Summary # In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was hacked, resulting in the loss of approximately $200M. Mixin Network is a service similar to a layer-2 protocol, designed to make cross-chain transfers cheaper and more efficient. A large number of deposit addresses have been drained. The attacker compromised the cloud, recovered the private keys of deposit addresses (and hot wallet addresses, supposedly) and transferred funds in order from the highest to the lowest balance, involving 10,000+ transactions, lasting several hours.
...
Summary # On September 4, 2023, Stake.com, a crypto gambling protocol offering casino games and sports betting, was targeted by the Lazarus Group (also known as APT38), a group of DPRK cyber actors. The group exploited access control vulnerabilities and extracted approximately $41.4 million worth of various digital assets from the platform’s hot wallets across Ethereum, Binance Smart Chain (BSC), and Polygon networks. Stake.com reassured users that their funds were safe, and all other wallets remained operational.
...
Summary # On September 19, 2012, James Zhong exploited the Silk Road dark web marketplace and was convicted of committing wire fraud. The attacker managed to unlawfully obtain over 50,000 BTC by creating roughly nine accounts. Additionally, Zhong received 50,000 BitcoinCash(BCH) due to a hard fork coin split in August 2017, when every Bitcoin address also received an identical balance in BCH. Zhong managed to trigger over 140 transactions in rapid succession, fooling Silk Road’s withdrawal-processing system.
...
Summary # On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.
...
Summary # In August 2020, 2gether, a European cryptocurrency platform, was hacked, resulting in the loss of €1.183 million worth of cryptocurrencies. A combination of poor security practices and system vulnerabilities allowed the attackers to access user funds, causing significant damage to the platform’s reputation and customer trust.
Attackers # The attackers behind the 2gether hack remain unidentified.
Losses # 2gether lost €1.183 million worth of cryptocurrencies, which included various types of crypto assets.
...
Summary # On the 2nd of August 2016, Bitfinex, a prominent cryptocurrency exchange, experienced a security breach resulting in the theft of approximately 120,000 bitcoins (US$72 million at the time). This incident led to a 20% decline in the trading price of Bitcoin — from US$600 to US$400, reducing the value of the stolen bitcoins to nearly US$58 million. In response to the breach, Bitfinex immediately halted all Bitcoin withdrawals and trading activities.
...
Summary # Between March 14 and April 9, 2016, the Swiss-based cryptocurrency exchange, ShapeShift, experienced three security breaches. The initial compromise was an insider threat, where an employee responsible for the platform’s security and infrastructure misappropriated funds. Subsequently, this individual provided an external threat actor with critical assets: the source code of ShapeShift’s core system, the IP address of the primary server, an SSH private key, and deployed a Remote Access Trojan (RAT) on a colleague’s workstation.
...
Summary # Between 2011 and 2014, Mt. Gox, once the largest Bitcoin exchange, experienced a series of attacks that ultimately led to its downfall. A combination of transaction malleability attacks, poor security practices, and mismanagement resulted in the loss of approximately 850,000 BTC, valued at over $450 million at the time. As a consequence, Mt. Gox filed for bankruptcy, and its CEO, Mark Karpeles, faced legal action.
Attackers # The attacker behind the Mt.
...
Summary # In July 2012, BTC-e, a cryptocurrency exchange, experienced a security breach that resulted in the loss of around 4,500 BTC. The hack was enabled by a combination of weak security practices and system vulnerabilities, which allowed the attackers to obtain Liberty Reserve API keys and exploit the deposit algorithm. BTC-e claimed to have compensated affected customers and improved security measures following the attack, resuming normal operations within a few days.
...
Summary # On October 5, 2011, Bitcoin7, a cryptocurrency exchange, suffered a security breach that resulted in the loss of approximately 5,000 BTC. The attack was facilitated by a combination of weak security practices and system vulnerabilities, which allowed the attackers to gain unauthorized access to the exchange’s hot wallet. Bitcoin7 claimed to have compensated affected customers and improved security measures following the attack, resuming normal operations within a few days.
...