Since their inception, there has been much talk about the dangers of investing in cryptocurrencies. It is an asset with a very recent technological foundation and still in development. Moreover, the regulation surrounding these assets is not yet clearly defined. This, combined with the significant appreciation in recent years and the speculation surrounding this industry, has made cryptocurrency companies the number one target for digital hacks.
Let’s remember that, for individual investors, there are various types of wallets that offer some protection for their investments. However, these wallets are not foolproof. In fact, those hosted on crypto investment platforms are particularly exposed.
It is relatively common to read about hacks against cryptocurrency exchange platforms or associated frauds in the press. However, it is often not easy to correctly assess these episodes in the context of the industry. In today’s article, we will look at the 6 most renowned cases as the biggest crypto heists in history so far, and we will see what impact they have had on the industry. From largest to smallest, let’s begin:
Poly Network: The Compassionate Thief
The biggest cryptocurrency heist in history, so far, and also the strangest. PolyNetwork is a platform that facilitates interoperability between different blockchains, and in 2021, it was on the verge of disappearing due to this theft. A security flaw in its smart contracts allowed a hacker to steal cryptocurrencies worth over $600 million in various digital currencies.
However, the curious part of this story is that the company published a letter asking the culprits to please return the money as it belonged to tens of thousands of investors. Well, said and done. Within hours and through different accounts, half of the money was returned. A few weeks later, the entire stolen amount had been returned.
The hacker claimed that all they wanted to do was highlight the vulnerabilities of the platform and that the money was not of interest to them. The platform, understandably, expressed gratitude to the point of offering the hacker the position of head of security for the company. It is assumed that since then, their security has improved significantly. However, last summer, a new attack obtained the private keys of several users, once again challenging the platform’s security.
FTX: Much more than a hack
The most recent and undoubtedly one of the most controversial thefts. In November 2022, a publication by the crypto news platform CoinDesk revealed that Alameda Research held an unusually large amount of the FTX token. Although they were independent entities, it was implied that there was a suspicious link between them. This publication led Binance, which owned a significant amount of the token, to sell it on the market, causing the token prices to plummet.
When FTX was at risk of bankruptcy due to the fall in its value, it sought financial help from Binance to protect its clients. Binance agreed to rescue FTX, but after an audit process, it canceled the agreement, leaving FTX at the mercy of the market. As a result, FTX could not fulfill all requests to return the funds and eventually collapsed.
However, the most serious aspect of this story is that FTX’s CEO, Sam Bankman-Fried, was accused (and later convicted) of fraud. It was proven that customer funds in the hands of Alameda Research had been intentionally diverted to finance debts and personal expenses.
As if that weren’t enough, on November 11, 2022, once the company’s bankruptcy was confirmed, one or more hackers launched an attack, amounting to approximately 400 million euros. While it’s still unclear if the perpetrators of the theft could be linked to the FTX and Alameda fraud, it’s evident that it was a disastrous end for what was once the world’s third-largest cryptocurrency exchange platform.
Binance: Even the giants can fail
The theft from one of the largest cryptocurrency exchange platforms, Binance, resulted in losses of around $600 million. It occurred in October 2022, and the hack exploited a vulnerability in the bridges between blockchains. These bridges are used to transfer cryptocurrencies between applications and were the target in this case. The stolen cryptocurrencies were Binance Coin (BNB), the platform’s native cryptocurrency.
Despite the size of the losses, they were minimized thanks to the platform administrators’ prompt action. They directly contacted the 44 validators of the network and were able to halt its operation, abruptly stopping the outflow of cryptocurrencies. If they hadn’t acted swiftly, the stolen volume could have been much greater.
Since then, Binance has implemented various additional governance mechanisms to prevent such thefts. They also have a greater number of validators to increase decentralization. As Binance is currently the largest cryptocurrency exchange platform, it is evident that no network is entirely secure, and any investment in security contributes to investor confidence.
Ronin: The $600 million game
At the end of March 2022, Ronin Network was a blockchain implemented within the Ethereum network to support a popular NFT trading game called Axie Infinity. Within a week, it became the unexpected protagonist of one of the largest cryptocurrency thefts to date. The hack involved stealing the private keys of 5 out of the existing 9 validator nodes, gaining complete control over transaction validation. This occurred due to an error in the main chain that had left a door open in the code a year earlier.
Once the hackers took control of transaction validation, they were able to move cryptocurrencies (Ether and USD Coin) worth $600 million. The hackers intended to leverage the theft to short sell the game’s native cryptocurrency (Axie Infinity and Ronin). However, this move exposed them, and administrators realized that something was amiss.
Since then, administrators have been trying to locate the funds and gather enough money to compensate investors, although they have not succeeded so far. It’s essential to note that, in operations of this kind, the challenge is not so much acquiring the funds but successfully laundering them.
Regarding the network’s security, developers have admitted their mistake and have stated that they will increase the number of validator nodes to enhance decentralization and, consequently, the security of their funds and those of their users.
Coincheck: The Second Big Hit on Tokyo Exchanges
At the time of the hack, Coincheck was one of the largest cryptocurrency exchange platforms in Japan. In 2018, following the footsteps of Mt. Gox, it suffered an attack that almost led to bankruptcy. The theft involved a relatively unknown cryptocurrency (NEM), but the amount stolen was nearly $500 million. The network administrators detected the hack within 8 hours and instantly shut down the network.
Before users were aware of the theft, the network froze all movements, preventing new transactions on any cryptocurrency it handled. They later confirmed the worst fears and stated that they had located the stolen funds, although it was unclear if they could recover them.
Japan, one of the countries with the highest number of cryptocurrency investors, has tested its financial legislation with episodes like this, which have jeopardized the savings of thousands of investors. Despite everything, Coincheck managed to survive and continues its operations today.
Mt. Gox: That’s How It All Started
The last on our “prestigious” list, and probably the one that did the most damage to the industry. Mt. Gox was a cryptocurrency exchange platform founded in Japan in 2010. In a few years, it became the largest Bitcoin exchange platform, but everything collapsed in February 2014. This platform had long been suspected due to its reluctance to cooperate in the fight against money laundering, and its main leader, Mark Karpeles, was accused of fraud and embezzlement after the blow.
It is still unclear what happened, but on February 7, 2014, the exchange lost 850,000 bitcoins worth $450 million. While the platform had already experienced some security breaches and was technically compromised, no one saw such a blow coming.
The theft was a turning point for the industry. Thousands of investors lost their savings, and the platform declared bankruptcy. In addition, the price of Bitcoin was severely affected and took a long time to recover. However, thanks to the impact of the hack, industry participants invested in security and developed multiple measures to cushion subsequent blows, although, as we have seen, they did not always succeed.