Cryptocurrencies burst onto center stage in 2017, delivering what might very well be historic gains. For the year, the aggregate value of all digital currencies soared from a starting value of $17.7 billion to an ending value of roughly $613 billion. That works out to an increase of more than 3,300%! By comparison, the stock market has historically gained 7% a year, inclusive of dividend reinvestment and when adjusted for inflation. It would take traditional equities decades to deliver similar returns.
But that’s not to say that the cryptocurrency ride hasn’t been without its bumps in the road. Earlier this year, virtual currency investors got their first taste of a major correction in years. After briefly hitting an all-time market cap high of $835 billion on Jan. 7, 2018, the combined market value of cryptocurrencies slid by 70% over the next three months. Even though they’ve nearly doubled off their recent lows, virtual currencies’ combined market cap is down by 23% year to date (through May 5, 2018).
These aren’t your run-of-the-mill cyberthefts
Another issue that’s reared its head from time to time is network security. Nearly all cryptocurrencies process transactions over proprietary blockchain technology. Blockchain is the digital, distributed, and decentralized ledger underpinning digital currencies that records transactions without the need for a financial intermediary (such as a bank). The fact that transaction data is protected by encryption, and that data is stored on computers all over the globe (decentralized) as opposed to one central location in order to prevent any entity, including criminals, from gaining control of a network, is believed to make blockchain safer than traditional banking networks.
However, that’s not always the case. Every few months it seems as if a virtual currency hack makes the news, exposing blockchain technology as less than perfect when it comes to security.
Below you’ll find a list of the largest cryptocurrency hacks in history, in ascending order, based on the value of the hack at the time it occurred.
NiceHash hack: $63 million
This past December, mining service NiceHash, which allows mining equipment owners to rent out their hash power to buyers looking to mine cryptocurrencies for a short period of time, announced that cybercriminals were able to siphon away more than 4,000 bitcoin tokens. Those bitcoin tokens were then sent to an unknown address that neither the proper owners nor NiceHash could access. At the time of the crypto heist, these tokens were valued at roughly $63 million.
Following the hack, CEO Marko Kabal resigned, and the company relaunched its platform on Dec. 22, 2017. NiceHash also recommended users change their passwords. But with this being a service-oriented mining site, it could be difficult for the company to regain the trust of its members.
The Bitfinex hack: $72 million
In terms of bitcoin platform hacks, cryptocurrency exchange Bitfinex ranks as the second largest of all time. As announced by Bitfinex in August 2016, nearly 120,000 bitcoin were drained from users’ accounts. Though this loss was worth $72 million at the time of the heist, these roughly 120,000 bitcoin would be worth close to $1.2 billion today!
Interestingly enough, the bitcoin drain wound up impacting multisignature accounts, which are often viewed as a step up in safety. With a “multisig” account, there are multiple signees that help manage funds and mitigate risk. In order for a transfer of funds to occur, you’d need access to these multiple keys, which essentially act as passwords that allow a transaction to take place. Bitfinex held two of these keys, while partner BitGo, which helped create this multisig system, held the third key. Somehow, hackers were able to gain access to these keys and withdraw users’ bitcoin to an unknown address.
Following the hack, neither Bitfinex nor BitGo stepped forward and took responsibility for what happened, and no true mea culpa has been issued to this day.
The Mt. Gox. debacle: $487 million
Arguably the highest-profile hack of all time was that of cryptocurrency exchange Mt. Gox. The breach was discovered in 2014. What’s really notable about the Mt. Gox hack was that it wasn’t a single event that occurred over a matter of hours or a few days. According to documents released in early 2014, hackers had been skimming bitcoin from the company for years. In total, they got away with an estimated 850,000 bitcoin, worth $460 million at the time, and about $27.4 million in cash held by the cryptocurrency exchange. Today, those bitcoin would be worth more than $8.3 billion.
The biggest issue appears to have been Mt. Gox’s lack of coding security, at least according to Wired. Mt. Gox lacked any type of version control software, which meant that a coder could accidentally overwrite a colleague’s code if they were coincidentally working on the same file.
Additionally, instances were found where untested software was put in front of customers, which is not something you’d expect to see from an exchange that was controlling 70% of bitcoin trading volume at the time.
Finally, only CEO Mark Karpeles could approve changes to the source code, even if there were major security flaws found. All of these factors set Mt. Gox up for failure, and in this instance, unlike Bitfinex, it did go bankrupt.
The Coincheck hack: $534 million
But the dubious honor of the largest cryptocurrency hack in history goes to Japanese cryptocurrency exchange Coincheck, which lost $534 million to cybercriminals.
As reported on Jan. 26, 2018, Coincheck stated that 523 million NEM coins (known as XEM) had been stolen from a hot wallet — i.e., a wallet that was connected to the internet — allowing hackers to drain the NEM coins into a separate account. Coincheck would state that it didn’t believe keeping these coins in a hot wallet represented a weak security practice, but given the beefed-up security that multisig wallets provide, it baffled exchange users. Since XEM has devalued quite a bit since the hack, the value of these 523 million tokens is only $221 million now.
For what it’s worth, in March, Coincheck did announce its intent to begin compensating those affected by the NEM heist. Users who had their NEM stolen will receive $0.83 per NEM token, meaning a complete refund will cost the company about $420 million. Needless to say, Coincheck has a long and arduous road ahead of it.