General security

The 5 biggest cryptocurrency heists of all time

Susan Morrow
December 2, 2021 by
Susan Morrow

Nothing has captured the public imagination quite like cryptocurrency. The 2017 explosion of bitcoin into the public domain demonstrated the potential worth of this somewhat elusive digital currency. Anything that has value will at some point enter the sights of the cybercriminal community. As cryptocurrency has increased in value, the interest in stealing it has also increased. Here is a round-up of the top five cryptocurrency heists of all time.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

What is cryptocurrency theft?

Before looking at the top five crypto heists, it’s worth looking at the why’s and how’s of cryptocurrency theft. Cryptocurrencies, such as Bitcoin, are a form of digital currency designed to work outside of the traditional banking ecosystem. Cryptocurrencies are decentralized currencies that use blockchain technology to record and verify transactions. 

Cryptocurrency transactions, aka the buying and selling of digital currency, are typically handled using a crypto-exchange platform. These transactions often involve large sums of cryptocurrency, typically anonymized utilizing the blockchain, hence attracting cybercriminals.

Like any system, cryptocurrency platforms and exchange mechanisms are vulnerable to cyberattacks. Typical cyberattack types that affect cryptocurrency platforms are:

Phishing: email or other phishing tactics are used to steal the login credentials used to access a crypto platform. Like any other system, login credential theft can offer a way into an individual’s crypto account. Phishing can also be used as a route to compromise privileged administration accounts of a crypto-platform provider.

Social engineering: scams used to trick an individual into transferring large sums of cryptocurrency into a fraudster’s crypto-wallet.

Exchange hacks: external hacks that exploit vulnerabilities in the crypto-exchange platform, e.g., misconfiguration vulnerabilities.

51% vulnerabilities: a 51% or majority attack is where an attacker gains control of more than 50% of the hashing power of a blockchain. Once a hacker has that level of control over the blockchain, they can perform double-spends and reverse transactions.

Cross-chain hacking: this exploit exploits vulnerabilities in the underlying protocols that facilitate the inter-chain exchange of crypto-currency.

The big ones: Crypto-theft, hacks and fraud

Several described vulnerabilities have been exploited in recent years in the following five major crypto thefts.

Poly Network, August 2021

Equivalent monies stole: $611 million

Poly Network is neither a crypto-wallet nor an exchange platform. Instead, Poly Network acts as a cross-chain network or DeFi (Decentralized Finance) protocol that facilitates inter-chain cryptocurrency transfers. The Poly Network uses a technology known as a smart contract to execute and document legal transactions. The Poly network hack was caused by poorly managed access rights between two smart contracts: EthCrossChainManager and EthCrossChainData. This hack was a crypto version of privileged access abuse, the EthCrossChainData being exploited and configured to facilitate large cryptocurrency transfers.

Poly Network called the crypto community to ask crypto miners and exchanges to blacklist the stolen funds once the attack was identified. Tether attempted to freeze assets to prevent them from being stolen by the hacker, but an anonymous user tipped off the hacker, now called “Mr. White Hat,” about this. The hacker rewarded the whistleblower with $42,000 worth of cryptocurrency.

The ensuing cat and mouse game played out between Poly Network, the crypto-exchanges, and Mr. White Hat became a game of crypto-shenanigans; this included an online self-interview. The hacker explained that they acted to bring the vulnerability to the attention of the crypto-world. Poly Network offered the hacker a job as its chief security officer.

Poly Network encouraged the hacker to return the crypto assets. The result was that all the cryptocurrency was returned.

KuCoin, September 2020

Equivalent monies stole: $281 million

KuCoin was the victim of a crypto heist totaling over $281 million in bitcoin and other tokens. The CEO of KuCoin attributed the attack to the ability of the hackers to access the private keys of hot wallets. A malicious insider was blamed initially but may have been part of larger collusion with the North Korean hacking group, Lazarus, who was later attributed to the heist.

KuCoin recovered most of the stolen crypto coins because the exchanges froze the assets.

Coincheck, January 2018

Equivalent monies stole: $534 million

In 2018, the Coincheck crypto-exchange hack was the world’s largest crypto heist to date. The hack was eventually identified as having started with malware-infected laptops of Coincheck employees; the infection was attributed to Russian hacking gangs. The infection is most likely to have been instigated via a phishing email. Once the employee’s laptop was infected, the hackers could access the exchange’s private keys.

Coincheck was also a victim of a data breach in 2020. The hackers accessed an account the company held at a domain registration service and used it to send spoof emails to over 200 Coincheck customers.

BitGrail, February 2018

Equivalent monies stole: $179 million

Italian crypto-exchange BitGrail was built for a crypto-token known as ‘Nano.’ The following events can only be described as fraud debacle. In an expose of events at the time, an industry publication, CoinTelegraph, stated that the owner of BitGrail had asked for a “coin’s ledger to be changed after the exchange reported funds were missing Thursday, Feb 8.” The development team at BitGrail made further accusations about the company, implying that BitGrail was on the brink of insolvency. In 2020, Italian police investigated BitGrail itself, orchestrating the theft. Reuters reported that police commented on the case stating that “It is not yet clear whether he (owner of BitGrail) participated actively in the theft or if he simply decided not to increase security measures after discovering it.”

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

MT.GOX, January 2014

Equivalent monies stole: $416 million

Back in 2014, the Japanese crypto-exchange, MT.GOX was the most successful exchange, handling over 70% of all crypto transactions. In early 2014, the exchange was the victim of a crypto heist that stole over $416 million worth of bitcoins.

Investigations have revealed that the company was in disarray and that the underlying code was poorly written and contained vulnerabilities. Poor security practices were identified, including a theft before 2011 of an unencrypted private key with suspected help from an insider. The hackers stole the bitcoins directly from MT.GOX’s online wallets and a vulnerability in the hot wallet (online wallets) also allowed stored cryptocurrency (cold wallet) to be stolen. Much of the stolen crypto coins remain unaccounted for.

Like any other system with intrinsic value, crypto is open to all forms of fraud and abuse, including insiders. Crypto exchanges are also no different from any other technology system. Like all technology, cybercriminals will find exploits. Having a multiple layer approach to securing assets, including crypto, helps to reduce the attack surface and de-risk engagement in crypto exchanges.



Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.