What is Crypto Heist:
Crypto Heist also known as Crypto robber where hackers have exploited vulnerabilities within these third parties, have targeted cryptocurrencies directly, and have utilized flash loans to their advantage. To date, this has seen them steal the equivalent of $4 billion.[1]
Here is the current statistics of the reported Crypto Heist
Heists are assigned to the country where the platform/website’s headquarters are located. Where a company’s location isn’t provided, the heist isn’t included in the map figures.[1]
Top Crypto HeistAccording to the site[1] the following are the biggest crypto heist to date (based on the amount stolen at the time)
Ronin Network (Axie Infinity) – $620 million stolenOn 29 March 2022, Ronin Network (a gaming-based crypto network) announced it had been hacked and a whopping $620 million had been stolen in total. This was made up of 173,600 in ETH (worth just less than $595m USD) and $25.5m in USD, making it the biggest crypto heist to date. Ronin Network, which supports Sky Mavis’s Axie Infinity game, said its Ronin and Axie DAO validator nodes had been compromised with the funds being drained in two transactions. The US Treasury Department later attributed the theft to North Korea’s Lazarus group.
Poly Network – $610 million stolenIn August 2021, a hacker attacked Poly Network by exploiting a vulnerability in its system and managed to steal funds worth over $600 million. However, in a strange twist, they didn’t make off with their bounty. Instead, the hacker spoke to the platform and agreed to give back most of the money, except for $33 million of tether (USDT) which had been frozen by the issuers. But that wasn’t the end of the fiasco as $200 million of the stolen funds were trapped in an account that required a password from the hacker and Poly Network. For a while, the hacker refused to hand theirs over. That was until Poly Network begged for them to release it, coughed up $500,000 as a gesture for finding the system vulnerability, and even offered them a job! Poly Network later revealed that so-called “Mr. White Hat” had given them the private key.
Coincheck – $532 million stolenIn January 2018, Japan-based Coincheck had its NEM (XEM) tokens stolen to the tune of more than $530 million. Hackers exploited the fact that the currency was being kept in a “hot” wallet, meaning it was connected to the server and was effectively “online” (a cold wallet sees funds stored offline). NEM developers were able to identify the stolen coins and mark them as such, but there was speculation that the funds were available on dark markets. However, as the coins lost a lot of value after the attack, it’s unlikely many would have seen this as a good deal (even today the coins would be worth 83 percent less than they were–around $90 million).
MT Gox – $470 million stolenThis was the first large-scale hack on an exchange and is still the biggest theft of Bitcoins from an exchange. However, the MT Gox heist wasn’t down to a solitary event. Rather, the platform had been leaking funds since 2011, up until it was discovered in February 2014. Over a period of a few years, hackers stole 100,000 bitcoins from the exchange and 750,000 bitcoins from the exchange’s customers. At the time, these bitcoins were worth $470 million–but today, they’d be worth around ten times as much ($4.7 billion). MT Gox went into liquidation shortly after the hack with liquidators recovering approximately 200,000 of the stolen bitcoin.
Wormhole – $326 million stolenIn the first major crypto heist of 2022, Wormhole’s crypto platform was exploited to the tune of $326 million. The platform acts as a communication bridge between Solana (an ethereum rival that has recently gained traction) and other decentralized finance networks. On February 2, 2022, hackers were able to exploit a vulnerability, causing Wormhole to shut down its platform while it investigated. It later reported that 120k wrapped Ethereum (wETH) had been stolen.
KuCoin – $281 million stolenIn September 2020, KuCoin confirmed that hackers had managed to obtain private keys to their hot wallets before withdrawing large amounts of ethereum (ETH) and bitcoin (BTC), as well as Bitcoin SV (BSV), Litecoin (LTC), XRP (XRP), Stellar Lumens (XLM), Tron (TRX), and Tether (USDT). Since then, experts have suggested they have strong reason to believe that hackers in North Korea were responsible
PancakeBunny – $200 million stolenIn this flash loan attack in May 2021 where hackers were able to drain $200 million from the platform. To carry out the attack, the hacker loaned a large amount of Binance Coin (BNB) before manipulating its price and dumping it on PancakeBunny’s BUNNY/BNB market. This enabled the hacker to get a huge amount of BUNNY through a flash loan, dump all of the bunny in the market so the price dropped, before paying back the BNB through pancakeswap.
Bitmart – $196 million stolenAlmost $200 million was stolen in a compromise of Bitmart’s hot wallet in December 2021. Initially, $100 million was identified as having been stolen over the Ethereum blockchain, but a further investigation revealed another $96 million had been stolen over the Binance Smart Chain blockchains. A mix of more than 20 tokens were stolen, including altcoins like BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, while large amounts of Moonshot, Floki, and BabyDoge were also compromised.
Beanstalk – $182 million stolenIn April 2022, Ethereum-based DeFi platform, Beanstalk, lost around $182m after a vulnerability allowed the hacker to carry out a flash loan attack. The hacker was able to make off with $80m in crypto but the platform’s losses extended far further than that to over $180m. Reports also suggest that the hacker deposited 250,000 USDC into the crypto donation wallet for Ukraine.
Bitgrail – $150 million stolenBitgrail was a small Italian exchange trading in lesser-known cryptos, such as Nano (XRB). In February 2018, just as the price of XRB skyrocketed from a few cents to $33, the exchange was hacked. Nano wallets had been targeted with at least 17 million coins stolen (the equivalent of around $150 million). Many users started to comment that they had noticed issues with the exchange before the attack (significantly lower withdrawal limits and transaction problems). Investigations also revealed that the coins had been stolen from cold wallets, not hot wallets, suggesting an inside job. Investigations have continued over the last few years with Italian police recently accusing the man who owned Bitgrail to be behind the attacks (either directly involved or was aware/took no action to prevent further theft once the first attack had been carried out).
Vulcan Forged – $135 million stolenHackers made off with $135 million from Vulcan Forged–a blockchain gaming company–in December 2021. They accessed 96 different wallets by stealing private keys, before draining 4.5 million PYR tokens from them.
Cream Finance – $130 million stolenNot only did hackers make off with $130 million in this October 2021 attack, but this was the third attack Cream Finance had suffered in the year. in February, hackers stole $37 million and in August, $29 million. The latest attack saw hackers exploiting what was thought to be a vulnerability in the DeFi platform’s flash loan system. They were able to steal all of Cream Finance’s tokens and assets on the Ethereum blockchain, which amounted to $130 million.
BadgerDAO – $120.3 million stolenIn December 2021, a hacker managed to drain funds from across various cryptocurrency wallets on the DeFi platform, BadgerDAO. The platform confirmed that hackers had used a “maliciously injected snippet” via Cloudfare which allowed them to drain $130 million in funds, around $9 million of which was recovered as it hadn’t been withdrawn.
CoinBene – $105 million stolenInitially, after huge outgoing transactions from CoinBene’s hot wallet to an unknown wallet in March 2019, the platform said it was undergoing maintenance. However, with every one of the platform’s ERC-20 tokens reportedly moving into an unknown wallet (which didn’t exist until the day of the transfer), rumors quickly circulated that this was an attack. Data scientists also found that the tokens were promptly moved to Etherdelta where they were sold for ethereum (ETH). This amounted to $105 million at the time.
Horizon (Harmony) – $100 million stolenHorizon, Harmony’s cryptocurrency bridge that offers transfers between Ethereum and Binance and Bitcoin, was hacked for $100m across 11 transactions in June 2022. In a Twitter thread, Harmony announced it was working with authorities to try and identify the culprit and locate the stolen funds.
Liquid – $97 million stolenIn August 2021, Japanese cryptocurrency exchange, Liquid, detected that unauthorized persons had accessed its wallets before moving assets worth more than $97 million out of them. $16.13 million USDe of ERC-20 assets were frozen to prevent onward movement but 69 various cryptos were misappropriated and sent to other DeFi platforms or exchanges.
EasyFi – $81 million stolenBy stealing the private keys to EasyFi’s MetaMask admin account, hackers were able to extract $6 million in USD, DAI, and USDT, plus 2.98 million EASY tokens, all of which amounted to around $81 million. The machine that was compromised to gain the keys was offline most of the time, only being switched on to perform official transfers for the project. When the attack was carried out, the machine had been offline for more than a week. And because it wasn’t actively used when the attack was carried out, this delayed the platform’s resp
It is quite surprising how many promising exchanges, DeFi and crypto projects had suffered hacking. Often time we wonder if it is an inside job or the cryptocurrency security system is so weak that it can't cope up with the advancement of hackers and hacking tools. Regardless it is beyond the investors grasp. Should the platform or project take responsibility for this incident? Do you think the current DeFi security system isn't ready to protect the money of investors? Or is it just an inside job disguise as crypto hacking incident?
[1]
https://www.comparitech.com/crypto/biggest-cryptocurrency-heists/
