Since the inception of Blockchain and cryptocurrencies, they have been the target of hackers. It doesn’t happen often, but when it does, it can have a profound effect on the targeted digital currency. In some cases, cryptocurrencies have all but failed due to being hacked.
Here is a list of those digital currencies that were victims of hackers.
1. Bancor Hit By Hackers
- Bancor posted early details of an investigation into a security breach regarding a smart contract. A wallet used to upgrade smart contracts was used to steal somewhere in the range of $23M. Some amount of this was mitigated by protocol level features that allow the freezing of BNT tokens.
- A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH ($12.5M). The same wallet also stole: 229,356,645 NPXS (~$1M) 3,200,000 BNT (~$10M)
- Note: Charting as “unknown” until the method used to compromise the method is described.
“Bancor, a crypto company that touts a decentralized exchange service, has lost some $23.5 million of cryptocurrency tokens belonging to its users following a hack.
“The Israel-Switzerland company raised over $150 million in an ICO last year and its services include a wallet with a built-in exchange service. Today, Bancor said in a statement that “a wallet used to upgrade some smart contracts was compromised.” As a result, the attackers made off with $12.5 million in Ether, $1 million in Pundi X’s NPXS token and $10 million in Bancor’s BNT.
“Bancor said it has frozen the BNT, but it is unable to do the same to the other tokens. The company added that it is communicating with a number of exchanges in a bid to “make it more difficult for the thief to liquidate” the stolen tokens, but it remains to be seen how successful those efforts will be.
Following the incident, Bancor has taken its exchange offline while it conducts an investigation. There’s no word on when it will resume operations.
“Critics on Twitter, including Litecoin creator Charlie Lee pointed, out that the irony that Bancor, which claims to be decentralized, responded to the hack with strategies aligned to a centralized system.
“Speaking at TechCrunch’s Blockchain event last week, Ethereum creator Vitalik Buterin said centralized exchanges should “go burn in hell”. Buterin’s disdain is mainly focused on greed since centralized exchanges demand large fees up front to list tokens, but given the regularity that exchanges are hacked for large sums of tokens owned by their users — seemingly monthly, if not weekly — security is another issue on the table.
“In a further piece of irony, Bancor voiced support for Buterin’s comments just days before its service was hacked.”
2. Coinrail Hit By Hackers
- Coinrail is a South Korean cryptocurrency exchange. It is reported to have lost $40 million in cryptocurrency in a post on their website.
- On June 10, there was a system check due to the hacking attempt at dawn. At present, we have confirmed that 70% of the coin rail total coin / token reserves are safely stored
- I moved to a cold wallet and it’s being saved. About 80% of coins that have been confirmed to be leaked have been frozen/ withdrawn/redeemed or equivalent, in consultation with their co-workers and related exchanges, while the remainder is under investigation with investigators, related exchanges, and coin developers.
“Another day, another crypto hack. This time it’s Korea, the crypto-mad Asian country, where an exchange called Coinrail lost more than $40 million in altcoins, ICO-issued tokens that aren’t bitcoin or Ethereum after it was hit by an apparent attack over the weekend.
“Korea may be a hot spot for crypto investment, but Coinrail is one of its smaller exchanges, just about ranking inside the world’s top 90 based on trading volume, according to coinmarketcap.com. Nonetheless, even the smaller exchanges have plenty of coins, as the size of this heist illustrates.
“Most notably, the hackers got away with $19.5 million-worth of NPXS tokens that were issued by payment project Pundi X’s ICO. Added to that they scored a further $13.8 million from Aston X, an ICO project building a platform to decentralize documents, $5.8 million in tokens for Dent, a mobile data ICO, and over $1.1 million Tron, a much-hyped project originating from China.
“That’s according to a wallet address that has been identified as belonging to the alleged attacker, who also got hold of smaller volumes of a further five tokens from Coinrail.
“In all the cases, the companies issuing the tokens themselves were not hacked, the tokens that were nabbed belong to Coinrail users.
“It isn’t clear how, or indeed whether, Coinrail will go about compensating its customers — Japan’s Coincheck refunded its customers following a high-profile attack earlier this year — but some of the ICO projects are taking steps in response.
“Pundi was hit the hardest, claiming that some three percent of its total volume of tokens was impacted by this attack. It said it has frozen the tokens that were stolen and it has ceased trading of its tokens across all exchanges to help with the post-attack investigation, which it said includes the Korean police. NPER, which had around $860,000-worth of tokens taken from Coinrail, said it had frozen the stolen funds and it plans to incinerate the tokens to render them useless to the hacker. Aston has also frozen its affected tokens, according to Coinrail.
“Other projects have yet to comment, although Coinrail said in a statement on its website that two-thirds of the stolen tokens have been frozen with more action likely to happen.
“Coinrail took its service offline and it said in a statement that it has moved the remainder of its assets (which it said is 70 percent of its total holdings) to cold storage while it reviews its security system and fully investigates the incident.
“Some have suggested that the hack was responsible for bitcoin’s valuation dropping by over five percent in what is the cryptocurrency’s biggest decline for two weeks. However, Coinrail is so obscure that this theory seems unlikely.
“What is for certain is that the hack serves as another strong reminder that space remains unregulated — there’s with little recourse for victims of a crypto exchange hack, unlike say a bank robbery or payment fraud. More importantly, those who do buy bitcoin, Ethereum or other crypto tokens should keep their tokens securely in a private wallet (ideally using a hardware device for access) rather than leaving them within an exchange where they could be stolen.
“For those of you keeping score on recent hacks on exchanges, here are a few: Coincheck lost an estimated $400 million earlier this year, last November saw Tether claim it lose $31 million following an attack while EtherDelta suspended its exchange service for a period in December after it was compromised.
The Mt. Gox hacking in 2014 is the mother of all crypto attacks, of course. In total the exchange lost around 744,408 BTC. That was worth around $350 million at the time, but today a holding of that size would be valued at some $5.3 billion.” –techcrunch.com
- This is Bithumb’s second appearance in the graveyard. 35 billion Korean won (around $31 million) is estimated to have been stolen, and data about the root cause is sparse.
“Bithumb’s hack marks the second cyber incident in the crypto industry in South Korea in recent days, and its second in less than a year. Less than two weeks ago, a breach at Coinrail is thought to have seen $40 million-worth of cryptocurrencies stolen. While, last year, a hack of the Youbit exchange notably led to the exchange filing for bankruptcy.
“Apart from requiring domestic exchanges to enforce a real-name verification process, financial watchdogs in South Korea have not yet made any concrete move in regards to regulating exchanges in a legal framework.
“It remains to be seen whether the Financial Services Commission will take a similar stance to its counterpart in neighboring Japan.
“Following the notable hack of Mt. Gox in 2014, which was the largest cryptocurrency exchange at the time, regulators in Japan moved to launch a legal framework in 2017 that would allow the authorities to issue licenses to qualifying exchanges.” –coindesk.com
- Taylor is described as a “smart cryptocurrency trading assistant” which allows people today trade cryptocurrency.
- Today we arrived at the office and found out that we’ve been hacked and all of our funds have been stolen. Not only the balance in ETH (2,578.98 ETH), but also the TAY tokens from the Team and Bounty pools.
- Lots of write-ups from their executives shed light on their incident (1, 2, 3). The root cause appears to be a 1Password file theft. It is not clear how the file was accessed, how hackers had positioning to view it, or whether it contained cryptographic secrets or infrastructure secrets.
- Somehow the hackers got access to one of our devices and took control of one of our 1Password files.
- The following is also interesting:
- Although we are all aware of the good practices, we confess that we may have neglected some very important details — we know that the devil is in the details.
- As far as we know, the hackers are the same person or group that supposedly hacked CypheriumChain (more than 17,000 ETH were stolen).
- The hacker collected the amount from multiple sources in a single wallet, then transferred it to a bigger one.
- What we can say is that it was not a smart contract exploit.
“Based on the reports released thus far, the hackers stole 2,579.98 ETH ($1.35 million) raised by the project during its recently conducted ICO. The attacker also carted away the native TAY tokens held in the team and bounty pools. Only the tokens domiciled in the founders’ and advisors’ pools were saved from the attack. The hacker couldn’t access those funds because of the vesting contract which renders them inaccessible for the time being.
“The Taylor team also said the suspected hackers attempted to dump the tokens on the IDEX platform. Thus, the team instructed IDEX to delist TAY tokens until the matter is resolved. Commenting on the attack, the team said that:
We are still investigating the cause and source of the hack. We still cannot disclose much information right now. What we can say is that it was not a smart contract exploit. Somehow the hacker got access to one of our devices and took control of one of our 1Password files.
“In a personal blog post on Medium, Fabio Seixas, the co-founder, and CEO of Taylor said that:
It turns out we have been hacked and lost almost all of our funds. We now have only about $25,000. To be honest, it doesn’t even pay this month’s bills. This incident forced us to stop, step back and think about the future.
“The first point of action considered by the Taylor team is replacing the stolen TAY tokens. The hacker reportedly stole about 7 percent of the total token supply.
The new tokens will be sent to every address that had balance at the block number 5663273, except the hacker’s addresses. This action is necessary to keep a fair environment and distribution for token holders.
“By analyzing the transactions made by the hacker, the Taylor team believes it the same person, or group of people, responsible for the CypheriumChain hack. The ether wallet used by the suspected hacker is the same for both attacks. The team also said the matter had been reported to the police and there is an ongoing investigation.” –bitcoinist.com
- This is one of the harder breaches to decipher, as there are a lot of conspiracy articles and accusations of all parties involved. Underlying the Bitgrail breach seems to be some kind of application error of some sort, as opposed to a fully hijacked wallet, but this doesn’t have a lot of certainties involved. The NanoCore team (the currency involved) announced suspicion of the exchange and their claims.
- We now have sufficient reason to believe that Firano has been misleading the NanoCore Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.
- However, the Bitgrail accusations have pointed towards a thief, and blockchain viewing software developed by Nano.
- BitGrail Srl once again confirms that it was the victim of a theft, which took advantage of malfunctions of the software made available by the NANO team (rai_node and official block explorer) and, therefore, also for these reasons and according to the law, is not absolutely responsible, for any reason, of the incident.
“On Friday, February 16, the Italian crypto exchange known as ‘BitGrail’ posted a notice addressed to all users informing them that hackers had infiltrated the exchange and walked away with 17 million Nano tokens (XRB) in hand.
“Since late November, the price of XRB has soared from around $0.20 to its valuation of nearly $10 last week (down from its height of over $30 in early January), making the stolen tokens worth approximately $170 million at the time of the hack.
“In Friday’s notice, Bitgrail stated that “a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation” (translated quote). The exchange also declared that all transactions would be halted while the incident is being investigated.
“Even before the hack, users have reported troubles with withdrawing their funds from BitGrail for several months. TechCrunch reported that a user who lost $1.4 million in XRB during the attack had been trying to withdraw their Nano tokens for a month, but was limited by a withdrawal limit that started 10 BTC per day and was eventually lowered to just 1 BTC per day.
“Francesco Firano, the founder of BitGrail, has posted on Twitter that Bitgrail currently has no way to pay back affected users at 100 percent of their losses.” –financemagnates.com
You might also like Failed Blockchains – The Good, The Bad, The Ugly.