From Coincheck to Binance - the biggest hacks of 2018

Let's take a look at this year's high-profile hacks and some of the patterns that unite them.

Bithumb, June 2018.

Hackers’ revenue: $30 million in cryptocurrency

Result: drop in ratings and trust level

On June 19, hackers managed to hack the largest crypto exchange in South Korea, stealing $30 million in cryptocurrency. Before the attack, Bithumb was in sixth place in the ranking of the largest exchangers; at the moment it is in tenth. According to Cointelegraph Japan, attackers hacked hot storage wallets Bithumb. By coincidence, 3 days earlier, exchange employees began moving all assets to cold storage wallets.

According to local media reports, the Ministry of Science and Technology, together with law enforcement agencies, began an investigation into this matter. It is alleged that the authorities also sent law enforcement officers to the Bithumb office to collect information from the company’s computers. Three months later, the exchange was acquitted by the government, which failed to find evidence of wrongdoing on the part of Bithumb. However, the exchanger was ordered to pay 30 billion won (approximately $28 million) in taxes.

Bithumb has been hacked before. In 2017, the personal data of 30,000 users was stolen due to the hacking of the computer of one of the company's employees.

Coinrail, June 2018

Hackers' revenue: 40 billion won (approximately $37.2 million)

Result: harsh criticism in the press

Behind the hack The South Korean exchange Coinrail was followed by a collapse in cryptocurrency prices, Bitcoin price fell by 11%. Almost every major media outlet - Bloomberg, Reuters, The Gurardian, the Wall Street Journal - linked these two events. 

On the other hand, Coinral is a rather small exchanger; at that time it was in 99th place in the ranking. Yet none of their articles offered other explanations and placed all the blame on the exchanger alone. According to media reports, $40 billion won was stolen from Coinral (21 billion in Pundi X and 14.9 billion in Aston tokens. The exchange plans to reopen on July 15.

Verge, April-May 2018

Hacker revenue: 35 million XVG (approximately $1..7 million)

Result: Damaged reputation

The confidential cryptocurrency Verge (XVG) has been hacked twice over the past few months, and three times if you count the hack of a Twitter account in March.

In early April, reports of a Verge hack began to appear. Apparently, the attackers exploited a bug in the code that allowed them to steal more than 250,000 XVG. Members of the Verge team wrote a post on the Bitcointalk.org forum, where they called the hacker attack a “small incident” and stated that the error was fixed three hours after the hackers discovered it. They wrote: “We are glad that everything happened the way it did, because everything could have been much worse.”

After the news about this, the XVG token lost approximately 25% of its value. 

On May 21, Verge was hacked again; a message appeared on their Twitter about DDoS attack on the company's mining pools. This time, hackers managed to steal 35 million XVG (approximately $1.7 million) in just a couple of hours. 

After this incident, the price of XVG fell by another 14%. At the time of publication of the article, the price of XVG is $0.026131.

Coincheck, January 2018

Hackers’ revenue: 532 million NEM tokens

Result: Coincheck management sold the exchange

In January, the Coincheck exchanger was hacked. They had to freeze all operations on the exchange after stealing 523 million NEM from it - at that time approximately $534 million. According to Coincheck representatives, the tokens were stolen from hot storage wallets. NEM Foundation President Lon Wong called the hack “the largest theft in human history.” 

Shortly after the attack, Coincheck employees held a conference where they said that the tokens were indeed contained in hot storage wallets, and not in more secure wallets. The Coincheck team promised to reimburse all losses to its customers. The company began paying compensation in early March, and also opened access to the withdrawal of some cryptocurrencies.

In April, the Japanese financial company Monex Group acquired 100 percent of the shares of Coincheck Inc for 3.6 billion yen ($33.5 million). New management soon announced plans for international expansion.. In general, we can say that Coincheck recovered after the blow, but under the leadership of other people.

BitGrail - February 2018

Hackers’ revenue: 17 million XRB

Result: confiscation of the company’s wallets by the court

On February 8, the Italian crypto exchange BitGrail reported the theft of Nano cryptocurrency on $195 million. The day before the “hack,” Nano developers published information that the owner of BitGrail, Francesco Firano, asked them to help with a small problem.

“Firano informed us that funds were missing from the BitGrail wallet. The option that Firano suggested was to change the cryptocurrency registry to cover his losses. We, of course, provided,” Nano employees wrote.

The Nano team then published the evidence that some of the losses that Firano attributes to this hack are actually the result of a hacker attack in October 2017. Firano denies this information. In his interview with Cointelegraph, he said that he “does not have the ability to recover the stolen funds,” and that the Nano blockchain network bears full responsibility for the losses of BitGrail clients.

In addition, BitGrail users still have not received a clear answer to the question of what caused the incident, so they went to court. On April 5, investors filed a class action lawsuit in US court, the Nano development team supported them, paying some of the costs of lawyers.

In March, under pressure, Firano agreed to pay compensation, but only to those users who renounce any claims. On June 15, things went even worse for the BitGrail exchange, as Italian law enforcement authorities seized BTC stored in the company’s wallets. This court order was the result of lawsuits from victims.

MyEtherWallet, BlackWallet and Binance

In January, attackers managed to steal more than $400,000 in Stellar Lumens (XLM) cryptocurrency from Blackwallet.co wallets using a DNS attack. The same hacking method was used in the MyEtherWallet attack in April. 

On March 7, users of the largest crypto exchange Binance were hacked by third-party software. This led to the attackers being able to withdraw funds from some accounts.. Shortly after the incident, Binance CEO Changpeng Zhao reported that “all client assets are safe and the exchange continues to operate.” March 11 Binance offered $250,000in BNB (Binance Coin) to anyone who provides information that will help arrest the criminals.

According to cointelegraph.com