The cryptocurrency market is booming, and with it, criminals are looking to cash in.
Bitcoin (BTC) may not have sustained the $19,000+ price tag of previous years, now coming in at roughly $7,200 at the time of writing, but there is also a variety of other stable coins and altcoins, including Ethereum (ETH), Ripple (XRP), Monero (XMR), Bitcoin Cash (BCH), and Litecoin (LTC), that maintain a loyal following and constant trade.
The industry has gained enough traction in recent years that regulators are beginning to shift towards the viewpoint that virtual coins should be considered taxable assets, with the IRS now hunting down cryptocurrency traders that do not declare their investments. The UK’s Financial Conduct Authority (FCA) also clarified its stance (.PDF) this year on what coins can be considered securities or e-money — some of which now land under the FCA’s remit.
Russia, too, known for its hostile approach to cryptocurrency, has begun to accept that cryptocurrency may have a legal position in the economy.
With any form of asset that has financial worth, criminals will look for ways to fraudulently profit and cryptocurrency is no exception. The industry is rather unregulated, with laws potentially applied locally, but with exchanges registered worldwide, investment in cryptocurrency can be a risk.
Exchanges are a common target. A weakness in a website, a vulnerability leading to exposure of a hot wallet — storage systems used to hold virtual coins that are Internet-connected — insider threats, and exit scams can all result in traders losing their cryptocurrency. Wallets, too, can be ransacked when vulnerabilities are found, and the blockchain itself, the backbone technology of cryptocurrency exchanges, may be subject to attacks such as the 51% technique. Unless cryptocurrency is stashed in a cold, hardware-based wallet that is not connected to the web, there may be a risk of cyberattack.
Below, we take a look at some of the most noteworthy cases of hacking, criminal investigations, exit scams, and cryptocurrency-related breaches over 2019.
- Cryptopia: New Zealand’s Cryptopia cryptocurrency exchange was pulled offline due to some form of hack, but details are scant. Trading was suspended and the firm went into liquidation. It has since emerged that users did not hold individual wallets. Estimates suggest that up to $16 million may have been lost.
- Proof of Stake: Security issues were found in 26 forms of cryptocurrency opening up users to “Fake Stake” attacks, crashing blockchains and giving attackers the opportunity to seize control of them.
- LocalBitcoins: An attack taking place on the peer-to-peer cryptocurrency market platform led to the theft of Bitcoin belonging to customers.
- Bitgrail sentence: The previous owner of hacked exchange Bitgrail — which lost $195 million in Nano coins — was commanded by an Italian court to return as much in customer funds as possible, leading to the seizure of assets.
- IOTA arrest: Europol arrested a man from the United Kingdom on suspicion of stealing €10 million in IOTA cryptocurrency.
- Coinmama: Coinmama was made aware that 450,000 email addresses and hashed passwords of users were up for sale on the Dark Web.
- Bithumb: Bithumb reported another security incident, the third in two years. It is believed that cyberattackers may have stolen up to $20 million in EOS tokens and Ripple.
- DragonEx, CoinBene: The cryptocurrency exchanges were subject to cyberattacks, leading to an estimated loss of $1 million in cryptocurrency by DragonEx, and $45 million by CoinBene.
- Binance: Cyberattackers compromised the Binance cryptocurrency exchange platform and made off with $41 million in Bitcoin. Since May, Binance has faced rumors of raids in China, which the company vehemently denies.
- Bestmixer: Bestmixer.io was seized by European police. The online service is thought to have laundered over $200 million in cryptocurrency throughout the years, making it far harder for law enforcement to track coins believed to be stolen or the result of criminal activities.
- GateHub: Ledger wallets belonging to 18,473 customers were compromised. Suspicious API calls were detected and an investigation concluded the attacker(s) managed to access a database containing valid access tokens. It is still not known exactly just how many coins were stolen, but estimates suggest that at least $10 million was taken.
- Bitrue: Singaporean exchange Bitrue lost 9.3 million in XRP and 2.5 million in Cardano (ADA) from its hot wallet, worth millions of dollars. A hacker exploited a vulnerability in review process systems to steal customer funds.
- €24 million Bitcoin heist: Six arrests were made in the UK and the Netherlands by Europol and Eurojust. The suspects are alleged to have operated a scam that netted them €24 million in Bitcoin (BTC).
- Bitpoint: Japan-based cryptocurrency exchange Bitpoint was subject to $32 million in cryptocurrency theft, $23 million of which belonged to the organization’s customers.
- Ethereum startup extortion: Two cryptocurrency consultants were arrested and charged by the DoJ based on claims the pair attempted to extort an Ethereum startup, threatening to destroy the business unless they were paid what they wanted.
- EtherDelta charge: A hacker best known for attacking TalkTalk was also indicted for an attack in 2017 on cryptocurrency exchange EtherDelta.
- MapleChange: Canadian crypto trading post MapleChange said that over 900 BTC had been stolen, but customers would not be refunded — and very quickly thereafter, the firm’s website and social media presence vanished. Foul play is suspected.
- Satowallet: Satowallet blamed Telegram scammers for the loss of $1 million, stolen from customer wallets. An exit scam is suspected.
- Upbit: South Korean cryptocurrency exchange Upbit said that 342,000 in Ethereum (ETH) had been stolen from the firm’s hot wallet, worth roughly $48.5 million. The exchange has promised that customers will not be impacted and the funds will be covered by Upbit assets.
- Monero: The official Monero website was compromised to deliver a malicious Official Linux CLI binary, tampered to steal funds from unwitting users.
- PureBit: Despite only being in operation a few months, South Korean cryptocurrency exchange PureBit allegedly pulled an exit scam, taking $3 million in Ethereum with it.
- North Korea talks: Ethereum project member and cryptocurrency expert Virgil Griffith was arrested after giving a talk at a technology conference in North Korea about how the blockchain could be used to circumvent sanctions. If found guilty of breaking US law, he may face up to 20 years behind bars.
- Crypto theft, SIM-swapping: The DoJ charged two men for allegedly conducting SIM-swapping attacks in order to steal cryptocurrency from high-value targets. Over $550,000 in cryptocurrency from known victims was allegedly stolen after phone numbers were hijacked to gain access to victim wallets.
- PlusToken: PlusToken allegedly performed an exit scam, walking away with $2.9 billion in deposits. Some individuals suspected of being involved have been arrested.
- Vertcoin: Vertcoin suffered a 51% attack in December 2018, and a year later, history repeated itself. This attack resulted in 603 blocks being removed from the VTC chain and replaced by 553 attacker blocks in order to perform double-spending.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0