As the popularity of the crypto market grows, so does the growth of potential threats to the players within it. In particular, experts note the increased incidence of hacker attacks on cryptocurrency trading platforms. According to The Wall Street Journal, since early 2018, scammers have stolen more than $800 million from five crypto exchanges, which exceeds the figures for any other year. Why do scammers attack crypto exchanges and what are the consequences of these attacks?
Chronology of Hacks in 2018
In total, since 2011, hackers have carried out 56 attacks on crypto exchanges, ICOs, and other platforms working with digital currencies. This is stated in the analysis of the financial consulting firm Autonomous Research, according to which the participants of the crypto market suffered losses of more than $1.6 billion during this time. In the first seven months of 2018, the hackers were able to crack five trading platforms, stealing more than $800 million.
January 26, 2018, Coincheck, one of the largest cryptocurrency exchanges in Japan suffered the most massive attack in the crypto market. As a result, the hackers stole 500 million NEM tokens worth $532 million, making it the biggest robbery in the history of cryptocurrencies—even outdoing the hack of MtGox's crypto exchange in 2014 that tallied losses of $480 million.
The reason for the attack was a vulnerability in Coincheck's protocol. Namely, the users’ cryptocurrencies were stored in hot wallets, where assets are always online. Also, the exchange did not use the mechanism of multiple signatures, which could protect the funds of clients of the exchange. In an interview with Bloomberg, Koichiro Wada, the former head of Coincheck, also said:
"We now understand that the number of employees who worked on internal audits, management, and risk assessment was inadequate. We wanted to grow, but our efforts eventually led to this situation."
Nevertheless, on January 28, representatives of Coincheck announced the company's readiness to compensate for the losses of its users. And, in April, Coincheck's crypto exchange came under the control of Monex Group, which bought it for 3.6 billion yen, or $34 million. Under the terms of the transaction, all representatives of management of Coincheck, including Koichiro Wada, were to leave their posts.
On February 8, the Italian cryptocurrency exchange BitGrail came under attacks, during which 17 million Nano tokens worth more than $170 million were stolen. It is noteworthy that two weeks earlier, the crypto exchange had already suspended the input and output of Nano, raising the suspicion of users.
According to the official statement of the exchange, the internal audit showed that the hacking occurred as a result of numerous "unauthorized transactions" with Nano. The CEO of the exchange Francesco "The Bomber" Firano reported a certain bug in the Nano protocol, which, in his opinion, was the reason for the hacking. In response, the Nano team accused the exchange of distributing incorrect information, noting significant vulnerabilities in the security code of the trading platform. Moreover, the problems with the withdrawal of funds were known even before the attacks, when a user discovered that when placing two orders, a user could double the balance of tokens in their wallet. In this connection, it appeared that the hack was carried out by the site’s management, which the users accused of fraud, negligence, and theft of funds. This was confirmed by the Nano development team, who wrote in their blog:
"We have every reason to believe that Firano misled the Nano Core team and the community about the solvency of the BitGrail exchange for a significant period of time."
At the beginning of May, the exchange declared itself bankrupt, and on May 24, the court of Florence ruled that the exchange should stop working, and the assets left at its disposal should be transferred to external management.
On June 10, the management of the seventh largest South Korean cryptocurrency exchange Coinrail reported a hacking attack, as a result of which $40 million was stolen. According to the exchange, the target of the scammers were various ERC20 tokens, in particular, the NPXS tokens of the Pundi X project, ATC of the Aston project, and NPER of the eponymous NPER project. Also, according to the Pundi X team, the hackers stole 1,927 ethers and 831 million DENT tokens, as well as $1.1 million in TRX tokens.
As in the case of Coincheck, the tokens were stolen from user accounts, whose funds were stored on the exchange. As a result, the management of Coinrail decided to move the cryptocurrency assets to cold wallets for the time of the investigation.
At the same time, the local newspaper The Chosun Ilbo published information about suspicious transactions conducted by the exchange, as a result of which some banks suspected it of money laundering:
"In February 2018, several banks working with Coinrail discovered suspicious transactions allegedly aimed at money laundering. In April, some banks stopped all cooperation with the exchange without any explanation."
A week and a half later, another well-known South Korean trading platform, Bithumb, came under attack. On June 20, the third largest crypto exchange in the world confirmed the information about the hacking that took place the day before. The representatives of the site reported that the scammers managed to steal 35 billion South Korean won, which is about $31 million. At the same time, the representatives did not specify which cryptocurrencies were stolen:
According to CoinDesk Korea, a few days before the attack, the company conducted a security system check on its servers, as more cases of unauthorized access attempts were noted. At the same time, users' funds were moved to cold wallets. At the moment, the Korean Internet Security Agency (KISA) is looking to identify the causes of the hack.
The good news is the fact that only nine days after the hacking, the site managed to return about $14 million due to cooperation with other trading platforms. According to the company, the remaining lost user funds will be reimbursed in the future.
The last attack took place on July 9 and was committed against the decentralized Swiss Bancor crypto exchange, which allows users to trade with smart contracts, while most other crypto exchange trading platforms offer centralized trading. The official Twitter of Bancor announced the attack:
In a more detailed statement, it was noted that the attackers managed to steal more than 24,000 ETH worth about $12 million, NPXS tokens worth $1 million, and BNT tokens worth $10 million. In total, the crypto exchange has suffered a loss of more than $23 million.
It was possible to freeze the BNT stolen under the Bancor protocol due to an embedded function aimed at combating such cases of thefts. Nevertheless, the remaining cryptocurrencies and tokens remain in the hands of the scammers, despite the fact that the management of Bancor is actively working with other sites in order to track the movement of the stolen funds and prevent their liquidation. The representatives of the crypto exchange said they would continue to publish information about the investigation in their Telegram channel and on Twitter.
According to the experts, the growth in the number of hacker attacks on crypto exchange sites can be attributed to the rapid development of this sector. Existing security systems do not keep pace with growth rates, which leads to the exposure of significant vulnerabilities in exchange companies’ security systems. Even the leading cryptocurrency trading platforms need to make corrections to their response systems in order to keep their users adequately protected.