Table of Contents
While the global crypto markets have been recording staggering growth to over 21,000% since 2016, the ride hasn’t been very smooth. Besides the inherent volatility and uncertainty prevalent in the market, the cryptocurrency market has been at the receiving end of some notorious crypto hacks and cybersecurity breaches. While all these hacks were one of their kind, there was something to learn from each one.
Let’s discuss the top 5 crypto hacks from which the exchanges and traders can learn their lessons and recognize the responsibility attached to handling millions of dollars worth of crypto assets:
The Ronin Network Crypto Heist, March 2022
The $625 million worth of crypto hack on the Ronin network – home to Axie Infinity – is the most recent and the largest exploit in the history of cryptocurrency networks. The gaming-focused network announced the loss of 173,600 ether and 25.5 million USDC valued hundreds and millions of dollars in the exploit.
How did it happen?
Ronin sidechain has nine validators deployed on its chain and requires five signatures for withdrawals. The security arrangement is in place to protect the blockchain against these attacks. But the attacker used a backdoor entry through Ronin’s gas-free RPC node. The node was abused to obtain the signature for the Axie DAO validator. As seen on Etherscan, the attacker used hacked private keys to forge fake withdrawals from the Ronin Bridge across two transactions. The exploit impacted the validator nodes for Sky Mavis, which is responsible for publishing the Axie Infinity game and Axie DAO.
The address used in this attack was a new address that had transferred ETH from the Binance exchange one week prior to the attack. Except for the 6,250 ETH transferred to various other addresses, most of the loot remains in the attacker’s address. The Ronin network and Katana AMM have been paused until the investigations continue.
The Poly Network Hack, August 2021
Another of the biggest and most recent crypto hacks is the Poly Network hack. On August 10, 2021, around $611 million worth of crypto assets were stolen from Poly Network – a smart contract platform where users can exchange tokens between blockchains like Ethereum and Bitcoin.
How did it happen?
The attacker found a way to surpass PolyNetwork’s security and buy tokens without selling the corresponding tokens on other blockchains. The hacker returned the assets within a week, except for $33 million worth of USDT, as they had been frozen immediately post the attack. The attacker supposedly said the hack was for ‘fun.’ But the hack disclosed the weaknesses of the current Defi systems, and experts realized there were lessons that needed to be learned to strengthen the security of the Defi ecosystem.
The CoinCheck Hack, January 2018
The $547 million hacks happened in January 2018 when hackers breached Coincheck Inc. exchange’s system and stole hundreds of millions of worth of NEM tokens. Coincheck Inc. confirmed a security lapse but denied that it was an insider’s job.
How did it happen?
Usually, exchanges keep customers’ crypto assets in cold wallets that aren’t connected to external networks, but Coincheck kept customer assets in hot wallets, which are vulnerable to outside attacks. Also, the exchange did not have multi-signature as an additional layer of wallet security.
The 11 addresses to which the stolen NEM tokens went were identified, but it could not be identified to whom these addresses belonged. Each address has been labeled with the tag _accept_trades: owner_of_this_account_is_hacker. The developers of the NEM protocol developed a tracking tool that would help exchanges reject any trades concerning these stolen funds.
Mt. Gox Crypto Heist, February 2014
This crypto hack was the most widely publicized attack on a Japanese exchange, Mt. Gox. The heist ran up to $480 million in value, all in Bitcoin. Over 8,50,000 bitcoins were stolen or considered lost – this number amounted to 7% of the total bitcoins in circulation. Their valuation would be in billions today.
How did it happen?
The exchange was set up in 2010 as a site for trading ‘Magic the Gathering’ game cards. By 2014 the exchange was handling 70% of the Bitcoin transactions. In February 2014, the exchange suspended its operations abruptly, closed its services, and filed for bankruptcy. Despite years of investigation, the culprit couldn’t be tracked, and it was concluded that the Mt. Gox hack had been an outsider’s job.
KuCoin Crypto Hack, September 2020
KuCoin exchange, headquartered in Singapore, became a victim of a $275 million cryptocurrency hack in September 2020. The theft involved $127 million worth of ERC20 tokens used in the Ethereum smart contracts.
How did it happen?
This hack was another incident where the exchange’s slack security mechanisms were, in a way, responsible for the theft. The hackers were able to initiate the attack by getting access to the private keys of the hot wallets belonging to the exchange. Later on, most of the funds were recovered, including 15% of the stolen funds covered under KuCoin’s insurance. None of the customers lost their assets.
While cyber security will always remain an issue, there are certain ways via which you, as a trader, can ensure the security of your assets. Choosing a trusted crypto exchange like WazirX is the first step in this regard. Check that the exchange’s security mechanisms, including multi-signature wallets, two-way authentication, KYC checks, and other AML procedures, are in place.
Next, ensure that the exchange doesn’t use hot wallet systems to store its customers’ funds. As a precautionary measure, if you aren’t actively trading your crypto assets, move them to an offline wallet or a hardware wallet to keep them safe.
Never share your private keys with anyone. Check the authenticity of the project in which you are investing your funds. In simple funds, invest in those crypto projects that have been thoroughly audited. And lastly, make sure the exchange from where you are facilitating your crypto trades has insurance to cover the losses in case of a hack or cyber attack.
Head over to WazirX for a safe and seamless trading experience!
Disclaimer: Cryptocurrency is not a legal tender and is currently unregulated. Kindly ensure that you undertake sufficient risk assessment when trading cryptocurrencies as they are often subject to high price volatility. The information provided in this section doesn't represent any investment advice or WazirX's official position. WazirX reserves the right in its sole discretion to amend or change this blog post at any time and for any reasons without prior notice.