List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old]

[Bitcoin Oz]

New heist (June 20, 2012): Bitcoin Savings and Trust scams over 20,000 BTC.

I see what you did there....

[stochastic]

With all this recent talk about Bitcoinica, I couldn't help but do some research on prior Bitcoin large thefts (as of now, defined as over one thousand bitcoin), all during the period I was myself involved with Bitcoin but did not know about (March 2011 was the month I first learned about Bitcoin). Before that time, I assume the thefts were not well-publicized or were minor in nature. I have provided dates and UTC times as I know them, and to be as accurate as possible. For disputed thefts, I applied best judgement and included the ones that were most publicly accepted.

Because of the volitile nature of Bitcoin's exchange price, I have denominated heist estimates in BTC. Although not heists per se, major permanent bitcoin losses are also included here in italics. If I missed any major thefts, heists, or losses, or if you have any other information to contribute to one of these events, please leave a reply in this thread.

Note: To qualify, a major heist, theft, hack, scam, or loss must cause damage greater than or equal to 1000 BTC. Borderline thefts may qualify if reasonable estimates are over or equal to 1000 BTC.

List of events by severity (BTC)
Listed by the name found later. Use Ctrl-F for more information.

1. July 2011 MyBitcoin.com Theft (78739.58205388 BTC)
2. March 2012 Linode Hacks (46653.47830495 BTC)
3. June 2011 Allinvain Theft (25000.01000000 BTC)
4. April 2012 Silk Road Scam (20000 BTC)
5. May 2012 Bitcoinica Hack (18547.66867623 BTC)
6. August 2011 Bitomat.pl Loss (17000 BTC)
7. October 2011 Bitcoin7 Hack (15000 BTC)
8. June 2011 Stefan Thomas Loss (7000 BTC)
9. February 2012 Bitcoinica Theft (5000 BTC)
10. September 2011 Moonco.in Hack (4000 BTC)
11. June 2011 Mt. Gox Hack & Theft (2643.27 BTC)
12. October 2011 Mt. Gox Loss (2609.36304319 BTC)
13. 2011 Ubitex Scam (1138.98 BTC)
14. 2012 Bitscalper Scam (1000 BTC)

You forgot that one where that one guy scammed his business partner out of 300,000 bitcoins for $5000.  Maybe it was 100,000 bitcoins, I forget now and can't find the post.

[dree12]

With all this recent talk about Bitcoinica, I couldn't help but do some research on prior Bitcoin large thefts (as of now, defined as over one thousand bitcoin), all during the period I was myself involved with Bitcoin but did not know about (March 2011 was the month I first learned about Bitcoin). Before that time, I assume the thefts were not well-publicized or were minor in nature. I have provided dates and UTC times as I know them, and to be as accurate as possible. For disputed thefts, I applied best judgement and included the ones that were most publicly accepted.

Because of the volitile nature of Bitcoin's exchange price, I have denominated heist estimates in BTC. Although not heists per se, major permanent bitcoin losses are also included here in italics. If I missed any major thefts, heists, or losses, or if you have any other information to contribute to one of these events, please leave a reply in this thread.

Note: To qualify, a major heist, theft, hack, scam, or loss must cause damage greater than or equal to 1000 BTC. Borderline thefts may qualify if reasonable estimates are over or equal to 1000 BTC.

List of events by severity (BTC)
Listed by the name found later. Use Ctrl-F for more information.

1. July 2011 MyBitcoin.com Theft (78739.58205388 BTC)
2. March 2012 Linode Hacks (46653.47830495 BTC)
3. June 2011 Allinvain Theft (25000.01000000 BTC)
4. April 2012 Silk Road Scam (20000 BTC)
5. May 2012 Bitcoinica Hack (18547.66867623 BTC)
6. August 2011 Bitomat.pl Loss (17000 BTC)
7. October 2011 Bitcoin7 Hack (15000 BTC)
8. June 2011 Stefan Thomas Loss (7000 BTC)
9. February 2012 Bitcoinica Theft (5000 BTC)
10. September 2011 Moonco.in Hack (4000 BTC)
11. June 2011 Mt. Gox Hack & Theft (2643.27 BTC)
12. October 2011 Mt. Gox Loss (2609.36304319 BTC)
13. 2011 Ubitex Scam (1138.98 BTC)
14. 2012 Bitscalper Scam (1000 BTC)

You forgot that one where that one guy scammed his business partner out of 300,000 bitcoins for $5000.  Maybe it was 100,000 bitcoins, I forget now and can't find the post.

I was debating whether to add that one (it was knightmb's "purchase" of 300000 BTC). However, the business partner did receive what he was looking for, which was $5000.

[stochastic]

With all this recent talk about Bitcoinica, I couldn't help but do some research on prior Bitcoin large thefts (as of now, defined as over one thousand bitcoin), all during the period I was myself involved with Bitcoin but did not know about (March 2011 was the month I first learned about Bitcoin). Before that time, I assume the thefts were not well-publicized or were minor in nature. I have provided dates and UTC times as I know them, and to be as accurate as possible. For disputed thefts, I applied best judgement and included the ones that were most publicly accepted.

Because of the volitile nature of Bitcoin's exchange price, I have denominated heist estimates in BTC. Although not heists per se, major permanent bitcoin losses are also included here in italics. If I missed any major thefts, heists, or losses, or if you have any other information to contribute to one of these events, please leave a reply in this thread.

Note: To qualify, a major heist, theft, hack, scam, or loss must cause damage greater than or equal to 1000 BTC. Borderline thefts may qualify if reasonable estimates are over or equal to 1000 BTC.

List of events by severity (BTC)
Listed by the name found later. Use Ctrl-F for more information.

1. July 2011 MyBitcoin.com Theft (78739.58205388 BTC)
2. March 2012 Linode Hacks (46653.47830495 BTC)
3. June 2011 Allinvain Theft (25000.01000000 BTC)
4. April 2012 Silk Road Scam (20000 BTC)
5. May 2012 Bitcoinica Hack (18547.66867623 BTC)
6. August 2011 Bitomat.pl Loss (17000 BTC)
7. October 2011 Bitcoin7 Hack (15000 BTC)
8. June 2011 Stefan Thomas Loss (7000 BTC)
9. February 2012 Bitcoinica Theft (5000 BTC)
10. September 2011 Moonco.in Hack (4000 BTC)
11. June 2011 Mt. Gox Hack & Theft (2643.27 BTC)
12. October 2011 Mt. Gox Loss (2609.36304319 BTC)
13. 2011 Ubitex Scam (1138.98 BTC)
14. 2012 Bitscalper Scam (1000 BTC)

You forgot that one where that one guy scammed his business partner out of 300,000 bitcoins for $5000.  Maybe it was 100,000 bitcoins, I forget now and can't find the post.

I was debating whether to add that one (it was knightmb's "purchase" of 300000 BTC). However, the business partner did receive what he was looking for, which was $5000.

I remember his name was knight something...

One bitcoin.org forum member was able to acquire over 300,000 bitcoins from one of his former employers who thought bitcoins had no value. Those bitcoins were sold for $5,000 when they were actually worth over $2 million dollars!

knightmb's business partner was an idiot, but since the business partner was relying on knightmb expertise on bitcoins I consider what he did fraud.  It would be like a bank being stupid enough to give the only keys to the vault to their security guard and the guard stealing all the cash inside.

Who here would do business with knightmb after knowing what he did to his business partner?  From other forums it seems to be a personality trait of knightmb.

[R-]

I feel rather sorry for the employees who were duped. I suppose those men and women didn't have it as bad as those who were duped like no other.

[TobyGoodwin]

I feel rather sorry for the employees who were duped.

I don't think they were employees, I don't think his project ever got that big. I think they were employers, or more likely business partners, possibly even a bank or (small scale) vulture capitalist. Whoever it was, they really should have sought a valuation of what they were selling independent of the person they were selling it to!

Anyway, fascinating though the story is, I don't think it was a theft, hack, scam, or loss. Knightmb paid $s for his BTCs, he just managed to strike a once-in-a-lifetime bargain!

Toby.

[malevolent]

I was debating whether to add that one (it was knightmb's "purchase" of 300000 BTC). However, the business partner did receive what he was looking for, which was $5000.

+1

I think you could also add in parenthesis how much were the Bitcoin in each case worth at the time of scam/theft/loss

[dree12]

I added shakaru's scam, due to popular demand and the fact that it has been a month since the last communication. It ranks as the 13^th largest scam of all BTC history.

[kiba]

Hi, I am going to use the OP's post as a source for an article I am working on. It will be more comprehensive and detailed, and the OP will be credited.

[dree12]

New: July 2012 Bitcoinca Theft (ranking #3).

[paulie_w]

impressive!

[ineededausername]

It's sad that so many "reputable" (or formerly reputable) Bitcoin websites are on this list along with the scammers... gox, bitcoinica, etc.

[dree12]

Notice: this post is outdated and kept for archival purposes. The hack has been roughly added to the chronological history of the OP. Do not trust what you read.

New hack in progress: BTC-E.com

I'm actively monitoring this right now. This looks like it will be a disaster.

So far, the fraudulent volume is 61196.73 BTC. This is all the fraudulent volume (it's all the "extra" BTC poofed into the system). The attack is still ongoing, but more BTC poofed into the system will likely never make it out of the exchange.

This fraudulent volume, or official figures on how much was withdrawn, will be the value listed for amount stolen from btc-e. I will also list the amount btc-e did not compensate its customers for, as the amount stolen passed on to customers.

Because the attack was through a modification of USD, it was likely a SQL injection (or possible something more severe). Expect a database leak.

A lower bound has been established based on blockchain activity: 20000 BTC. The upper bound of around ~60000 BTC in volume remains. Either way, this hack would be a disaster for Bitcoin, easily ranking in the top ten.

The hacker is unknown. A character by the name of MrWubbles, claiming to be supa, someone infuriated with the BTC-E exchange, claims responsibility. This point is disputed, as MrWubbles has almost certainly lied about being able to delete the database. The most likely entry point was a SQL injection.

For all victims of the hack, I sympathize with you. Although security should have been higher, the BTC-E team will still likely absorb much of this loss (as well as lose their past profits), and deserve sympathy as well.

Instructions for best recovery:
1. Sell ALL USD immediately. There is definitely not enough USD to pay out.
2. Withdraw ALL BTC immediately. Unless fractional reserve or cold storage was employed, there should be enough. This is confirmed by one of DeathAndTaxes's experiments.
3. Change passwords for other websites immediately. The database is likely to leak, if a SQL injection was the culprit.

Best of luck to all victims.

[repentance]

New hack in progress: BTC-E.com

I'm actively monitoring this right now. It seems that many users are reporting large balances.

Links?

[dree12]

New hack in progress: BTC-E.com

I'm actively monitoring this right now. It seems that many users are reporting large balances.

Links?

Here: https://bitcointalk.org/index.php?topic=96802.0;topicseen
Also, check chat: https://btc-e.com

[repentance]

New hack in progress: BTC-E.com

I'm actively monitoring this right now. This looks like it will be a disaster.

So far, the fraudulent volume is 61196.73 BTC. This is all the fraudulent volume (it's all the "extra" BTC poofed into the system). The attack is still ongoing, but more BTC poofed into the system will likely never make it out of the exchange.

This fraudulent volume, or official figures on how much was withdrawn, will be the value listed for amount stolen from btc-e. I will also list the amount btc-e did not compensate its customers for, as the amount stolen passed on to customers.

Because the attack was through a modification of USD, it was likely a SQL injection (or possible something more severe). Expect a database leak.

A lower bound has been established based on blockchain activity: 20000 BTC. The upper bound of around ~60000 BTC in volume remains. Either way, this hack would be a disaster for Bitcoin, easily ranking in the top ten.

For all victims of the hack, I sympathize with you. Although security should have been higher, the BTC-E team will still likely absorb much of this loss (as well as lose their past profits), and deserve sympathy as well.

Instructions for best recovery:
1. Sell ALL USD immediately. There is not enough USD to pay out.
2. Withdraw ALL BTC immediately. Unless fractional reserve was employed, there should be enough.
3. Change passwords for other websites immediately. The database is likely to leak, if a SQL injection was the culprit.

Best of luck to all victims.

This needs its own thread.  A lot of people don't read the Speculation forum and posters need to be aware that this is happening now.

[dree12]

New: July 2012 BTC-E Hack (ranking #11).

[dree12]

Trying out a new navigation system using links, hopefully this will accommodate the huge volume of thefts. I would appreciate it greatly if anyone could fill me in on the thefts that don't have commentary (you will, of course, be listed in the credits section).

Also, retroactively added the Betcoin Theft (#13).

[Ente]

Trying out a new navigation system using links, hopefully this will accommodate the huge volume of thefts. I would appreciate it greatly if anyone could fill me in on the thefts that don't have commentary (you will, of course, be listed in the credits section).

Also, retroactively added the Betcoin Theft (#13).

I like how comprehensive the list is, as well as having several lists with different focus.
Well done! :-)

Ohe hint: With these large numbers, it does not really make sense to give the full decimal number. It just makes it harder to read. In most cases, the numbers are estimates anyway.. I would suggest to cut off the decimals or round to nearest bitcoin, depending on number.

Noting better than waking up and reading through that list, to get your bloodpressure up, right? heh

Ente

[dree12]

Trying out a new navigation system using links, hopefully this will accommodate the huge volume of thefts. I would appreciate it greatly if anyone could fill me in on the thefts that don't have commentary (you will, of course, be listed in the credits section).

Also, retroactively added the Betcoin Theft (#13).

I like how comprehensive the list is, as well as having several lists with different focus.
Well done! :-)

Ohe hint: With these large numbers, it does not really make sense to give the full decimal number. It just makes it harder to read. In most cases, the numbers are estimates anyway.. I would suggest to cut off the decimals or round to nearest bitcoin, depending on number.

Noting better than waking up and reading through that list, to get your bloodpressure up, right? heh

Ente

I made the decimals smaller when exact, and put them to the side when it is a lower/upper bound or about. The numbers now have descriptors now (l.b. = lower bound, u.b. = upper bound, a. = about, est. = estimate).

While reviewing the list, I revised the Bitcoin7 estimate down 4000 BTC (from 15000 BTC to 11000 BTC) after using a new rationale. This may be either too high or too low, but should be better than the previous value (which is now listed as an upper bound).

Also added a table of contents to organize the list better.