Looking for other articles?

From Mt. Gox to FTX: A Decade of CeFi Hacks, Part II

From Mt. Gox to FTX: A Decade of CeFi Hacks, Part II

October 27, 2023

This content provides an overview and timeline of various significant cryptocurrency exchange and CeFi hacks and breaches from May 2016 to September 2018, detailing the methods of attack, the amount stolen, and the aftermath of each incident. Here is a summarized overview:

Details of CeFi hacks Events

Details of CeFi hacks Events
  1. May 2016 – Gatecoin

Gatecoin, a crypto exchange located in Hong Kong, suffered a security breach on May 16, 2016. The breach resulted in a total loss of approximately USD 2 million, comprising 250 BTC and 185,000 ETH, valued at USD 113,775 and USD 1.86 million, respectively. It is speculated that the actual breach might have occurred on May 9, coinciding with a disruption due to a server reboot, allowing a malicious entity to modify the system to bypass multi-signature storage requirements for BTC and ETH transfers, directing them straight to the attacker’s hot wallet. The exchange assured that “all potential losses would be covered,” emphasizing that 95% of users’ funds were safeguarded in multi-signature cold wallets.

Additional Information: Gatecoin Official Statement on Hot Wallet Breach (https://news.bitcoin.com/gatecoin-official-statement-hot-wallet-breach-losses-estimated-2m-usd/)

  1. August 2016 – Bitfinex-BitGo

Bitfinex experienced one of the most substantial losses by an exchange in terms of the number of Bitcoins, only surpassed by Mt.Gox of Japan, which lost over 850,000 BTC, equivalent to more than USD 460 million then. The Bitcoins lost in the Bitfinex incident were about 18% of what Mt.Gox lost, totaling 119,756 BTC or approximately USD 66 million at that time.

This hack was distinctive due to the vulnerability originating from the way the company arranged its accounts, utilizing a third-party wallet provider, BitGo, intended to act as an extra security layer for customer transactions. Bitfinex and BitGo had developed a system to supply each customer with multi-signature wallets. Bitfinex utilized these wallets to control risk, dividing the private keys among multiple owners, with two held by Bitfinex and one by BitGo to co-sign transactions. However, there was skepticism about BitGo’s role in the multi-signature system as it authorized the withdrawal of nearly 120,000 BTC without any safeguards for such large transactions.

This incident led to many in the crypto community questioning BitGo’s business model, which mainly provided services to companies, with Bitcoin exchanges being the majority of the mentioned companies. A representative from a major exchange expressed that the incident brought up concerns about the vulnerability of the multi-signature security model. Nonetheless, as of 2021, BitGo has become one of the largest crypto custodians globally, overseeing billions in assets.

Additional Information: Coindesk Article on Bitfinex Hack (www.coindesk.com/markets/2016/08/03/the-bitfinex-bitcoin-hack-what-we-know-and-dont-know/)

  1. April 2017 – Yapizon

Yapizon, an exchange based in South Korea, experienced a security breach resulting in a loss of USD 5.3 million, equivalent to 3,816 BTC. Investigations revealed that four of the exchange’s hot wallets were compromised, representing approximately 36 percent of the total funds held by the exchange. The incident was reported to the local authorities in Seoul, and it was decided that the losses would be distributed among the members. This decision was met with dissatisfaction from the community, leading the executives and the CEO to agree to forfeit their property rights and compensate the members for the losses through an IOU token. The exchange clarified that the losses were confined to digital assets like BTC, ETH, and LTC, with no impact on KRW accounts.

Additional Information: Bitcoin.com Article on Yapizon Hack (https://news.bitcoin.com/hacked-korean-bitcoin-exchange-yapizon-offers-ious/)

  1. December 2017 – NiceHash

Towards the end of 2017, NiceHash, a cryptocurrency mining marketplace, suffered a security breach resulting in financial losses. Established in 2014, NiceHash operated as a platform where miners could lease out hash rate to others, allowing customers to mine various coins for a fee. A statement from the company disclosed that their payment system had been compromised and funds in the NiceHash Bitcoin wallet had been stolen. Although the company did not reveal the exact amount lost, it is estimated by some sources to be around 4,736 BTC, equivalent to USD 62 million. Following the breach, users were promptly advised to change their non-NiceHash passwords. The company managed to recover 60% of the stolen funds and reimbursed the users. Subsequent investigations in February 2021 identified a North Korean hacker group as the culprits behind the attack.

Additional Information: Coindesk Article on NiceHash Hack (www.coindesk.com/62-million-gone-cryptocurrency-mining-market-nicehash-hacked)

  1. Jan 2018 – Coincheck

Coincheck, recognized as a prominent exchange in Japan, experienced a significant security breach in early 2018 due to inadequate safety measures, resulting in losses of around USD 533 million. The attackers successfully transferred more than 500 million NEM tokens to 19 different addresses within the network.

The culprits infiltrated the exchange by sending emails embedded with viruses, enabling them to access Coincheck’s private keys. The absence of smart contracts or multi-sig technology, recommended by developers, and the storage of all coins in a single hot wallet facilitated the theft. Despite the setback, Coincheck remains operational, resuming full services in November 2018. Following the incident, Japanese exchanges established a self-regulatory initiative, and the Financial Services Agency (FSA) of Japan intensified its scrutiny and licensing requirements for crypto exchanges, issuing several business improvement orders to Coincheck.

Additional Information: Blockonomi Article on Coincheck Hack (https://www.blockonomi.com/coincheck-hack/)

  1. February 2018 – BitGrail

In 2018, BitGrail, an Italian-based exchange known for trading Nano, formerly RaiBlocks, experienced a breach, with the founder Francesco Firano revealing the theft of approximately 17 million Nano tokens, valued around USD 195 million.

Post-breach, Firano’s unusual request to Nano developers to “fork” their records to recover the stolen funds raised eyebrows, given the immutable nature of blockchain, a core feature of cryptocurrency. This sparked speculation that Firano might have orchestrated an exit scam and used the announcement as a smokescreen for mismanagement. The developers of Nano publicly dismissed Firano’s proposition, later revealing evidence suggesting that the withdrawals Firano attributed to the hack had occurred as early as October 2017. This incident underscored the need, emphasized by many in the crypto community, for a custodial body for exchanges instead of relying on local hot wallets.

Additional Information: Yahoo Finance Article on BitGrail Cryptocurrency Exchange (https://www.finance.yahoo.com/news/bitgrail-cryptocurrency-exchange-claims-195-204921335.html)

  1. April 2018 – CoinSecure

CoinSecure, one of India’s exchanges, fell victim to a theft, leading to a loss of 438 BTC, equivalent to around USD 3.3 million. The assailant targeted the company’s main wallet, a common occurrence in such incidents. However, suspicions arose around the Chief Strategy Officer (CSO) of the New Delhi-based exchange, Amitabh Saxena, with many believing him to be the mastermind behind the incident. CEO Mohit Kalra went as far as to publicly accuse Saxena and reported to the local Delhi authorities, claiming the CSO was at the heart of the event. Saxena defended himself, stating the funds went missing during an exercise to extract Bitcoin Gold (BTG) for customer distribution. At that time, only Saxena and Kalra had access to the main wallet’s private keys.

Additional Information: NewsBTC Article on CoinSecure Heist (www.newsbtc.com/news/bitcoin/coinsecure-reports-3-3-million-worth-heist/)

  1. June 2018 – Bithumb and Coinrail

South Korean crypto exchanges found themselves in the limelight as two exchanges, Coinrail and Bithumb, experienced security breaches. Coinrail was hit first, losing around USD 40 million, approximately 30% of its total assets. The company assured that the remaining 70% was secure and had been transferred to cold wallets for added safety.

Following the news of Coinrail, Bithumb, the largest Korean exchange at the time, also reported a security breach. The hackers made away with approximately USD 31.5 million in XRP tokens. In response to the breach, the exchange swiftly suspended deposits and withdrawals. Thankfully, the rest of the tokens were safely stored in cold wallets, and Bithumb committed to compensating the losses incurred by users.

Additional Information: ZDNet Article on Coinrail Hack and ZDNet Article on Bithumb Hack (www.zdnet.com/article/south-korean-cryptocurrency-exchange-hack-sees-40m-in-altcoin-stolen/ and www.zdnet.com/article/south-korean-crypto-exchange-bithumb-hacked/)

  1. September 2018 – Zaif

A crypto exchange based in Japan disclosed a loss of USD 60 million in company and user funds due to a security breach. The company detected the hack on September 17 and verified the breach the following day, promptly reporting it to local authorities. Investigations revealed that the attacker extracted three kinds of digital assets from the exchange’s hot wallets: BTC, Bitcoin Cash (BCH), and MonaCoin (MONA). Out of the USD 60 million, USD 37.8 million was extracted in BTC, and the remaining amount was taken in Bitcoin Cash and MonaCoin. Subsequent findings showed that 68 percent of the compromised assets belonged to users, and Zaif committed to reimbursing the stolen funds through a loan.

Additional Information: ZDNet Article on Zaif Hack (www.zdnet.com/article/zaif-cryptocurrency-exchange-loses-60-million-in-july-hack/)


Summary of CeFi hacks

The table that follows provides a summary of the cryptocurrency heists discussed earlier. In many instances, the precise date of the theft is either undisclosed or not known, so we’ve included the month in which the event took place. The BTC and USD equivalents are calculated based on the value of the stolen cryptocurrency at the time of the theft, using end-of-the-month BTC and USD rates. In situations where a direct conversion rate is not available, we’ve used a three-way conversion through BTC to USD, utilizing the mid-price at the end of the respective month.

ProtocolDateImpetusAmount in Coin StolenAmount in USDType
GatecoinMay 2016Gatecoin Hot Wallet Breach250 BTC and 185,000 ETH2,000,000Security Breach
Bitfinex-BitGoAugust 2016Bitfinex-BitGo Theft19,756 BTC66,000,000Security Breach
YapizonApril 2017Yapizon Hot Wallet Breach3,816 BTC5,300,000Security Breach
NiceHashDecember 2017NiceHash Payment Compromise4,736 BTC62,000,000Security Breach
CoincheckJanuary 2018Coincheck Virus Hack523,000,000 NEM533,000,000Human Error
BitGrailFebruary 2018Bitgrail Hack/Exit Scam17,000,000 NANO170,000,000Security Breach
CoinSecureApril 2018CoinSecure Inside Job438 BTC3,300,000Agency Problem
Bithumb and CoinrailJune 2018Bithumb and Coinrail Theft71,000,000 USD of XRP and ETH71,000,000Security Breach
ZaifSeptember 2018Zaif Hot Wallet Breach5,966 BTC, undisclosed BCH and MonaCoin60,000,000Security Breach