withdrew the Bitcoin in a single fast transaction that set off alarms.
Withdrawals were immediately halted and an emergency response was launched by Binance. Lucky for its users, the losses were covered by Binance's SAFU (Secure Asset Fund for Users) fund, which was specifically established for these kinds of emergencies.
Although the platform's security systems were compromised, Binance's protocols enabled them to minimize the damage and recover promptly, according to Binance CEO Changpeng Zhao, who later addressed the incident.
The breach demonstrated that no platform is safe from ever-evolving cyberattacks.
5. KuCoin (2020) – The $275 Million Theft
A hack occurred in September 2020 at the Singaporean exchange KuCoin, and approximately $275 million worth of Ethereum, Bitcoin, and ERC-20 tokens were stolen.
Once again, the exchange's hot wallets were compromised, demonstrating the dangers of keeping substantial assets online.
Both the quantity stolen and KuCoin's lightning-fast reaction made the attack noteworthy. A significant chunk of the stolen funds was quickly frozen by the exchange, which collaborated with project teams and blockchain businesses. In the end, over $200 million of the looted funds were returned.
The response from KuCoin demonstrated how advanced crypto security measures are becoming, especially the capacity to work with blockchain projects to stop or undo the transfer of stolen money.
But it did spark a broader conversation regarding the dangers of centralized exchanges and brought attention to the need for improved hot wallet security.
6. NiceHash (2017) – The $64 Million Mining Hack
The NiceHash cryptocurrency mining marketplace in Slovenia was hit by a hack in December 2017, resulting in the theft of 4,700 BTC, which was valued at around $64 million at that time.
After stealing money from NiceHash, the perpetrators probably used social engineering to get access to the company's internal systems.
Unlike more typical hacks, this one went after a mining platform.
Users of NiceHash, who had rented out their computing power to others in return for Bitcoin, suffered heavy losses. In response, the business froze all operations and launched an exhaustive investigation.
Although NiceHash eventually paid out affected users, the incident demonstrated how susceptible the whole cryptocurrency ecosystem is, including mining platforms.
7. Liquid (2021) – The $94 Million Exploit
The Japanese exchange Liquid lost more than $94 million worth of Bitcoin, Ethereum, and other cryptocurrencies in a hack that happened in August 2021.
The assets of Liquid were moved to numerous addresses after hackers gained access to their hot wallets. As soon as it realized it could lose more money, the exchange transferred the money to cold wallets.
After this, Liquid collaborated with other exchanges to halt all transactions in an effort to identify the thieves and, ideally, recover their stolen funds. Although a portion of the funds were recovered, the incident brought to light the persistent worries regarding the susceptibility of hot wallets and the difficulties of real-time digital asset security.
8. Cryptopia (2019) – The Fall of a Small Giant
Despite its modest size, the New Zealand-based crypto exchange Cryptopia enjoyed high esteem among its users.
A hack in January 2019 compromised the exchange, stealing around $16 million worth of cryptocurrencies. Cryptopia had to stop all operations after the hack and the exchange went bankrupt.
Because Cryptopia had little money to pay out to victims, the hack was especially bad for them. The entire holdings of several users were lost. The exchange's internal procedures and risk management came under scrutiny after investigations exposed numerous security breaches.
9. Zaif (2018) – The $60 Million Hack
The hack that occurred in September 2018 at the Japanese cryptocurrency exchange Zaif resulted in the theft of approximately $60 million worth of Bitcoin, Bitcoin Cash, and MonaCoin.
After breaking into the exchange's hot wallets, the hackers were able to move the money around for a while before anyone noticed.
In order to recoup some of its losses, Tech Bureau, Zaif's parent company, sold a controlling interest in the business to Fisco, another Japanese financial services provider. As a result of the hack, Zaif had to temporarily halt operations, and the Japanese government began to crack down harder on cryptocurrency exchanges.
10. Bitmart (2021) – The $150 Million Hot Wallet Breach
In December 2021, a huge hack happened at Bitmart, a bitcoin exchange that is known all over the world. Users' money worth almost $150 million was stolen in the attack. Hot wallets for Binance Smart Chain (BSC) and Ethereum (ETH) tokens on the exchange were the weak spots that let the hack happen. The hackers were able to do anything they wanted with the cryptocurrency stored in Bitmart's wallets once they got their hands on the exchange's wallet keys.
It was one of the attackers' more complex tricks that they set up automatic withdrawals for many tokens, such as Safemoon, Shiba Inu (SHIB), and others.
The security company PeckShield was the first to notice the strange transactions and let everyone know about them. Soon after, Bitmart CEO Sheldon Xia confirmed the hack and stopped withdrawals and deposits on the site until they could assess the damage.
Bitmart quickly told its users that they would pay for their losses out of their own pockets.
Like other hacks, the Bitmart hack brought attention to the major security problems that come with storing hot wallets. Anything that is always linked to the internet is open to attack.
There's more to it than that, though.
Attacks like this one make people question how reliable centralized exchanges are and how well they can keep user cash safe.
Because of what happened, many people came to the conclusion that security needs to be tightened and cold wallet storage needs to become more popular so that similar problems don't happen again.