Skip to main content

Huge Crypto-Exchange Hacks Occurring In 2019

Body

There were twelve major cryptocurrency exchange hacks in 2019.  This includes 11 hacks that resulted in the theft of cryptocurrency and one involving stolen customer data. Altogether, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen.  This was more hacks than in 2018, when only nine cryptocurrency exchanges were hit with security breaches.

You would think that cryptocurrency exchanges would become more secure over time, but the reality is that more hacks on cryptocurrency exchange are taking place every year. Part of the problem appears to be that  crypto exchanges remain unregulated, and it is unclear which regulatory agency has jurisdiction over the crypto markets.  

There are currently no established rules for how cryptocurrency exchanges should safeguard customer funds, but there are crypto-friendly countries and states.  For instance, CanadaMalta and the American state of Wyoming have  crypto-friendly legislation that makes it easier for businesses to operate and have guidelines regarding security practices.

A lack of guidelines as to the way cryptocurrency exchanges store and protect their customer’s wealth means that it differs from exchange to exchange.  This makes cryptocurrency exchanges vunable for hacks resulting in the theft of cryptocurrency or customer data.  Here is the list of cryptocurrency exchanges that were hacked in 2019 and what was stolen:

1. Cryptopia
    Date: Jan. 14, 2019
    Headquarters: New Zealand
    Amount stolen: $16,002,108

Over 20 different cryptocurrencies were taken from the exchange’s hot wallet.

2. LocalBitcoins
    Date: Jan. 26, 2019
    Headquarters: Finland
    Amount stolen: $27,000

Attackers were able to replace the official link to the exchange’s forum with a fraudulent link that led users to a fake page that resembled the discussion board but collected the information of the users who attempted to log in.  The attackers used the information they obtained to steal 7.9 Bitcoin from at least six user accounts.

3. Coinmama 
    Date: Feb. 15, 2019
    Headquarters: Israel
    Amount stolen: 450,000 account usernames and passwords

An estimated 450,000 user account logins and passwords had been compromised and posted on a darknet registry.

4. DragonEx
    Date: March 24, 2019
    Headquarters: Singapore
    Amount stolen: $7.09 million 

DragonEx released an announcement on its website, saying: “On March 24th, DragonEx suffered APT attack, which is the greatest challenge since DragonEx was first launched in the year of 2017. 7.09 million USDT assets are stolen.”

5. CoinBene
    Date: March 25, 2019
    Headquarters: Singapore
    Amount stolen: $105 million

Two days later, Singapore's CoinBene, was hacked. Even though all of the evidence is on the blockchain, CoinBene continues to deny that it was ever hacked.

6. Bithumb
    Date: March 30, 2019
    Headquarters: South Korea
    Amount stolen: $18.7 million

Just a few days after the CoinBene hack, Bithumb was hacked for an estimated $18.7 million.  Unlike other exchange hacks, Bithumb believed that the theft was an inside job committed by a former Bithumb employee

7. Binance
    Date: May 7, 2019
    Headquarters: Malta
    Amount stolen: $40 million

A security breach at the world’s biggest cryptocurrency exchange led to 7,000 BTC, equivalent to $40 million at the time, being stolen. Binance said that hackers were also able to obtain user API keys, two-factor authentication codes and possibly more user information. Three months later, it was revealed the hackers were in possession of over 60,000 pieces of Know Your Customer data and the photo IDs of 10,000 Binance users.

8. GateHub
    Date:  June 1, 2019 
    Headquarters: United Kingdom
    Amount stolen: $10 million

100 of its users’ XRP wallets were compromised. It was discovered that by June 5, 23,200,000 XRP had been stolen from 80–90 of these wallets — the equivalent to about $10 million at the time. 

9. Bitrue
    Date: June 26, 2019
    Headquarters: Singapore
    Amount stolen: $4.23 million

Hackers found a vulnerability in Bitrue’s security that gave them access to about 90 user accounts. They then took what they learned from their 90-account takeover Bitrue’s hot wallet. As a result, 9.3 million XRP and 2.5 million ADA were stolen.

10. BITPoint
      Date: July 11, 2019
      Headquarters: Japan
      Amount stolen: $32 million

Bitcoin, XRP, Ether, Bitcoin Cash and Litcoin were moved from the exchange’s hot wallet without authorization. In total, $32 million worth of cryptocurrency was moved out of BITPoint’s hot wallet — $23 million of which belonged to BITPoint users.

11. VinDAX
      Date: Nov. 5, 2019
      Headquarters: Vietnam
      Amount stolen: $500,000

This is a small cryptocurrency exchange that primarily hosts token offerings for unheard of companies.  Roughly 23 cryptocurrencies — worth $500,000 in total — had been removed from its hot wallet without authorization.

12. Upbit
      Date: Nov. 27, 2019
      Headquarters:  South Korea
      Amount stolen: $49,116,778.00

And finally, an exchange that was hacked for 342,000 ETH.  Hackers were able to gain access to Upbit’s hot wallet and move Ether without authorization. In this case, Upbit released a statement shortly afterward telling users that it would be covering all of the losses with the exchange’s assets.

The Bottom Line

An amazing $292,665,886 worth of cryptocurrency and 510,000 pieces of user information were taken from a total of 12 cryptocurrency exchanges.  Since there are no global regulations for these exchanges and no deposit insurance for these accounts, you are taking the chance of your money being stolen.

This certainly does not mean all exchanges will be hacked, which means you really need to do your homework when picking where you will buy your cryptocurrency.  Hopefully, we will start to see better industry standards, security practices, and legislation put into place to help protect this evolving monetary system.