2018-9 continues to be the year of the hack, with 23 recorded exchange hacks within the past 18 months.
2018 had an “ebb and flow” of hacks, with a cluster of hacks every 2-3 months. But as 2019 continues with what seems to be a “hack of the month,” I set out to find more information about exchange hacks in general – trends, causes, and other insights.
To my surprise, there was no one comprehensive list of hacks for cryptocurrency exchanges that I could find – although I found a few good resources listing the largest or most notable.
Thus, I present my findings below on my own independent filing of exchange hacks over the past 5 years.
Data set: Details and Disclaimers
Exchange hacks on this list meet the following criteria:
- Hacks affected funds, not user information (e.g. the Coinmama 2018 hack has been excluded)
- Hacks affected exchange services and trading platforms – not brokerage firms, custodial services, ICOs, or other digital asset management platforms.
- Exchanges are confirmed to be legitimate or semi-legitimate – not Ponzi schemes or suspected Ponzi schemes (e.g. POWH 3D has been excluded).
- Estimated losses are based on an amalgam of articles from various sources – usually legitimate cybersecurity and/or cryptocurrency-themed news sites, e.g. CoinTelegraph and CoinDesk.
- Where estimated loss numbers varied, I chose the most commonly cited number of lost funds, or the number cited in the most legitimate source found on the hack.
- I have only included hacks where an estimate of lost funds can be found – excluding the 2014 Bitcurex hack or the Dec. 2017 YouBit hack, for example, where the amount stolen was never revealed.
- I chose, for this study, to focus on the past 5.5 years – 2014-2019. This is simply based on the availability of information on hacks including, and since, the Mt. Gox hack in early 2014 – which brought exchange hacks into the spotlight in the first place.
Without further ado: here’s the statistics on crypto asset exchange breaches from 2014-2019. Fitting the prerequisites above – we’re talking 45 hacks in the past 5.5 years.
- $1,859,432,389.00 has been stolen from crypto exchanges since 2014 ($1.86B).
- The Coincheck hack in 2019 remains the highest-value hack to date, with total losses of 523 NEM coins valued at $534M USD.
- We don’t know what’s behind every recorded exchange hack, but what we do know: 23% of hacks since 2014 have been either declared inside attacks or have strong evidence supporting malicious insider activity. Surprisingly, only 7% are exit scams – at least, that we know of.
A Matter of Tim(ing)
- Hacks are more common during the first quarter of the year – with 6 hacks of the data set in January, 6 in March, and 5 in February.
- Statistically, the most money has been lost in January ($711.4M) and February ($681.8M) – likely due to the timing of the Coincheck and Mt. Gox hacks.
- Crypto exchange hacks spiked in 2018, with $911,600,000.00 (over $911M) stolen in just one year.
Crypto Crime: Battlefield Asia
What’s going on with exchanges in Asia?
Overall blockchain adoption (of all kinds) in Asia far outpaces other regions – as illustrated in Gartner’s Annual CIO survey in 2018. In that survey, 66.9% of CIOs in APAC-based businesses stated either that they already have a deployed blockchain solution or were planning to within the next 3 years – compared to just 53.5% in North America. Meanwhile, dozens of cryptocurrency exchanges – including the world’s largest – are based in East Asia.
It’s no surprise, then, that the most exchange hacks – and most losses – were reported from the region:
- 56% of hacked exchanges were located in APAC – and their losses amount to 75% of 2014-2019 exchange hack losses.
But there’s more going on here than just numbers: there’s a political battle being waged through the novel asset classes. South Korea is by far the most targeted country for exchange attacks (22% over the past 5 years).
And many were repeat attacks: of those, two exchanges, YouBit (formerly Yapizon) and Bithumb both being hacked 3 times each within the past 5 years. Bithumb has suffered the most, with $51M of estimated losses.
South Korean targeting is likely intentional.
In 2018, The Next Web reported that North Korean hacking group Lazarus targeted dozens of exchanges in SK and Japan between 2017-2018 – and made off with an estimated $531M of funds from 14 exchange hacks during that time.
And in April of this year, Wired released an explosive report bringing evidence that North Korean leader Kim Jong-Un’s elite APT 38 group had shifted focus to cryptocurrencies as a way to fund the dictatorship’s nuclear program.
Rogue insider attacks (23% of known attacks in this data set), private key theft (14%), and vulnerability exploits (16%) can be prevented through following crypto asset protection best practices – including multi-factor authentication, zero-knowledge backup for keys, and establishing quorum authentication structures within the exchange structure.