Biggest Cryptocurrency Hacks of All Time
Date: 13 January 2023
Cryptocurrencies have altered the way financial transactions work across the world and the way people invest their money too. A large number of people have transacted on a crypto exchange at least once in their lifetime.
While cryptocurrencies have made millionaires overnight and blockchain technology that enables crypto offers high levels of anonymity and security, they are not immune to cyber crime either. In the last year, several cryptocurrency hacks in 2022 have made the news many times over. In this blog, we cover the largest crypto hacks of all time.
Cryptocurrencies have been around for quite some time now, with Bitcoin coming into being all the way back in 2009. Seeing how over a decade has passed since the inception of this new technology, it should come as no surprise that it has experienced its fair share of problems and crises. There have been numerous cases of cryptocurrencies being hacked and stolen. Billions of dollars worth of crypto have vanished into the rabbit hole of the hacking community, and most of the tokens have never been seen.
If we consider the size of the crypto market as a whole and the unreal amount of money that is being invested in numerous projects and tokens, it is almost surprising that we haven’t played witness to a lot more cryptocurrency exchange compromises.
Just Bitcoin alone once held a market capitalization of $1.28 trillion, making it one of the hottest assets in the world. Further, blockchain security which enables it, is considered immutable, making the asset even more attractive.
The problem of crypto hacks is accentuated by the fact that most of the people who put their money into cryptocurrencies had a very limited understanding of this industry, of blockchain and how things worked, making them prime victims. Let’s take a look and see which crypto hacks have been the biggest and what consequences came from these.
Ronin Network - $625 million
The largest cryptocurrency hack to date happened in March of 2022 when hackers managed to get away with around $620 million worth of Ethereum and USDC. According to Ronin Network, this hack affected the validator nodes of Sky Mavis, a developer behind the game Axi Infinity, one of the largest crypto games at the time.
The worst thing about this hack is that Ronin Network and Sky Mavis were unable to spot that this hack occurred, and it only came to their attention when one user was unable to withdraw their crypto from the network.
This becomes even worse, as, at the time of the hacking, Ronin Network had their security lowered, following a big Axi Infinity update a few weeks prior. With lowered security, hackers managed to gain access to private keys of different wallets and faked withdrawals. This could have easily been prevented as it occurred entirely due to the lowering of security in order to publish that update.
After this, Ronin Network and Sky Mavis started to work with different US government agencies in order to try and retrieve these funds but were unable to achieve any significant success.
Binance managed to retrieve $5.8 million, but it was a fraction of what was stolen. Following the investigation, it is believed that this crypto hack was engineered by North Korean hackers operating from China, meaning that the US had very little power to do anything in this instance.
Poly Network - $611 million
Not every hack has to have a tragic ending, and the Poly Network hacking incident is a good example of it. This hack took place on 10 August 2021, when a hacker managed to steal more than $600 million worth of cryptocurrency from the DeFi platform.
When reports started to surface, Poly Network stated that the cause of this hack might have been a leak of private keys that were used to sign signatures on their wallets. Further reports stated that the hacker found a bug in the Poly Network that gave them the ability to sign transactions without the need for private keys. All in all, around $611 million worth of crypto went missing, which consisted of cryptos such as wrapped Ethereum and Bitcoin, USDT, and Shiba Inu.
Poly Network even went as far as sharing the addresses of crypto wallets where funds were transferred and encouraged different exchanges and networks to be on the lookout for stolen funds. This action led to Tether freezing $33 million of USDT.
But as we mentioned at the beginning, this story has a somewhat happy ending. Following these events, Poly Network tried to establish communication with the hacker through different online methods, and to their surprise, they got a response.
The hacker then stated that they intended to return all of the stolen cryptos and that they only did this to point out the vulnerabilities of the network. Following these events, the hacker started the process of returning the stolen funds and by August 13th, they had returned $340 million worth of crypto, with the remaining tokens being transferred to multi-signature wallets controlled by Poly Networks and the hacker collectively.
By August 25, Poly Network was in possession of all $611 million cryptos and offered the hacker a $500,000 bounty for finding this bug. They even went further and offered the hacker a position as head of cyber security, but we could not confirm if the hacker took them up on the offer.
Mt. Gox - $473 million
One of the oldest large-scale crypto hacks occurred back in 2011 when one of the biggest crypto exchanges at that time Mt. Gox lost approximately 25,000 Bitcoin. At that time, this was worth around $400,000. But Mt. Gox did not learn from its mistakes and 3 years later, hackers took another tour of Mt. Gox’s wallets. They took out an additional 650,000 Bitcoin from customers and 100,000 Bitcoin from the company itself, which at the time was worth around $473 million.
As we mentioned, the first blow that Mt. Gox took was in 2011. During this period, hackers managed to hack into the Mt. Gox systems and changed the price of 1 Bitcoin to 1 cent and then went on to purchase a lot of tokens themselves, with some customers also taking advantage of this temporary price manipulation.
Ever since then, Mt. Gox stated that they have tightened their security, but it became clear that they failed to do so properly when, in 2014, another hack took place. Following an investigation, it was revealed that hackers decrypted multiple private keys of Mt. Gox in 2011, which were then used to steal additional funds.
When we say that hacking took place in 2014, we mean that it was discovered in 2014, while hackers had been taking out Bitcoins from Mt. Gox wallets for the previous 3 years. The reason why this went unnoticed, especially when it is speculated that by 2013 Mt. Gox had already been drained of almost all Bitcoin, is unknown.
Some ex-employees state that the company was badly managed and this contributed to the theft going unnoticed for multiple years. It is said that Mt. Gox managed to retrieve around 200,000 Bitcoin shortly after noticing this hack, but customers still have not seen their crypto back after 8 years.