Crypto fraudsters, especially scammers, prey on naive buyers in the physical world by reading the fine print in contracts.
Understandably, crypto heists pique the public’s interest. The first consideration is the massive amount of money to be stolen—legacy financial organizations are rarely robbed of such large sums of money. Second, because cryptocurrencies have only lately piqued the public’s interest, any hack is bound to generate headlines.
On top of that, hackers have discovered that stealing cryptocurrency is more straightforward than stealing cash or electronic money in the banking system. As a result, it is becoming more widespread. Moreover, as cryptocurrency is commonly stored in huge sums and can be transferred instantly and anonymously from anywhere using only a private key or passcode, crypto hackers target it.
Let’s take a look at the biggest crypto thefts of all time in this article. Also, the article will outline why crypto exchanges keep getting hacked; why are crypto heists getting larger and what we can do to protect ourselves from crypto heists.
The biggest crypto heists to date are MT Gox, Bitgrail, Coincheck, KuCoin, PancakeBunny, Poly Network, Cream Finance, BadgerDAO, Vulcan Forged and Bitmart.
MT Gox was the first large-scale exchange hack, and it remains the most significant Bitcoin (BTC) heist from an exchange. The MT Gox robbery, on the other hand, was not a one-off occurrence. Rather, the site leaked cash from 2011 to February 2014.
Hackers stole 100,000 BTC from the exchange and 750,000 BTC from its consumers over a few years. These Bitcoin burglaries were valued at $470 million at the time, but they’re now worth approximately ten times this amount. Shortly after the theft, MT Gox went into liquidation, with liquidators recovering roughly 200,000 of the stolen BTC.
Bitgrail was a small Italian exchange that traded in obscure cryptos like Nano (XNO). The exchange was hacked in February 2018, just as the price of XNO soared from a few cents to $33. At least 17 million coins (the equivalent of about $150 million) were taken from Nano wallets.
Many users began to express their dissatisfaction with the exchange before the attack (significantly lower withdrawal limits and transaction problems). According to the investigations, the coins were stolen from cold—not hot— wallets. Investigations persisted throughout the preceding three years, with Italian authorities now charging Bitgrail’s owner of being behind the attacks.
Coincheck, based in Japan, had $530 million worth of NEM (XEM) tokens stolen in January 2018. Hackers took advantage of the fact that the currency was kept in a “hot” wallet, which meant it was connected to the server and thus “online” (a cold wallet sees funds stored offline).
The stolen coins were identified and marked as such by NEM developers, although there was conjecture that the monies were available on dark markets.
However, given how much the coins lost in value following the attack, it’s unlikely that many people would have thought this was a good deal (the coins are now worth 83% less than they were—roughly $90 million).
KuCoin announced in September 2020 that hackers had obtained private keys to their hot wallets before withdrawing substantial quantities of Ethereum (ETH), BTC, Litecoin (LTC), Ripple (XRP), Stellar Lumens (XLM), Tron (TRX) and Tether (USDT). Since then, experts have claimed that they have reasonable cause to assume that crypto heist hackers are North Korean.
This flash loan attack, in which hackers were able to siphon $200 million from the platform, occurred in May 2021 and is among the more severe cases of cryptocurrency theft. The hacker loaned a big sum of Binance Coin (BNB) before manipulating its price and selling it on PancakeBunny’s BUNNY/BNB market to carry out the attack.
This allowed the hacker to obtain a large number of BUNNY via a flash loan, dump all of the BUNNY on the market to lower the price, and then repay the BNB using PancakeSwap.
In August 2021, a hacker exploited a vulnerability in Poly Network’s infrastructure and stole funds totaling more than $600 million. They didn’t get away with their reward, though, in an odd twist. Instead, the hacker approached the platform and agreed to return the majority of the funds, except $33 million in Tether (USDT) that had been frozen by the issuers.
But the saga didn’t end there: $200 million of the stolen assets were locked away in an account that required the hacker’s password, according to Poly Network. The hacker initially refused to hand over the hacked crypto.
That is, until Poly Network pleaded with them to release it, gave them a $500,000 reward for discovering the system flaw, and even offered them a job! Poly Network later revealed that the private key had been handed to them by “Mr. White Hat.”
Not only did hackers steal $130 million in the October 2021 incident related to robbing a cryptocurrency, but it was also Cream Finance’s third attack of the year. Hackers took $37 million in February 2021 and $19 million in August 2021.
In the most recent attack, hackers used what was deemed a flaw in the DeFi platform’s flash lending system. On the Ethereum network, they were able to take all of Cream Finance’s tokens and assets, totaling $130 million.
A hacker succeeded in stealing assets from multiple cryptocurrency wallets on the DeFi network, BadgerDAO, in December 2021. The problem is thought to have started on November 10 when a malicious script was injected into the website’s user interface.
Users’ transactions may have been intercepted while the script was active. The attacker took 896 BTC valued at roughly $50 million at that time.
In December 2021, hackers stole $135 million from Vulcan Forged, a blockchain gaming startup. They stole private keys to 96 separate wallets before draining 4.5 million PYR tokens from them.
In December 2021, a hack of Bitmart’s hot wallet resulted in the theft of about $200 million. At first, it was thought that $100 million had been stolen via the Ethereum blockchain, but additional research found that another $96 million had been stolen via the Binance Smart Chain blockchain.
Over 20 tokens were taken, including altcoins such as BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, as well as substantial quantities of Moonshot (MOONSHOT), Floki Inu (FLOKI) and BabyDoge (BabyDoge).
One of the best ways to protect your crypto investment is to secure a wallet and do your own research about the projects in the market.
Don’t believe everything you’re told. Instead, examine any claims made about investment, especially if they appear too good to be true or promise huge returns in a short period. Also, do not trust anyone who contacts you personally, whether a government official, a public personality, or a stranger, and asks for Bitcoin payments or offers you an “investment opportunity.”
Whenever possible, enable two-factor authentication on your cryptocurrency wallet and exchange. Moreover, never give anyone your crypto wallet’s private key or seed phrase, and keep that information offline in a cold wallet.
Check the URLs of websites two or three times. For example, when trying a phishing scam, scammers will replicate the URL of a valid site and replace letters and numbers, such as an “l” for “1” or a “0” for the letter “O.” Furthermore, any offer that requires an upfront cost should be rejected, regardless of the amount, especially if the price must be paid in cryptocurrencies.