The Bigger They Are The Harder They Fall; Biggest Crypto Currencies Exchange Failures

A look at the fragile environment that is centralised exchanges and the fall out left when they fail due to hacks, fraud or theft.

There is a common saying 'live and learn' meaning that experiences of the past are the best teachers for adapting behaviour in the future; it is the experiences that we live through first hand that will allow us to adjust our course in the future.

It is an important saying that has profound meaning in the world of crypto currencies although even with the amount of exchanges we have seen go under in the past it is still a hard pill to swallow; Traders gotta trades, enthusiasts need to means of getting hold of the latest shiny coin or share. Exchanges no doubt preform a valuable service; a service which is slowly being replaced by models that require less trust; models that allow you to retain ownership of your assets such as Bitshares or instant exchange services like Blocktrades and Shapeshift which do not retain your funds.

Which ever method you prefer, be it Centralized, Decentralized or instant my favorite saying in the whole crypto currencies space is "If you don't own the private keys, you don't own the bitcoins." and if your not considering the implications of that statement already its time to check your behaviour and think about how much counter party risk you are exposed too.


I will admit, i do use centralized exchanges.. if i did not i would have 20+ wallets installed on my computer which consumes a lot of space but would also expose me to a lot of risk in relation to malicious wallet (Lucky7coin for instance). While i try to diversify my holding of digital currencies i also attempt to diversify risk on platforms used to hold these assets, for example i hold assets in local wallets installed on different computers, web wallets, centralized exchanges, decentralized exchanges, hardware wallets and paper.

I have been lucky enough to only be scammed twice and only for small amounts of BTC, my first experience with a scammer was BTCARBS.com (no defunct); BTCARBS was a web service that you would deposit funds and which they would apparently use to arb trade exchanges and provide a nice daily profit to you account, i nearly made it out with my profits but after a few days of contacting support asking about my pending withdrawal it became apparent that something was a miss.
My other scam was completely my fault when i mistyped a URL for a popular bitcoin mixing service and sent my value to a very good clone website. needless to say i'm not getting that back anytime soon... live and learn :)

Top 5 Hack's, Theft's and Collapses of Crypto currency exchanges.

#1 Mt. Gox Collapse

MetricValue
DateFeb 2014
Estimate Amount Lost850,000 BTC
Estimate Amount Lost USD$700 Million
Estimate Amount Lost USD Today$493 Million

Mt. Gox was one of the initial players in the bitcoin space and was previously an exchange for Magic: The Gathering; from which it got its name "Magic The Gathering Online Exchange".
Mt.Gox was a pivotal point in purchasing bitcoins for many years and in Feburary of 2014 announced that they had lost 850,000 BTC of customer funds. as far as i am aware the exact nature of how this went missing is still being investigated.
The Collapse of Mt.Gox also induced the collapse of Cyprus-based Neo & Bee which suffered losses and subsequently shutdown.

#2 BitFinex

MetricValue
Date2nd Aug 2016
Estimate Amount Lost119,756 BTC
Estimate Amount Lost USD$68 Million
Estimate Amount Lost USD Today$68 Million

Bitfinex a major Bitcoin exchange suffered a devastating blow which seen nearly 120,000 BTC wiped off their books with an estimated value of $60 Million USD, the loss is being attributed to hacker/s. The impact of the news caused Bitcoin short term price to drop 20% in the hours following the announcement.
Bitfinex is an interesting case as they have socialised the losses between their customers by reducing their customers balances by 36.067% and issuing them with debt token "BFX". BFX is to represent the losses consumed by customers and to be bought back by Bitfinex in the future to make the customers 'whole'.
Ironically Bitfinex's effort to be transparent with their holdings of customer funds and elimination of cold storage in lieu of multisig protection via BitGo; it is this lack of cold storage that allowed the hacker to bank such a hefty amount of coins.

#3 Bitcoinica

MetricValue
DateMay and July 2012
Estimate Amount Lost58,000 BTC
Estimate Amount Lost USD$406,000
Estimate Amount Lost USD Today$33.5 Million

Bitcoinica was an exchange allowing Contract For Difference (CFD) trading between BTC-USD; founded in 2011, in 2012 it received multiple hacks the first occurring in March where some of the holdings on Bitcoinica were stolen from a web hosting provider 'Linode', 2 months later in May; Bitcoinica itself was hacked with funds stolen amounting to 18,000 BTC and then hacked again a few of months later in July amounting to 40,000 BTC stolen. The exchange was shutdown and founder pledged to payback customer 50% of their holding in the future, these customers are still waiting.. Interestingly advancements in blockchain analysis has recently posed the question as to if this was a hack at all.

#4 BitStamp

MetricValue
Date4th Jan 2015
Estimate Amount Lost18,866 BTC
Estimate Amount Lost USD5 Million USD
Estimate Amount Lost USD Today10.9 Million USD

In early January 2015 Bitstamp had its hot wallet compromised and slightly less than 19,000 BTC stolen with a value of about 5 Million USD; this amounted to roughly 12% of the BTC that they had on their books; while the remaining 88% was protected in cold storage inaccessible to the attacker. Bitstamp absorbed the losses and setup a partnership with Bitgo allowing for multisig protection on their hot wallet while still retaining the cold storage model the had protected them during the attack.

#5 Cryptsy - 2016

MetricValue
DateJuly 2014 - Announced Jan 2015
Estimate Amount Lost13,000 BTC and 300,000 LTC
Estimate Amount Lost USD: BTC$8.1 Million, LTC: 2.4 Million
Estimate Amount Lost USD TodayBTC: $7.5 Million, LTC: 1.1 Million

In Jan 2015 Cryptsy announced that they suffered a large hack roughly 6 month's before the announcement and in that time were attempting to repay lost funds with trading revenue. This has been the source of a large investigation as the hack was being 'swept under the carpet' and in the months that followed customers funds had been held ransom with reports of denied withdraws. The attack was said to be caused by a Trojan implanted in malicious wallet software released by Lucky7Coin.

A few more larger thefts, scams or hacks

The list above were only the top 5 exchange based hacks that i could find; although history of bitcoin is littered with similar attacks on centralised exchanges, web services and outright scams. The interesting thing with Bitcoin is a transfer from a hacker looks exactly the same as a transfer from a founder or malicious employee. so when services comes forth with claims of being hacked it is almost always met with a health level of uncertainty and scepticism.

A few more majors hacks, scams and thefts are listed below

EventDateAmount (USD)Bitcoins lost
Evolution03/18/2015$12,000,000.00130,000.00
Sheep Marketplace Incident12/02/2013$4,070,923.005,400.00
GBL Scam8/01/2013$3,437,446.0022,000.00
MintPal07/14/2014$3,208,412.003,894.49
PicoStocks Hack11/29/2013$3,009,397.005,896.23
Bitcoin Savings and Trust1/05/2012$2,983,473.00263,024.00
BitPay12/11/2014$1,800,000.005,000.00
BTER02/14/2015$1,750,000.007,170.00
Moolah10/23/2014$1,500,000.004,087.19
MyBitcoin Theft7/01/2011$1,072,570.0078,739.58
Scrypt.CC06/22/2015$858,865.003,500.00
CryptoRush Theft3/11/2014$782,641.00950
Flexcoin Theft3/02/2014$738,240.00896.1
BIPS Hack11/17/2013$660,959.001,295.00
Inputs.io Hack10/26/2013$640,615.004,100.00
James Howells Loss7/01/2013$627,659.007,500.00
Bitfinex05/22/2015$350,679.341,474.00
Linode Hacks3/01/2012$223,278.0043,554.02

TL;DR

Theft of Bitcoins and other digital currencies is not uncommon and it is a very lucrative business model for the people inclined to preform such attacks or setup dodgy businesses in an effort to deceive people of the digital currencies.
It is always good practise not to leave all your eggs in one basket and ensure a failure of your favorite exchange or service does not leave you completely wiped out.

With Decentralized exchanges such as Bitshares and instant exchanges like Shapeshift and Blocktrades gaining more support from the crypto community hopefully one day we can look back at events like the ones mentioned above in disbelief that we had decentralized trust-less currencies but were trading them with centralized 'trusted' 3rd parties.

The space is constantly evolving and we are in the early days still; with costly lessons like the ones outlined above we can be sure that we are being forced in the right direction..

Live and Learn

H2
H3
H4
3 columns
2 columns
1 column
56 Comments