Friday, June 14, 2024

CryptoCurrency Breaches and Hacking Scandals: How to Address them?

The proponents of cryptocurrency always harp on the point that it is very safe and secure and the blockchain technology that is used is virtually hacking proof. Let’s face it, even with the best technology you will have loopholes and there are people everywhere who wish to make a profit out of it.

Every small vulnerability is used to steal bitcoins or other cryptocurrencies. Making systems tighter is the way forward. Earlier only small crypto exchanges used to be affected, as the security was not up to the mark or the exchanges could not have the necessary security team in place.

Still, nowadays big crypto exchanges are also threatened by hacking and some big crypto exchanges have already fallen prey to it.

Over the years there have been crypto currency breaches and hacking scandals and a few of them are listed below:

Mt. Gox:

The first major cryptocurrency hack was the Mt. Gox hack. Mt. Gox was an exchange company located in Shibuya, in the Tokyo district (Japan).In 2014, after declaring bankruptcy, Mt. Gox announced that hackers stole $473 million in bitcoin. This was the first major security lapse and it also led to the downfall of Mt. Gox.


Bitstamp is a trading company, based in Luxembourg, with two Slovenian founders: NejcKodrič (CEO and co-founder) and DamijanMerlak (a member of the management board and co-founder). In January 2015 more than $5 million in Bitcoin was stolen from a storage wallet due to a system administrator getting affected by a phishing scam.


Also, a cryptocurrency exchange, Bitfinexis headquartered in Hong Kong but registered in the Virgin Islands. The company was hacked in 2015 and $72 million worth of Bitcoin was stolen. As usual, hackers had spotted a flaw in the exchange and exploited it.


Parity offers a blockchain for Ethereum clients to use and guarantees security to its users. However, a while ago, a vulnerability was found in the Parity Wallet and white hat hackers (let’s call them the good guys) tried to save the funds in the Parity Multisig Wallet. However, black hat hackers (the unethical ones) had a field day and made away with upwards of $30 million in Ether.


Hackers had a merry time stealing $530 million in cryptocurrency from this Japanese crypto exchange, founded by Koichiro Wada and Yusuke Otsuka. The hack happened in January of 2018 and the currency stolen was NEM tokens. Coincheck assured to pay the users who lost funds due to the breach.

Binance – CryptoCurrency:

Headquartered in Malta, Binance is a crypto exchange that provides a platform for over 100 cryptocurrencies.  In May 2019, more than $40 million worth of Bitcoin was stolen from this exchange by hackers. Their CEO, ChangpengZao, affirmed the intruders “used a variety of techniques, including phishing, viruses and other attacks”. Since then Binance has made a lot of improvements in this regard, e.g. significantly enhanced the security of its API, so third party tools like Binance trading bots can run safely, or expanded its Asset Insurance Fund for Users to $1 billion.

Steps to address the problem:

A big way to prevent these sorts of attacks is by having easy communication between crypto exchanges. Exchanges should be able to track funds that seem suspicious and should be able to freeze such transactions when an exchange communicates that a vulnerability has been breached. Many crypto exchanges such as eToro have great systems in place.

A good example is eToro. According to a recent eTororeview, the trading company has KYC policies and when you have KYC details it becomes easy to track funds and recover them. Most of the hacked cryptocurrencies are sent to other crypto exchanges before being moved, so communication will help to lessen the losses or to even recover the lost funds completely. With communication in place, wallets can be suspended immediately.

In fact, in 2018 four crypto exchanges in South Korea got together and created a hotline for communication. This was done to make sure that any suspicious transaction is detected as soon as possible and the word is got out to others to be aware as well as to freeze any transaction. It is believed to have really helped the exchanges.

A hotline to communicate should be created among all the crypto exchanges of the world so that hackers cannot steal and run away with the proceeds. Another point is that a database should be created of wallets and transactions that are suspicious and these should be communicated to all exchanges.

In short, cryptocurrencies have their share of problems and hackers have shown that they can hack it too. Apart from the above-mentioned points, all exchanges should store the same amount of funds which is in their hot wallets as insurance in their cold wallets.

Hot wallets are prone to hacking as they are online but cold wallets are not connected to the internet and hence safe. If an attack occurs on a hot wallet the exchange can continue running while the other systems try to minimize the losses as they will have an insurance fund in their cold wallets.

Source & credits

This article provided to by Thyagarajan Gopalakrishnan. All the Content of this Article Belongs to Original Author. GBHackers on Security won’t take any credits.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles