Twelve major cryptocurrency exchange hacks occurred in 2019. Of these, 11 hacks resulted in the theft of cryptocurrency while one only involved stolen customer data. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019. Cryptocurrency exchanges experienced more hacks last year than in 2018, when only nine cryptocurrency exchanges fell victim to security breaches.
As time goes on, you might think that cryptocurrency exchanges would become more secure. The reality, however, is that more hacks on cryptocurrency exchange are taking place year after year. In general, crypto exchanges remain unregulated, and it’s still unclear which regulatory agency has jurisdiction over the crypto markets.
Although there are no established rules regarding how cryptocurrency exchanges should safeguard customer funds, there are crypto-friendly countries and states. Canada, Malta and the American state of Wyoming have created crypto-friendly legislation that makes it easier for businesses to operate and gives them guidelines regarding security practices.
Sadly, not all countries have created guidelines or laws that help crypto businesses operate and reduce the risk for consumers. The way cryptocurrency exchanges store and protect their customer’s wealth differs from exchange to exchange; unfortunately, this makes cryptocurrency exchanges a hotbed for hacks that result in the theft of cryptocurrency or customer data. Let’s take a closer look at the cryptocurrency exchange hacks of 2019 and how much cryptocurrency, fiat and customer data was stolen in each incident.
Date: Jan. 14, 2019
Headquarters: New Zealand
Amount stolen: $16,002,108
Just two weeks into the year, the first hack on a cryptocurrency exchange took place. New Zealand-based Cryptopia was hacked for over $16 million worth of cryptocurrency at the time. Social media users started their own investigation, according to which, over 20 different cryptocurrencies were taken from the exchange’s hot wallet.
Date: Jan. 26, 2019
Amount stolen: $27,000
A few weeks later, the popular over-the-counter Bitcoin exchange LocalBitcoins was the victim of a security breach. Attackers were able to replace the official link to the exchange’s forum with a fraudulent link that led users to a fake page that resembled the discussion board but collected the information of the users who attempted to log in.
The attackers used the information they obtained to steal 7.9 Bitcoin — worth $27,000 at the time — from at least six user accounts.
Date: Feb. 15, 2019
Amount stolen: 450,000 account usernames and passwords
In just the second month of the year, Israel-based cryptocurrency broker Coinmama learned that its database had been breached. As a result, an estimated 450,000 user account logins and passwords had been compromised and posted on a darknet registry.
Date: March 24, 2019
Amount stolen: $7.09 million
On March 24, Singapore-based exchange DragonEx posted in its official Telegram group that it had experienced a hacking attack, and as a result, a portion of the users’ and the platform’s crypto assets had been stolen. Days later, DragonEx released an announcement on its website, saying: “On March 24th, DragonEx suffered APT attack, which is the greatest challenge since DragonEx was first launched in the year of 2017. 7.09 million USDT assets are stolen.”
Date: March 25, 2019
Amount stolen: $105 million
Just two days after the DragonEx hack, another cryptocurrency exchange in Singapore, CoinBene, was hacked. Many CoinBene users became suspicious of a hack when the CoinBene site unexpectedly went down for maintenance. Individuals who were tracking the CoinBene hot wallet noticed that a whopping $105 million worth of crypto assets had been removed. Even though all of the evidence is on the blockchain, CoinBene continues to deny that it was ever hacked.
Date: March 30, 2019
Headquarters: South Korea
Amount stolen: $18.7 million
March was a bad month for cryptocurrency exchanges. Just a few days after the CoinBene hack, Bithumb was hacked for an estimated $18.7 million — $12.5 million in EOS tokens and $6.2 million in XRP. Unlike other exchange hacks, Bithumb believed that the theft was an inside job committed by a former Bithumb employee who had access to its hot wallets.
Date: May 7, 2019
Amount stolen: $40 million
On May 7, Binance — the world’s biggest cryptocurrency exchange — experienced a security breach. As a result, 7,000 BTC, equivalent to $40 million at the time, was stolen. In addition, Binance said that hackers were able to obtain user API keys, two-factor authentication codes and possibly more user information.
Later, on Aug. 7, it was revealed that hackers were in possession of over 60,000 pieces of Know Your Customer data from the Binance exchange. An individual going by the name “Bnatov Platon” said he or she hacked the individuals that hacked Binance back in May and discovered that the original hackers had also gained access to 60,000 pieces of customer KYC data, including the photo IDs of 10,000 Binance users.
Date: June 1, 2019
Headquarters: United Kingdom
Amount stolen: $10 million
In June, GateHub made an announcement, saying 100 of its users’ XRP wallets had been compromised. A GateHub community member took a deep dive into the hack and discovered that by June 5, 23,200,000 XRP had been stolen from 80–90 of these wallets — the equivalent to about $10 million at the time.
Date: June 26, 2019
Amount stolen: $4.23 million
At the end of June, Bitrue was hacked, and roughly $4.23 million was stolen. Hackers learned of a vulnerability in Bitrue’s security that gave them access to about 90 user accounts. Afterward, hackers used what they learned from their 90-account takeover to successful compromise Bitrue’s hot wallet. As a result, 9.3 million XRP and 2.5 million ADA were stolen.
Date: July 11, 2019
Amount stolen: $32 million
On July 11, Japan-based cryptocurrency exchange BITPoint was alerted of an irregular outflow of XRP from its hot wallet. Several hours later, BITPoint became aware that Bitcoin, XRP, Ether, Bitcoin Cash and Litcoin had been moved from the exchange’s hot wallet without authorization. In total, $32 million worth of cryptocurrency was moved out of BITPoint’s hot wallet — $23 million of which belonged to BITPoint users.
Date: Nov. 5, 2019
Amount stolen: $500,000
For the most part, the VinDAX hack is a mystery. VinDAX is a small cryptocurrency exchange based in Vietnam that primarily hosts token offerings for unheard of companies. Information regarding this security breach is scarce. However, The Block took a deep dive into this mysterious hack and learned from the VinDAX support staff that roughly 23 cryptocurrencies — worth $500,000 in total — had been removed from its hot wallet without authorization.
Date: Nov. 27, 2019
Headquarters: South Korea
Amount stolen: $49,116,778.00
And finally, the last hack of the decade: Upbit. Upbit is a South Korea based cryptocurrency exchange that was hacked for 342,000 ETH — equivalent to $49,116,778 at the time — on Nov. 27. All that is really known is that hackers were able to gain access to Upbit’s hot wallet and move Ether without authorization. However, Upbit released a statement shortly afterward telling users that it would be covering all of the losses with the exchange’s assets.
* * *
In total, $292,665,886 worth of cryptocurrency was stolen from 11 cryptocurrency exchanges and 510,000 pieces of user information were taken from the database of one exchange — a total of 12 cryptocurrency exchanges experienced security breaches.
So, what does this all mean? It means that cryptocurrency exchanges have to do better in terms of industry standards and security practices. Sadly, we did not see enough legislation and security improvement in 2019, and we experienced even more cryptocurrency exchange hacks than in any previous year. But hopefully, these things will change in 2020 and the cryptocurrency markets will be safer for every party involved in the cryptocurrency ecosystem.