Crypto Exchange Burglaries: 4 Cases in H1 2019

Crypto exchanges keep on evolving and gaining traction, but the statistics of accomplished cyberattacks suggests that platforms underperform to protect hot wallets and their private keys. Though revenues of major exchanges allow them to hire and sustain competent security engineers, some of them fail to timely address this concern. Practice even knows some cases when employees clean out the exchanges they had been working at. Let’s recall all the burglaries of H1 2019 and bottom-line the situation.

Cryptopia (New Zealand)

Incident date: 14 January.
Reason: security system breach that ushered hackers to the wallets.
Stolen: 29.2 thousand ETH, 24.4 billion DCN, 3.8 million PRL, 15.4 million LML, 48.2 million CENNZ, and 93 types of ERC-20 tokens.
Total damage: $16 million.
Loot transferred to: Bibox, Binance, EtherDelta, Huobi, KuCoin.

Cryptopia’s countermeasures:

  1. All services suspended.
  2. Off-schedule maintenance initialised.
  3. Appeal to the police.
  4. Operation restored in March 2019.

Consequences:

  • In May, the exchange terminated its operation and announced the shutdown.
  • Grant Thornton initialised the liquidation procedure.
  • Auditors prepared $4.7 million as compensations to customers as late as in December.

DragonEx (Singapore)

Incident date: 24 March.
Reason: advanced persistent threat (targeted cyberattack) resulted in hackers having stolen users’ and exchange’s assets.
Stolen: 19 types of coins (BTC, ETH, LTC, BCH, XRP, and 14 other altcoins) and stablecoin USDT.
Total damage: $7.1 million.
Loot transferred to: Binance, Bittrex, Huobi, Gate.io.

DragonEx’s countermeasures:

  1. Temporary shutdown for maintenance.
  2. Cyberattack notice.
  3. Appeal to the police of 4 countries.
  4. Commitment to provide compensations to affected users.

Consequences:

  • Some of the assets were retrieved thanks to the assistance of other exchanges that had blocked the hackers’ transactions.
  • Users received compensations in DT (90% of the amount) and USDT (10% of the amount).

Bithumb (South Korea)

Incident date: 30 March.
Reason: private keys stolen by former employees.
Stolen: 3 million EOS and 20 million XRP.
Total damage: $18.7 million.
Loot transferred to: Binance, BW.com, Changelly, ChangeNOW, CoinSwitch, EXMO, HitBTC, Huobi, KuCoin.

Bithumb’s countermeasures:

  1. Abnormal crypto transactions found.
  2. Incoming and outgoing transactions blocked.
  3. Appeal to the local police and Korea Internet & Security Agency.
  4. Deposit and withdrawal transactions enabled in two weeks.

Consequences:

  • None of the users was affected. The exchange lost some of its assets.
  • Most exchanges blocked coins transferred by the hackers and returned them to Bithumb.
  • The company was prosecuted for its past felony, customer data leak in June 2017.

Binance (Malta)

Incident date: 7 May.
Reason: security system breach that ushered hackers to one hot wallet.
Stolen: 7 thousand BTC.
Total damage: $40 million.
Loot transferred to: in May-June, small amounts were laundered through bitcoin mixers (including ChipMixer); in July, funds were transferred to Bitfinex, BitMarket, KuCoin, Kuna.

Binance’s countermeasures:

  1. Incoming and outgoing transactions suspended.
  2. Security system audited and upgraded.
  3. Deposit and withdrawal transactions enabled in a week.
  4. U2F enabled for hardware wallet-powered authentication.
  5. Losses refunded from the in-house reserve and SAFU fund.

Consequences:

  • Justin Sun suggested refilling the deposit with 40 million USDT.
  • John McAfee offered cybersecurity support.
  • Ledger doubled hardware wallet sales.
  • OKEx launched the Join Us promotion: 10 USDT as a bonus for leaving the compromised exchange and joining OKEx.
  • Bnatov Platon, the blackmailer, required 300 BTC for data of KYC-passed users, allegedly stolen during the breach. Binance ignored the claim so the data were published; however, they turned out to be outdated and not related to the exchange.

Crypto exchange burglaries in H1 2019

History repeats itself

From the exchanges mentioned, DragonEx was the only one to face getting hacked for the first time, while the others have already had some experience.

Speaking of, once upon a time, Cryptopia has lost 15.7 thousand AU (~$571 thousand) after a 51% attack on AurumCoin in November 2018. Before that, in February 2018, a New Zealand bank stopped running its account. This made Cryptopia suspend fiat transactions. Chances are those failures led the company to the shutdown.

Bithumb suffered its third hacking. During the first one back in June 2017, intruders hacked an exchange employee’s computer and stole user data. Having gained access to the data, they exploited voice phishing to embezzle customers’ bitcoins for the total amount of $1.5 million. Once again, in June 2018, 11 various cryptocurrencies, totally worth $31 million, were stolen from the exchange.

Binance is also not a first-time victim. The first attack (March 2018) went wrong for the fraudsters as the risk management system had discovered the suspicious activity and timely prevented all the fraudulent outgoing transactions. The platform even announced a reward worth $250 thousand (in BNB tokens) for capturing the hackers. Moreover, Binance has found a special fund of $10 million for the purposes of preventing future attacks and chasing offenders.

It’s worth noting that the crypto community and most competing platforms never disregard the difficulties other platforms happen to face. Market rivals exchange valuable information and use blockchain analysis to track the stolen funds down and prevent cash-out.

448