Incidents

Parity Multisig Wallet Bug Locks 513k ETH

Summary # On November 6, 2017, a user named devops199 accidentally triggered a sequence of actions that led to the compromise of the Parity Multisig WalletLibrary contract. By mistakenly executing the initWallet function followed by the kill function, the WalletLibrary contract was removed from the blockchain. As a result, approximately 513k ETH became locked and inaccessible in the affected contracts. The funds were not stolen but remained frozen, highlighting the need for better security measures in decentralized applications and smart contracts. ...

Parity Multisig Wallet Hack Resulting in a $34 Million Loss

Summary # On July 19, 2017, Parity Technologies fell victim to a wallet hack. A vulnerability was discovered and exploited in the Parity MultiSig Wallet version 1.5+, enabling the attacker to take control over the contracts and drain all their funds. The attack resulted in a loss of 153,037 ETH, equivalent to approximately $34 million from three ( one, two, and three) wallets. Attackers # The attacker’s identity remains unknown. ...

Shift (SHIFT) experiences a 51% attack in August 2016

Summary # Shift, a blockchain project focused on decentralized web hosting, was hit by a 51% attack in late August 2016. The attackers were able to take control of more than half of the network’s mining power, enabling them to reorganize the blockchain and carry out double-spending attacks. Attackers # The identities of the attackers remain unknown. Losses # The exact amount of losses in the Shift 51% attack is not clear. ...

Krypton (KR) suffers a 51% attack in August 2016

Summary # Krypton, an Ethereum-based blockchain, experienced a 51% attack in August 2016. The attackers were able to control more than half of the network’s hash rate, enabling them to manipulate the blockchain and double-spend KR tokens. Attackers # The identity of the attackers remains unknown. Losses # It was reported that the attackers managed to steal approximately 21,465 KR tokens, which had a value of about $3,000 at the time of the attack. ...

Bitfinex Hack Led To 119,756 Bitcoin Stolen

Summary # On the 2nd of August 2016, Bitfinex, a prominent cryptocurrency exchange, experienced a security breach resulting in the theft of approximately 120,000 bitcoins (US$72 million at the time). This incident led to a 20% decline in the trading price of Bitcoin — from US$600 to US$400, reducing the value of the stolen bitcoins to nearly US$58 million. In response to the breach, Bitfinex immediately halted all Bitcoin withdrawals and trading activities. ...

Gatecoin Exchange Hacked for $2 Million

Summary # On May 09, 2016, cryptocurrency exchange Gatecoin was hacked, resulting in the theft of approximately $2 million in cryptocurrencies. Hackers gained access to the exchange’s hot wallets and stole funds. Attackers # The identity of the hackers who carried out the attack on Gatecoin is unknown. BTC Wallet: 132ymu2ufMP3mDCo9qwKc173PV2Bbm4T2g ETH Wallets: 0x04786aada9deea2150deab7b3b8911c309f5ed90 0xc062dceed93087c9112ff7b02d53e928e49cec09 0x1342a001544b8b7ae4a5d374e33114c66d78bd5f 0xd4914762f9bd566bd0882b71af5439c0476d2ff6 Losses # Gatecoin estimated the losses from the hack to be approximately $2 million. ...

ShapeShift Exchange Hacked for $230000

Summary # Between March 14 and April 9, 2016, the Swiss-based cryptocurrency exchange, ShapeShift, experienced three security breaches. The initial compromise was an insider threat, where an employee responsible for the platform’s security and infrastructure misappropriated funds. Subsequently, this individual provided an external threat actor with critical assets: the source code of ShapeShift’s core system, the IP address of the primary server, an SSH private key, and deployed a Remote Access Trojan (RAT) on a colleague’s workstation. ...

BTER lost $1.75 million worth due to a cold wallet hack

Summary # BTER, a China-based digital currency exchange, experienced a significant security breach on February 14, 2015, losing 7,170 bitcoins valued at approximately $1.75 million. The attack targeted the exchange’s cold wallets. The company has suspended its services and is collaborating with law enforcement to investigate the incident. BTER has also offered a 720 BTC reward, approximately $170,000, for assistance in recovering the stolen funds. Attackers # The identity of the hackers who attacked BTER is unknown. ...

LocalBitcoins suffers a security breach, resulting in the loss of 17 BTC

Summary # In January 2015, LocalBitcoins, a peer-to-peer Bitcoin trading platform, experienced a security breach that resulted in the theft of 17 BTC (approximately $3,850 at the time). The breach was caused by a vulnerability in the platform’s forum software, which allowed the attacker to gain access to user accounts. LocalBitcoins quickly responded to the incident by disabling the forum and reimbursing affected users. Attackers # The identity of the attacker remains unknown. ...

Bitstamp hot wallet hacked for 18,866 BTC due to human error

Summary # During the events that unfolded between November 2014 and February 2015, an unknown attacker targeted Bitstamp employees through phishing messages and exploiting compromised accounts to steal the hot wallet file. During the attack, 18,866 BTC ($6.7 million adjusted for inflation) were stolen. Bitstamp suspended trading, notified customers, and eventually compensated them for their losses. The security failure stemmed from employees falling prey to social engineering attacks and distributing malware-laden files. ...