When there is money, there are hackers who are trying to steal it. Especially if that money is in a bank or the bank is just a mediator, like it is with CEX. Centralized crypto exchanges have their PROs, but their centralized nature makes them a great target for hackers.
That is why lately big hacks have been happening every couple of months, with huge amounts of money being stolen. Yes, security is on a very high level, but…things happen. Last year alone, hackers made over 4 billion dollars from stealing cryptocurrencies.
Today, we are looking at some of the biggest hacks in the CEX world to figure out if we have learned anything from them.
1. Mt. Gox
We are starting our list with the first major hack that happened way back in 2011.
If you have been a part of the crypto community for a long time, then you are definitely familiar with Mt.Gox. It was a bitcoin exchange based in Tokyo, Japan, that handled more than 70% of all bitcoin transactions from 2010 to 2014. Past tense, because it was ultimately shut down, after the second hackers' attack.
The first attack happened more than 10 years ago when $8.75 million was stolen. After that mishap, the company promised to improve security. However, it didn’t do them any good, because Mt.Gox was hacked again in 2014. But, now, hackers stole a whopping 615$ million dollars or 850,000 Bitcoins.
The investigation revealed that this was planned for a long time - the Mt.Gox private key was unencrypted and stolen in 2011. After that, thieves started skimming bitcoins from various customer accounts over a period of a couple of years.
This eventually led to lawsuits and finally, Mt.Gox filed for bankruptcy.
2. Binance
If you have spent more than a minute in the crypto world, then you are for sure familiar with the name Binance, one of the biggest crypto exchanges in the world - it offers more than 360 cryptocurrencies to buy and sell, and is active in more than 1,200 countries.
In 2019, this crypto giant was hacked and perpetrators stole not only over 7,000 Bitcoins from hot wallets (that were worth more than $40 million at the time), they also stole two-factor authentication codes, and API tokens as well. Unlike cold wallets, hot ones are connected to the internet, which makes them a great target for hackers.
When this happened, CZ, the CEO of Binance was very forthcoming, writing in a blog post that “The hackers used a variety of techniques, including phishing, viruses and other attacks”. CZ said -“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.”
However, believe it or not, $40 million is just a drop in the ocean for Binance funds and the company said that everyone affected would get their money back.
3. Coincheck
For number three, we are circling back to one of the most expensive hacks in the crypto world, this one also occurring in Japan - Coincheck was hacked and lost more than $500 million in the process.
Hackers targeted hot wallets which are connected to external networks and in 2021 Japanese authorities connected the attack to individuals from a high-income group.
What is interesting is that Coincheck found and published 11 accounts where the money went, but no one knows who owns them. However, Coincheck successfully survived the attack and continued with its operations.
4. BitMart
We are continuing down the list of biggest hacks with the one that happened in December of 2021 - what a way to end last year with a bang, right?
BitMart lost more than 196 million dollars due to the hackers' attack, stolen in assets from two of the platform’s ‘hot wallets’ on Ethereum and BSC. Hackers stole a private key that allowed them to breach security.
The company’s CEO Sheldon Xia announced the loss on his Twitter account and also said that the company will use its own funds to compensate the users. Nevertheless, the latest update from January this year is that the victims claimed they are still waiting for their money back.
5. KuCoin
The last on this list is a crypto exchange based in Singapore. Two years ago, in 2020, hackers were able to steal around $281 million dollars in coins and tokens. Just like BitMart, they also stole keys for some of the centralized exchange’s hot wallets.
Even though the company reacted quickly and blocked all of the transactions, the damage was already done. However, this story has a relatively happy ending - the company has investigated and managed to recover around $204 million dollars in a matter of weeks.
Moreover, according to CoinDesk, the CEO of KuCoin has stated that they were able to identify the thieves with a lot of proof. It is rumored that a hacker crew from North Korea that goes by the name Lazarus Group was responsible for this breach.
6. The DAO
Do you remember the DAO - decentralized autonomous organization, that was a revolutionary project? Allow us to refresh your memory: it raised over $150 million worth of ether (ETH) and was built on the Ethereum blockchain. However, after just a couple of months, the DAO was hacked and lost $60 million.
There was a token sale that lasted for 28 days, but before it even came to an end there were some concerns about its’ safety. There was a bug in the DAO’s wallet smart contracts, but while they were fixing it, the attack happened.
The Ethereum and its founder Vitalik Buterin found themselves in a pickle, not sure how to react.
In the end, the blockchain was hard forked, which was not a consensus, so the network split into two different blockchains - Ethereum and Ethereum Classic.
What Have We Learned?
Considering that these hacks are happening more and more as the industry grows, a better question would be - have we learned anything?
Well, the one thing we can say - as the technology develops, so do the skills hackers have. They are definitely following the trends and money. Most attacks happened because of a security liability and hot wallets are the go-to place for hacking.
When comparing DEX to CEX, thanks to its decentralized nature, a DEX is definitely a much safer option for your funds.