The blockchain is surely a trending topic that we have heard a lot about. But, here’s the most important question: is blockchain unhackable as most of its adopters claim to be?
- The answer is NO.
We might have heard a lot about blockchain providing a secured transaction. But it is not the case every time. It gets hacked too. Any software may be vulnerable to attacks as it is written by humans. Cryptocurrencies are the very attractive targets for the hackers. Since the introduction of cryptos, hackers have robbed many cryptocurrency investors. Thanks to the anonymity of the blockchain, once a crypto is stolen there is no way to get them back. This might be a bad news for the cryptocurrency user. But it is always safe to know your grounds.
The primary objective of this article is to aware the stakeholders in blockchain space about the major hacks in the history of the blockchain. Here are the few companies that underwent the major attack including the date and amount of the attack.
1. Mt. Gox
Mt. Gox, a Japan-based biggest Bitcoin exchange at that time started its operation in July 2010. It was hacked not only once but twice and the total amount hacked was worth around $350 million.
Hacked Date: June 2011 | February 2014
Amount Hacked: 2609 BTC | +750,000 BTC (around $350 million)
The first hack happened in 19th June 2011, where hacker attacked the credential of Mt. Gox’s auditor and transferred 2609 bitcoins to an unknown address. This suspended Mt. Gox’s operations for several days. The event also triggered the crash of Bitcoin price which went from $17 USD to $0.01 USD on the exchange.
In Spite of this hack, they sustained themselves in the market again and were able to regain the trust of several users. By the end of 2013, it handled about 70% of the total bitcoin transactions worldwide and established among the world's leading bitcoin exchange.
However, on February 2014, Mt Gox stopped all the bitcoin withdrawals and even suspended all the trading and the website went offline. The hacker raided all the Mt. Gox exchange and stole 744,408 bitcoins and 10,000 bitcoin that belonged to their customers and company respectively.
They had been subjected to a transaction malleability attack. After this incident Mt. Gox went bankrupt. All the investors lost all their funds which might never be refunded. It was one of the biggest attacks of bitcoin.
Bitcoinica, a bitcoin exchange holds the most number of hacks with 3 recorded hacks.
Firstly, the hot wallets stored on the Linode’s server were unencrypted by the hacker and they stole 43,554 bitcoins. In this attack, several individuals that used Linode lost the fund.
Hacked Date: March 2012 | May 2012 | July 2012
Amount Hacked: $228,000 | $87,000 | $300,000
Secondly, just after the weeks of the first attack, Bitcoinica was raided again. This time hackers accessed Bitcoinica’s user’s database including all their identification details and sensitive data. This time, they stole 38,000 BTC.
Thirdly, Bitcoinica was robbed for the third time when 40,000 BTC were stolen, but this time all the funds were secretly held in Mt. Gox. These funds were also reported to be refunded.
The hack involved many crypto communities, therefore, it is one of the most controversial hacks that happened within the industry.
3. DAO (Decentralised Autonomous Organisation)
DAO, a programme built in Ethereum Platform that comprised of series of smart contracts was breached earlier and one-third of the DAO’s fund worth $50 million was stolen.
Hacked date: 18th June 2016
Amount Hacked: 3.6m Ether worth ($50 million)
A hacker spotted a loophole in the DAO’s code in the fallback function which was the major reason behind the hack. The hacker drained 3.6 million Ether into their personal account. This event caused a downfall on the price of the Ethereum.
However, the price of Ether has recovered and it has regained the trust to a certain extent. This situation resulted in reluctance among the Ethereum community for further investment.
As a solution, Ethereum plans on shifting from Proof-of-work(POW) based consensus to Proof-of-stake (POS) consensus. Also, with POS consensus and Vitalik’s new Consensus Algorithm, Ethereum blockchain is believed to be the most secure blockchain in the world.
Bitfloor, a FinCEN-based Bitcoin exchange was hacked in September 2012. It was the fourth largest exchange before the attack occurred.
Hacked Date: September 2012
Amount Hacked: 24,000 BTC ($250,000)
The hacker held the unencrypted private keys that were mistakenly available on the company’s server. By using those keys, hackers were able to steal 24,000 BTC worth $250,000. Although Bitfloor claims to have refunded all the amount to the investors, the exchange was halted and was closed due to the regulatory measures of the bank.
Poloniex, American- based, one of the busiest digital currency exchange of Bitcoin and altcoins was hacked in 2014. It lost 12.3% of its total bitcoin supply in an attack.
Hacked Date: 4th March 2014
Amount Hacked: 12.3% of all BTCs (97 BTC) worth $50,000
In this attack, hackers succeeded in exploiting a full withdrawal code of Poloniex. Soon after the hack, all of its operations was suspended for a while and all their fund holder’s cash got reduced by 12.3%. This was a very smart move taken by Poloniex as many fund holders would have withdrawn the money leaving them empty.
Most importantly it still runs smoothly till date. The owner took the full responsibility and paid back all the victims by July 2014. Now, it is one of the most active exchanges in the world.
Bitfinex, Hong Kong-based exchange suffered a major hack and lost 120,000 bitcoins to the hackers. This happened because the hackers were able to exploit the multisig wallet architecture of Bitfinex and BitGo.
Hacked Date: August 2016
Amount Hacked: 120,000 BTC
It issued BFX tokens for all of its victims and most of the investors got their money back. Bitfinex continues to operate even though there is a big question about the company’s credibility.
Bitstamp, a European-based leading exchange formed as an alternative of Mt.Gox was breached in 2015 and 18,866 BTC was stolen.
Hacked Date: 4th January 2015
Amount Hacked: 18,866 BTC ($5 million )
The operational wallets had been breached in this attack. After the attack, the company suspended all of its services but was resumed after a week.
Bitstamp rebuilt the system, regained the trust and is still operating as a leading exchange that allows trading in between USD dollars and cryptocurrency.
Parity, a cryptocurrency wallet provider was breached two times. It was first hacked in July when 150,000 ethers were stolen from the user accounts. The vulnerability was detected in version 1.5 and later in its wallet software. The flaw was found in its multi-signature wallets that comprised of several companies ICO fundraisers.
Parity was hacked for the second time on 7th November 2017 where 513,774.16 ether equating over $162 million was frozen. It happened as someone deleted a GitHub code with a msg “I accidentally killed it”.
Hacked Date: 20th July 2017 | November 7th, 2017
Amount Hacked : 150,000 ethers ($30 million) | 513,774.16 ether ($162 million)
Though these frozen funds are still not restored, many people believe that Parity is waiting for the software upgrade of the Ethereum to restore these funds.
Tether, a Santa Monica-based startup that provides dollar-pegged cryptocurrency tokens had been hacked and $30 million worth of token were stolen.
Hacked Date: November 19, 2017
Hacked Amount :$30,950,010 USDT | $31 million
The major reason was found to be a malicious action by an external attacker, the amount was sent to an unauthorized digital wallet. After this hack, the price of bitcoin dropped by 6%. This hack is linked with the Bitfinex as both of the companies share the same operational personnel.
Tether claimed that they won't compensate any of the stolen tokens and started developing a plan for token recovery and further prevent them from entering the border ecosystem. They are still working on securing the wallets, changing the service, and reopening the withdrawals.
10. Google Adwords
Ukrainian hackers dubbed Coin Hoarder and stole more than $50 million by exploiting Google Adwords in February 2018.
Hacked Date: February 14th, 2018
Amount Hacked: $50million
The hackers used a very simple technique-they bought the google ads on the popular keywords that were related to the cryptocurrency and poisoned the user search results for everyone who googled terms like ’blockchain’ or ‘bitcoin wallet’. This led to the visibility of malicious websites as the legitimate website for the blockchain.
After this incident, Google has removed more than 10,000 malicious links, yet claims this problem to be widespread and far beyond the company.
After all Blockchain is just a blocks of code written by humans in spite of its immutable, incorruptible, secure and decentralization features.This fast-paced technology has wider application in almost every sector. Therefore, a lot of preventive measures are being researched and adopted by different companies to mitigate different types of risks. It can be assumed that the blockchain adopters have realized and are aware of the potential vulnerabilities of the technology following the incidents as presented above. The blockchain hacks have indeed become a periodic wake-up call for the companies adopting this disruptive technology.
Let’s hope the stakeholders will continue securing the blockchain technology and prevent any form of hacking and malicious attack to make the technology more reliable and convincing.