Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Crypto Exchange Hacks on the Rise

Crypto Exchange Hacks on the Rise

by

Exchanges are a juicy target for hackers, with a successful attack potentially taking in millions.

Fidelity cryptocurrency exchange could be vulnerable to hackers

Share this article

Hackers are getting more sophisticated, breaching a greater number of crypto exchanges in 2019 compared to the previous year.

Chainalysis has published an initial overview of its 2020 Crypto Crime report. It indicates that exchange attackers are becoming more sophisticated and carrying out more hacks compared to 2018. However, the total value of funds stolen in 2019 decreased compared to the previous year.

Exchange Breaches on the Rise

The overall verdict of the 2019 Chainalysis report can be considered mixed for cryptocurrency exchange users. While it appears to be good news that the value of funds stolen in 2019 is down, it’s also worth bearing in mind that a single exchange hit hard by one attack can skew the total for the year. This was the case in 2018, when attackers made off with $534 million from Coincheck in a single heist, and similarly in 2014 when Mt.Gox lost $473 million.

In contrast, the biggest single attack in 2019 was on Coinbene, when hackers drained $105 million worth of various ERC-20 tokens from the exchange’s hot wallet in March. At the time, the exchange denied it had been hacked, but later admitted what had happened. 

Hot wallet attacks also accounted for the next two biggest exchange hacks of 2019. Malicious actors stole $49 million from South Korean exchange Upbit in November and $40 million from Binance in May. In all three cases, the exchanges covered the losses suffered by their users.

In total, the funds stolen in 2019 amounted to $283m compared with $875m in 2018. However, the total number of attacks was up to 11 in 2019, compared with just 6 in 2018.

Source: Chainalysis

Hackers Upping Their Game

The Chainalysis report attributes the decrease in stolen funds to better security measures on the part of cryptocurrency exchanges. These include improved monitoring, reducing the value of funds kept in hot wallets that are more prone to hacking, and tighter withdrawal authorizations.

Despite this improvement, the report also points to how hackers have stepped up their efforts, using the North Korean cybercrime syndicate Lazarus Group as an illustrative example.

In one particularly elaborate phishing scam, the group created a fake company purporting to offer a trading bot, with a website and social media presence to make the hoax appear more convincing. The group also built a software product designed to mimic an actual trading bot, but that contained malware.

Once they successfully convinced employees from Singaporean exchange Dragonex to install the software on a machine holding the exchange’s private keys, they were able to make off with over $7 million worth of cryptocurrency.

Governments and the UN allege that these kinds of attacks by Lazarus Group are a source of funding for North Korea’s nuclear and ballistic missile program. As a result, crypto users have been advised not to attend an upcoming cryptocurrency event in Pyongyang, or they risk breaching sanctions.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.