The technological architecture of blockchain has proven remarkably resilient to hacks. However, the blockchain community has still suffered its fair share of losses due to exchange hacks, wallet freezes, and in early 2018, a forced transfer at gunpoint! Bitcoin.com recently estimated that scams, hacks, and other malicious events made off with about $9 million each day in early 2018 (and that figure doesn’t include significant outliers such as the CoinCheck hack). Howmuch.com recently analyzed crypto hacks and determined that both their size and frequency were increasing.
There have been many hacks over the years–but some have left a more significant mark on the crypto world than others. Here’s a short history of some of blockchain’s biggest hacks so far:
Value Overflow Incident – August 2010
Has Bitcoin itself (rather than a wallet or an exchange) ever been hacked? Most cryptocurrency enthusiasts argue no, but a few say that the 2010 value overflow incident constitutes a hack. An unknown individual was able to create a new block in the chain containing 92 billion Bitcoin, far more than actually were supposed to exist. The Bitcoin community quickly forked to undo the error/hack, and a patch soon made replicating the incident impossible.
AllinVain – June 2011
Bitcointalk user allinvain holds the unlucky title of the world’s first cryptocurrency hack victim. In January 2011, allinvain announced that 25,000 BTC was missing from their account. Allinvain suspected that hackers managed to break into their hard drive and transfer the funds to an outside wallet. The stolen coins, worth about $500,000 at the time, would be worth over $150 million today.
Mt. Gox – February 2014
Mt. Gox is likely the most infamous hack in blockchain history so far, and certainly one of the most costly. The Japanese exchange handled 70% of all Bitcoin transaction in the world in early 2014. On February 7, 2014, the exchange halted all Bitcoin withdrawals, and later that month the exchange went offline. Mt. Gox eventually had to file for bankruptcy after revelations that about 850,000 Bitcoin had disappeared (though 200,000 were eventually recovered from old exchange wallets). Hackers had started siphoning funds from site wallets in 2011. The legal fallout from the case is still unfolding, as creditors pursue claims and nations fight over the extradition of Russian national Alexander Vinnik, supposedly the hack’s primary money launderer.
The DAO – June 2016
If Mt. Gox is the most infamous hack in Bitcoin history, then the DAO hack likely holds the same title for Ethereum. DAOs, or decentralized autonomous organizations, are organizations collectively run by smart contract agreements among members. The DAO was an investment fund meant to support promising new blockchain ventures. All investment decisions were to be made collectively among members using the DAO’s smart contract network. However, before any funds could be invested, a hacker exploited a flaw in the DAO’s code and drained about 3.6 million Ether, worth about $55 million at the time. The Ethereum community eventually decided (not unanimously) to fork the blockchain and undo the hack, a move that some hailed as necessary and others accused of violating the fundamental tenets of the blockchain. The result was a divisive fork that split Ethereum (the chain that undid the hack) and Ethereum Classic (the chain that contains the hack).
Parity Wallet Freeze – November 2017
Ethereum client company Parity had a rough 2017. In July, hackers exploited a bug that allowed them to make off with Ether worth about $30 million at the time. The code fixing the bug permitted a GitHub user, devops1999, to turn their multi-signature wallet into a single-owner wallet. Devops1999 killed their wallet smart contract, which then froze wallets connected to it, ultimately freezing about $160 million of Ether. The freeze does not seem to have been brought about by malicious activity, but instead, bad luck and poor code. Parity has floated hard fork proposals to undo the freeze, but many members of the Ethereum community are reluctant to repeat the controversial and risky hard fork initiated after the DAO hack. Prominent engineer Preethi Kasireddy recently called the question of hard forking Ethereum to deal with lost funds “a culturally defining moment for Ethereum.”
CoinCheck – January 2018
In January 2018, the Japanese exchange announced that about 500 million NEM tokens had disappeared from exchange wallets. The CoinCheck hack is the most expensive theft in cryptocurrency history, estimated to be worth about $533 million at the time. In March, the NEM Foundation announced that they had ceased tracking the stolen tokens, as the hackers had successfully laundered almost all of the money. Though the hack is massive, some argue that its impact is still less than Mt. Gox’s. Placeholder VC partner Chris Burniske estimated that while the Mt. Gox hack represented 5% of all crypto assets in existence at the time, the CoinCheck hack represented only about 0.25% of all crypto value.
Crypto hacks can be scary, but they shouldn’t overshadow the genuine potential of cryptocurrency and blockchain technology in general. Rather than getting spooked away from participating at all, blockchain users should learn from the security lessons these hacks provide. Mt. Gox, the DAO, and CoinCheck have all been accused of inadequate security and management practices; this illustrates the importance of performing due diligence on any crypto partner. Keeping the majority of one’s funds off “hot wallets” can cushion users from severe losses during hacking attempts.
Tools continue to emerge to help users fight hackers. Phishers stole $500,000 from the Enigma ICO in 2017 and almost one million from the Bee Token ICO in 2018. But crypto users can now rely on Coral, a platform that uses fraud database info and a crawler to assign a trust score to every wallet on the blockchain. Coral users can see the score for any wallet before they finalize a transaction, protecting them from wallets associated with phishers. As crypto hacks continue to happen, expect to see even tools for blockchain enthusiasts to defend themselves.
