10 Biggest Crypto Exchange Hacks In History

by the Crystal analytics team

Jun 30, 2021

Cryptocurrency is reputed for its transparency, but unfortunately, it is also well-known for cybercriminals targeting platforms and exchanges to exploit them. Although exchanges invest some resources to protect their assets, experienced attackers can breach their security walls.

Exchanges are targeted regularly as they tend to have open-source code libraries. Criminals like to target crypto exchanges since a single breach could net them the assets of thousands of users. More security measures are needed, as illicit activities become more sophisticated.

This article looks at the 10 biggest centralized crypto exchange (CEX) exploits in history so far:

1. Mt. Gox (2011): the first major breach in the crypto world

Mt. Gox was a crypto exchange located in Tokyo, Japan launched in 2010. At one stage, it was the largest cryptocurrency exchange in the world - handling more than 70% of bitcoin transactions globally. In 2011, the exchange was hacked and bitcoin worth $8.75m was stolen.

Although the exchange vowed to improve its security mechanisms, it suffered from another attack in 2014. This time, it was carried out on a much larger scale. Almost 850,000 bitcoins ($615m) were siphoned off. They achieved this by flooding the exchange with a large number of fake bitcoins. This secure breach was among the first major ones in the bitcoin world.

The breach resulted in several lawsuits being filed against the company, from customers, vendors, as well as partners. The CEO of the exchange, Mark Karpeles, was a central figure in many of these since he didn’t use any version control software for the site’s source code.
Any coder could accidentally overwrite the site’s code, thereby leaving the entire system vulnerable. These lawsuits have not helped the exchange’s users till now. The exchange is looking to refund its users via a civil rehabilitation plan submitted to the Tokyo District Court.

2. KuCoin (2020) - the most recent attack

KuCoin is a crypto exchange based in Singapore. It was founded in 2013 and deals in several cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and Ardor. In September 2020, it was targeted, and the criminals managed to steal over $281m worth of coins and tokens.

In addition, hackers managed to obtain the keys to some of the hottest wallets on the exchange. Although KuCoin quickly blocked all transactions on its website, the damage had already been done. This breach is among the largest in the history of crypto assets.
In the aftermath, the management team of KuCoin launched a thorough investigation. This swift move yielded positive results, as more than $204m worth of funds was recovered within weeks. The exchange has also made a key breakthrough in identifying the potential suspects.

It is alleged that a hacker group based in North Korea was responsible for the act. This case highlights the importance of moving quickly and having the ability to track transactions on a real-time basis. In addition, the exchange is planning to cover the losses of all its users.

GO TO THE CRYSTAL MAP FOR A COMPREHENSIVE LIST OF ALL BREACHES

3. Upbit (2019) - the hack that made use of a single transaction

Upbit is a cryptocurrency exchange that was founded in 2017. Although the exchange is based in South Korea, it has become popular in other parts of the world. In fact, during 2018, it became the world’s largest crypto exchange in terms of daily transactions.

However, in November 2019, the exchange was hit by a major cyber attack. The criminals managed to break into the exchange and steal over $45 million in a single transaction.

Within a few days of the attack, the hackers moved a majority of the crypto to other wallets, in order to make it harder for the authorities to track them. After a few months, the US Department of Justice managed to identify two Chinese nationals who had taken part in the attack.

Furthermore, it was revealed that hackers from North Korea were also involved in the attack. In the aftermath, Upbit tried to persuade other exchanges to block the accounts related to it.

4. BINANCE (2019) - the biggest name to be hit

Binance is one of the biggest names in the business. The exchange is headquartered in the Cayman Islands and is the world's largest cryptocurrency exchange (by volume). The exchange offers over 360 different cryptocurrencies and is active in more than 1200 markets.

In addition, Binance claims to have built an entire ecosystem of crypto transactions, research, training, and charity. However, in May 2019, the exchange was hit by a major security incident.

The hackers withdrew over 7000 bitcoins from its hot wallet. The total losses from the attack were approximately $40m. The attackers managed to break into the exchange’s security systems, obtaining key information sets, including two-factor codes, APIs, and other data.

Astonishingly, all the missing bitcoins were linked to a single cryptocurrency wallet. The exchange has stated that its secure asset fund for users (SAFU) is covering all losses.

5. Bitfinex (2016) - the hack where losses were distributed

Bitfinex is a Hong Kong-based crypto exchange that was founded in the year 2012. It is owned by iFinex Inc., a company that has also developed a stablecoin known as Tether. In 2016, the crypto exchange was attacked by hackers, who managed to steal coins worth over $60 million.

After the attack, Bitfinex managed to track some funds and also issued refunds to its customers in the form of equity. All losses from the attack were equally distributed among the users.

In 2019, the US government managed to retrieve a portion of the funds and also identified some of the hackers. It was found that two Israeli brothers were involved in the attack. They were swiftly arrested by the authorities and charged under cybercrime regulations.

In 2021, it was found that the coins that were originally stolen have been moved from one wallet to another. It is believed that certain individuals that were involved in the attack are trying to cash in on the high prices of bitcoin.

6. CRYPTOPIA (2019) - the curious case of two attacks

Cryptopia was an exchange based in New Zealand founded in 2014 and located in Christchurch. In January 2019, the exchange was hit by a major attack that resulted in total losses worth $15.5m. The management estimated that over 9% of its total holdings had been stolen in the attack. The attack was so severe that it resulted in the complete liquidation of the exchange.

DOWNLOAD CRYSTAL’S FULL REPORT ON ALL BREACHES & FRAUD

7. ZAIF (2018) - the attack that was identified too late

Zaif is one of the oldest crypto exchanges in Japan. Operating since 2014, it was the first exchange to receive an official license in Japan. Zaif offers more than 40 cryptocurrencies. In September 2018, the exchange had a major breach, as hackers gained access to its hot wallets.

Although the hack took place on September 14, Zaif could not identify it until three days later. Total losses were around $60 million. Crystal was able to track the funds and assign a risk score of 100% by marking the hackers’ wallet after checking all withdrawal transactions from Zaif.

In the aftermath, the exchange signed a deal with Japanese investment firm Fisco. As part of the deal, it managed to raise about $44.5m of funds. These funds were then used to cover the losses faced by its users. In return, Fisco took over the majority ownership of the exchange. As a result, deposit and withdrawal services on the exchange were restored in April 2019.

8. BANCOR (2018) - the hack where users went unscathed

Bancor is an Israeli start-up founded in 2016. It is essentially a crypto company that offers a fully decentralized exchange service to its users. The firm raised $150m in an ICO in 2017.

However, the following year, it was hit by a major attack that resulted in total losses worth $23.5m. The hackers used a sophisticated technique in order to execute the crime. They targeted a specific wallet that the company was using to upgrade its smart contracts.

The Bancor exchange was taken offline after the incident. In addition, the company identified and tracked the stolen coins. They figured out that some of the coins had been transferred to other exchanges. Bancor then requested these exchanges to freeze the stolen coins.

The company insisted that no user funds were lost during the attack. Critics of Bancor claimed that the firm simply did not do enough in terms of protecting its own assets.

9. COINCHECK (2018) - the biggest hack so far

Coincheck, a crypto exchange headquartered in Japan, was founded in 2012 and is considered to be among the top 20 exchanges in the world. The exchange offers a wide range of crypto, including bitcoin and Ethereum. In January 2018, bad actors managed to break into the exchange and steal crypto worth $534m.

This was confirmed as the largest crypto attack in history. As soon as the breach took place, Coincheck froze all deposits and withdrawals. However, the damage had already been done and the exchange admitted that it may not be able to cover the losses suffered by its users.

The attack was followed by a thorough investigation led by Japanese authorities. The hackers used a phishing attack to access hot wallets. They were then able to spread malware and siphon off the funds. Further details about the attack were revealed in early 2021 when authorities stated that most individuals involved in the attack were in the high-income group.

10. COINBENE (2019) - the hack that wasn’t admitted at first

CoinBene is a Singapore-based crypto exchange that is operated by Chinese employees. It is considered to be among the top 10 crypto exchanges in the world by trading volume. The exchange serves the crypto community in over 192 countries.

In March 2019, CoinBene was attacked by cybercriminals who managed to walk away with over $105 million in cryptocurrencies. However, the exchange stated that it was closing down for maintenance activities, instead of accepting that the attack took place.

A thorough analysis of its transactions revealed that the exchange had indeed been defrauded. The criminals managed to move the stolen coins to a wide range of exchanges, including Binance. The lost coins are yet to be recovered.


Above we’ve outlined some of the largest CEX crypto exchange security breaches in history. It is quite remarkable to note the breadth of these attacks. It is also evident that setting up robust security walls is not enough in terms of offering protection against experienced cybercriminals.

Further, the sheer scale of some of these attacks highlights the need for exchanges and other crypto firms to be extremely vigilant so that they can keep an eye on unauthorized activities.

This can be achieved by partnering with industry specialists that offer solutions like cryptocurrency transaction tracking, analytics, and risk assessment. Crystal Blockchain is one company that provides specialized risk mitigation solutions in the field of blockchain analytics.

For more information about blockchain transaction monitoring and investigation support, please visit crystalblockchain.com

Similar news

The Evolution of Cryptocurrency Regulations

The important phases in the development of rule-making around digital asset transactions

by the Crystal analytics team

Jul 14, 2021

A guide to avoiding common crypto compliance pitfalls

Adhering to crypto compliance requires an understanding of crypto and traditional financial industry tendencies. Avoiding these five common mistakes will help your business grow.

by Marina Khaustova

Jul 06, 2021

Darknet interactions & bitcoin — a crypto activity analysis for May 2021

An analysis of current darknet entities and their interactions with other entity types in Q1 2021, in comparison with historical dynamics over the last four years.

by the Crystal analytics team

Jun 17, 2021

Rising instances of digital ransomware (using bitcoin) & how to deal with them

Tracking cryptocurrency transactions accurately from the victim to the illicit entity is key to dealing with ransomware involving digital assets like bitcoin on public blockchains

by the Crystal analytics team

Jun 16, 2021

NFTs: the good, the bad, and the artful scammers

How NFTs could become a new opportunity for crypto-criminals - if we’re not careful…

by the Crystal analytics team

May 19, 2021

Ukrainian Cyber Police Department Now In Collaboration with Crystal Blockchain

The first meeting between the Ukrainian Cyber Police Department and Crystal Blockchain, was a discussion of ambitious goals as well as exchanges of experience in cybercrime mitigation

by the Crystal communications team

May 18, 2021

Geography of Bitcoin Transaction Dynamics Report 2014 — Q1 2021

The Crystal team regularly explores bitcoin and crypto market dynamics, to see how fund flows have been affected by external factors like financial fluctuations or increasing regulations. We update these dynamics quarterly on our interactive map and in our report (PDF attached).

by the Crystal analytics team

Apr 28, 2021

5 steps to identifying potentially suspicious entities on blockchains

How to prevent accepting risky transactions and avoid becoming a victim of scams and criminal activities. These five steps will help you avoid these potential pitfalls.

by the Crystal communications team

Apr 21, 2021

Crystal Expands Blockchain Coverage & Crypto AML Compliance Solutions

Regulations from the Financial Action Task Force (FATF) and the 6th Anti-Money Laundering Directive (6AMLD), mean that cryptocurrency services, and businesses exposed indirectly to cryptocurrencies, need to get compliant. By integrating Crystal analytics alongside existing AML/CFT procedures businesses can manage crypto risk and comply with new legislation.

by the Crystal communications team

Apr 07, 2021

Stolen crypto withdrawal and transfer patterns

An analysis of cryptocurrency transactions made by crypto-criminals post-theft between 2015 and 2020, with a look at the fund flow patterns made using this stolen crypto.

by the Crystal analytics team

Feb 23, 2021

Peer-to-Peer (P2P) Transaction Volume Analysis 2019-2020

At the V20 Summit in November 2020, the co-chair of the FATF’s Virtual Asset Contact Group, Sandra Garcia, stated that regulatory requirements for P2P exchanges may emerge in 2021 to combat AML, as they come under the same hood as VASPs. The FATF is currently collecting data on P2P exchanges to allow their guidelines to reflect P2Ps (likely to be added June 2021).

by the Crystal analytics team

Feb 03, 2021

Ukraine challenges regulatory hurdles as blockchain industry advances

Crystal Blockchain spoke with the deputy minister of the Ukrainian Ministry for Digital Transformation, Alex Bornyakov, about blockchain tech and regulatory developments happening in Ukraine, and how its partnership with Crystal advances that purpose.

by the Crystal communications team

Jan 14, 2021

Crystal Blockchain End of Year Report 2020

A number of industries were put on pause this year due to the COVID19 pandemic. However, regulatory guidelines for the cryptocurrency markets continued to be a priority internationally in 2020, and legislation in the blockchain industry is ever more imminent. This, along with an increasing amount of cryptocurrencies being utilized for suspicious activities, has meant that Crystal Blockchain’s risk assessment and transactions and connections monitoring solution for virtual asset service providers (VASPs) has been an increasingly important tool to combat ML.

by Marina Khaustova

Dec 21, 2020

FICO and Crystal Blockchain of Bitfury Group Announce Partnership To Deliver Real-Time Cryptocurrency Risk Management

FICO, a global analytics leader, and Crystal Blockchain of Bitfury Group ("Crystal"), a leading digital currency analytics company, announced a partnership to provide cryptocurrency risk management and monitoring services. With an increasing number of financial service providers looking to expand services into the crypto market, the joint offering will help to protect new business models and effectively connect the worlds of virtual and fiat currency for the benefit of their customers.

by the Crystal communications team

Dec 16, 2020

Understanding the FATF red flag indicators for crypto service providers

When do VASPs need to employ the services of crypto AML and KYT compliance software companies to adhere to the FATF “red flag risk indicator” guidelines?

by the Crystal analytics team

Dec 08, 2020

Bitlicense and Other Crypto Licenses Around The World 2020

What types of cryptocurrency licenses are available internationally today?

by the Crystal analytics team

Nov 16, 2020

Security Breaches & Fraud Involving Crypto Still High Despite Tech Development

It’s ten years since the first official cyber-terrorist attack of a crypto exchange, and despite technological advances, most cryptocurrency entities have not yet been able to develop sufficiently reliable security systems to minimize security breaches on their platforms.

by the Crystal analytics team

Nov 12, 2020

Crypto payments provider B2BinPay in collaboration with Crystal

Global cryptocurrency payments provider, B2BinPay, is working in collaboration with Crystal analytics to strengthen their cryptocurrency compliance procedures.

by the Crystal communications team

Oct 15, 2020

The Importance of Knowing Your Cryptocurrency Transaction (KYT)

As traditional banks and financial institution become more directly involved with cryptocurrencies, they need to consider KYT as part of their KYC compliance due diligence

by the Crystal analytics team

Sep 21, 2020

Bitfury Crystal partners with PARSIQ to power their blockchain monitoring

World-leading blockchain monitoring system, PARSIQ will integrate Crystal Blockchain’s transaction risk scoring capabilities to power their AML and KYT processes for VASPs.

by the Crystal communications team

Sep 03, 2020

The importance of Ripple monitorization on the Crystal platform

Ripple (XRP) cryptocurrency released in 2012 stands behind two other digital assets only in terms of market capitalization, as of August 2020. Ripple is the sixth digital asset to be supported by the Crystal Blockchain analytics platform, adding to the current list of bitcoin (BTC), Bitcoin Cash (BCH), Ethereum (ETH, as well as ERC20 and ERC721), Litecoin (LTC), and Tether (USDT).

by the Crystal analytics team

Aug 19, 2020

2020 Report on Fund Sources for Dormant Bitcoin Addresses

It's been 11 years since the genesis Bitcoin block was created. During these last 11 years, bitcoin has been used for payments, exchange trading, and as a store of value. Not all mined bitcoins move much after their creation, however.

by the Crystal analytics team

Aug 04, 2020

Bitfury’s Crystal to assist the Ukrainian Ministry of Digital Transformation

Bitfury’s Crystal analytics to assist the Ukrainian Ministry of Digital Transformation

by the Crystal communications team

Jul 24, 2020

Crypto Regulation Continues To Progress Despite COVID-19 Pandemic

The Crystal Blockchain analytics team continues its quarterly update to the International Bitcoin Flows Analytics Report that was first compiled back in September 2019. This update takes into account fund flows from 2013 through the first six months of 2020. The report also considers the progress that has been made with the FATF guidelines and “travel rule”, despite the current COVID-19 pandemic that has seen many processes slowed down or stalled.

by the Crystal analytics team

Jul 14, 2020

Bitfury Group Brings Crystal Blockchain to India with HumanSTAR*

India's Strategic Advisory Firm, HumanSTAR* to offer Crystal Blockchain Analysis for Indian Law Enforcement Agencies

by the Crystal communications team

Jul 07, 2020

Upbit and Crystal partner to strengthen exchange’s compliance

South Korea-based crypto exchange Upbit will use Crystal analytics to strengthen AML compliance procedures

by the Crystal communications team

Jun 19, 2020

11 Years Later: Is Satoshi Nakamoto Finally Moving Bitcoin Funds?

More than ten years after the launch of the Bitcoin Blockchain, coins that were mined on February 9, 2009 have just started moving. Yesterday, 50 BTC left the address 17XiVVooLcdCUCMf9s4t4jTExacxwFS5uh. They were initially received in block number 3,654, created on February 9, 2009 - exactly one month after bitcoin mining started.

by the Crystal analytics team

May 22, 2020

Darknet Use and Bitcoin — A Crypto Activity Report by Crystal Blockchain

This report by Crystal Blockchain analytics reviews the use of bitcoin by darknet entities. The report analyzes darknet interactions with exchanges and other entities throughout the first quarter of 2020 and compares it to historical darknet activity from the past three years.

by the Crystal analytics team

May 19, 2020

Historical Data Shows Crypto Exchange Dynamics Influenced By Regulatory Changes

To investigate the effects of new regulation on the cryptocurrency market, as well as the extent virtual asset service providers will be affected by the changes, the Crystal™ Blockchain analytics team has issued an updated report on the historical international flow of bitcoin between cryptocurrency exchanges.

by the Crystal analytics team

May 05, 2020

2019 Crypto Compliance: Year in Review

2019 was a year of preparation and standardization for the cryptocurrency industry, as regulators around the world came together to enforce tangible legislation impacting the ecosystem. In the U.S., SEC Chairman Jay Clayton spoke candidly to a Senate Committee in December, informing them that the SEC is taking a measured yet proactive regulatory approach to crypto that will both foster innovation and capital formation while protecting investors and U.S. markets.

by Marina Khaustova

Dec 27, 2019

2019 Darknet Interactions and Bitcoin — A Crypto Activity Report by Crystal Blockchain

The Crystal analytics team have compiled a detailed report based on investigations into darknet interactions using bitcoin, and how regulation is changing trends.

by the Crystal analytics team

Dec 15, 2019

The Year in Review for Crystal Blockchain Analytics — 2018

The Crystal™ analytics platform is the all-in-one blockchain analytics tool for law enforcement bodies, capital market companies and financial organizations. This software provides a comprehensive view of the public blockchain ecosystem and uses advanced analytics and data scraping to map cryptocurrency transactions and related entities and to reveal suspicious funds and participants.

by Marina Khaustova

Jan 24, 2019