In recent years, centralized exchanges (CEX) like Mt. Gox and WazirX have suffered significant losses due to external hacks, while others like FTX have collapsed due to internal misuse of funds. Even industry giants Binance and Coinbase face existential threats from the world’s most powerful financial regulators.
Decentralized exchanges (DEXs) offer effective protection against the three major threats—hacking, fraud, and overregulation—that continue to plague CEXs. Of course, there are other threats besides "hacking". For example, FTX’s downfall involved mismanagement and misuse of client funds by its senior executives, which is less feasible on a DEX because the inherent structure of a DEX promotes transparency and user control.
This article explores the largest breaches in the history of hacks of top centralized exchanges. From notorious breaches to systemic vulnerabilities, the cryptocurrency world has experienced turmoil. Here, we review the 10 worst centralized exchange hacks.
10. Bithumb Hack: Hit Again and Again
Founded in 2014, Bithumb quickly became a cornerstone of South Korea’s cryptocurrency market, with over 8 million registered users and over $1 trillion in trading volume. Despite Bithumb's reputation, it has come under repeated attack.
Starting in 2017, Bithumb suffered multiple intrusions:
February 2017: Hackers steal $7 million.
June 2018: Employee personal data was exploited to steal nearly $32 million in cryptocurrency.
March 2019: Bithumb announces another breach, suspending deposits and withdrawals after losing approximately $20 million in $EOS and $XRP.
June 2019: Bithumb suffers another attack, with hackers stealing $30 million worth of digital tokens.
Image source: TechFlowBithumb reported stolen assets during the June 2018 hack
In response to repeated violations, the Ministry of Science and Technology (MIC) launched a thorough investigation. Key findings include:
Insufficient network isolation.
Poor surveillance systems cannot differentiate between normal and suspicious activity.
Insufficient encryption key and password management.
9. WazirX cryptocurrency hacking incident
Over $473 million worth of cryptocurrency was lost to hacks and fraud across 108 incidents in 2024. WazirX alone accounted for 86.4% of the total cryptocurrency lost to hacks in July.
Indian CEX WazirX has announced plans to reverse all trading after freezing withdrawals on July 18, 2024. On that day, WazirX suffered a major wallet vulnerability attack, resulting in the unauthorized transfer of more than $230 million in crypto assets. The attack targeted WazirX’s multi-signature wallet on Ethereum.
Over $100 million in Shiba Inu ($SHIB), 20 million $MATIC tokens ($11 million), 640 billion $PEPE tokens ($7.5 million), 5.7 million $USDT, and 135 million $GALA tokens ($3.5 million) stolen.
Despite employing advanced security measures such as hardware device wallets and address whitelisting, WazirX suffered a sophisticated attack. This requires comprehensive security audits and continuous improvements in the protection of digital assets. The risks of centralized control of private keys are obvious.
8. Binance Hack: A Grim Reminder of Cryptocurrency Vulnerabilities
In 2019, Binance, the world's leading cryptocurrency exchange, suffered a major centralized exchange hack. On May 7, malicious attackers used phishing and viruses to attack Binance’s security systems and steal users’ two-factor authentication codes and API keys.
The breach allowed them to steal 7,074 Bitcoin, worth more than $40 million at the time, from the exchange's hot wallet in a single transaction.
After this incident, Binance CEO Changpeng Zhao announced the establishment of the Safe Asset Fund for Users (SAFU) to protect users’ funds in extreme situations. Despite these measures, Binance faced another major security challenge in October 2022. Hackers used the cross-chain bridge BSC Token Hub to illegally generate and steal 2 million $BNB tokens, equivalent to approximately $570 million.
7. KuCoin: suffered a Hollywood-style theft
In September 2020, KuCoin suffered a Hollywood-style theft that ranked high among centralized exchange hacks. The hackers first launched a cunning attack to steal Bitcoin and Ethereum into a mysterious wallet. The conspiracy became more complicated as several thieves gained access to the vault by stealing the private keys of KuCoin hot wallets.
The crypto community was already on edge the next day when KuCoin CEO Johnny Lyu addressed the world in a live broadcast. The KuCoin team responded quickly by moving remaining funds to a new hot wallet, closing the stolen wallet, and temporarily freezing all customer transactions to mitigate further risk.
Further investigation revealed that the stolen funds involved Bitcoin, Ethereum, $LTC, $XRP and other cryptocurrencies, totaling approximately $281 million. Despite the heavy losses, proactive measures taken by KuCoin resulted in the recovery of approximately $204 million in stolen funds within weeks.
Even more intriguing is the fact that KuCoin worked with international law enforcement to attribute the cyberattack to a suspected North Korean hacking group.
6. BitGrail: The inner workings
Italian cryptocurrency exchange BitGrail has been embroiled in controversy after €120 million ($146.55 million) was stolen from its platform. Italian police allege that Firano, also known as "FF," may have been involved in the hacking attack or neglected to strengthen security measures after the vulnerability was initially discovered.
This series of events resulted in the loss of funds for approximately 230,000 users. Firano faces charges including computer fraud, fraudulent bankruptcy and money laundering. This is one of the largest financial breaches in Italian history.
Afterwards, the Italian bankruptcy court took decisive action and declared Firano and BitGrail bankrupt. The court also ordered Firano to return as much of the stolen assets to customers as possible.
Additionally, the court approved the seizure of Firano’s assets, including more than $1 million in personal belongings and millions in cryptocurrency from his BitGrail account. The court found that a software flaw in the BitGrail platform resulted in multiple improper withdrawal requests.
In CEXs like BitGrail, control of all assets and security measures is centralized, making them an attractive target for hackers.
5. Poloniex: A tale of two hacks
Poloniex has suffered two serious security breaches.
In March 2014, hackers exploited a software vulnerability to steal 97 Bitcoins, accounting for 12.3% of the exchange’s Bitcoin holdings at the time. Despite the setback, Poloniex managed to rebound, fully compensating affected users.
Fast forward to November 2023, and the exchange was attacked again, this time more severely. Attackers suspected to be the North Korean-linked Lazarus group stole private keys and stole approximately $126 million from Poloniex’s hot wallets.
The modus operandi includes using social engineering and malware to obtain critical private keys. The hack followed sophisticated tactics, including sending different tokens to specific addresses and using decentralized exchanges to launder money, making tracking and recovery difficult.
4. Bitstamp theft incident
Cybercriminals targeted Bitstamp’s system administrator Luka Kodric, who unknowingly downloaded a malicious file that compromised the exchange’s security. The malware, hidden in a harmless document, launched a script that infected Bitstamp's servers, allowing the hackers to access the critical wallet.dat file and passwords.
Bitstamp acted quickly upon becoming aware of the vulnerability, setting up an emergency response team and issuing a company-wide alert. Despite these measures, the hackers managed to steal 18,866 Bitcoins from the hot wallet, resulting in a loss of approximately $5 million at the time of the hack.
In the aftermath, Bitstamp underwent a massive revamp of its trading platform, choosing to rebuild from the ground up rather than tinker with it. They moved their infrastructure to Amazon's secure cloud servers in Europe, implemented multi-signature wallet access, and hired Xapo for cold wallet management.
3. Bitfinex theft
In August 2016, Bitfinex suffered a cyberattack. Hackers exploited a vulnerability in the exchange’s BitGo-powered multi-signature wallet security system. They manipulated security protocols to illegally withdraw 120,000 Bitcoins from Bitfinex’s hot wallets.
Bitfinex has been transparent about the financial losses following the hack. Losses are spread across user accounts, resulting in a loss of 36% per account. To mitigate losses, Bitfinex issued $BFX tokens to affected users, redeemable for U.S. dollars or shares of iFinex Inc., to facilitate a gradual recovery.
2. Coincheck Theft
At the end of January 2018, Coincheck, a well-known Japanese cryptocurrency exchange, suffered one of the most serious centralized exchange hacking attacks in history. Hackers breached the exchange’s hot wallet and stole 523 million $NEM tokens, worth approximately $534 million at the time.
Despite lessons learned from other previous hacks, Coincheck still stored large amounts of assets in hot wallets and lacked adequate multi-signature wallet protection. Immediately after the attack, the exchange halted all deposits and withdrawals to stem the flow of stolen funds.
The cryptocurrency community quickly rallied to prevent the stolen assets from being liquidated. Exchanges such as ShapeShift banned trading of stolen $NEM coins and flagged the addresses in question to prevent further transactions. Despite these efforts, full recovery of funds has not been feasible.
1. Mt. Gox: An unforgettable hacking incident
The Mt. Gox hack remains arguably the most notorious and high-profile cryptocurrency theft, primarily due to its scale and timing. This major incident is a classic example of a top centralized exchange hack.
In 2011, Mt. Gox, the world's largest Bitcoin exchange at the time, suffered its first major security breach, resulting in the loss of 25,000 Bitcoins. The situation worsened in 2014, culminating in a disastrous theft in which approximately 850,000 Bitcoins were stolen.
The impact of this hack was huge, affecting the price of Bitcoin and the trust of the global cryptocurrency community. "I almost lost everything. It changed my perspective on digital currency security forever," one forum user shared, emphasizing the hack's far-reaching personal and financial impact.
Exchange security precautions
The security issues of exchanges have become the focus of the entire cryptocurrency industry in recent years, especially after some major security incidents and internal problems led to the collapse of exchanges or the loss of funds. To improve security, exchanges can take a variety of measures.
For example, storing most of the assets in an offline cold wallet and only storing a small amount of funds in an online hot wallet to cope with daily transaction needs can significantly reduce the risk of hackers successfully stealing large amounts of funds. On the other hand, by requiring multiple key holders to sign transactions, multi-signature wallets can prevent the leakage of a single key from causing the loss of funds.
By hiring a professional blockchain security company, exchanges can conduct comprehensive security audits of their systems to identify and patch potential vulnerabilities. For example, the audit of smart contracts can prevent the loss of funds due to loopholes.
Real-time monitoring and threat detection: Implementing real-time network monitoring can quickly identify abnormal activities and take corresponding measures to prevent attacks. Through strict KYC and KYT measures, exchanges can prevent illegal funds from entering the platform and reduce the risk of money laundering activities. We also cooperate with professional security companies to conduct regular systematic security assessments and penetration tests to help the exchange prevent and respond to potential network threats.
[Disclaimer] There are risks in the market, so investment needs to be cautious. This article does not constitute investment advice, and users should consider whether any opinions, views or conclusions contained in this article are appropriate for their particular circumstances. Invest accordingly and do so at your own risk.
This article is reproduced with permission from: "Deep Wave TechFlow"
Original author: Beosin
