
Cryptocurrency exchanges are gaining popularity, and now everyone can purchase, sell, trade, and store their coins. However, history has shown that exchanges have been a target for hackers, particularly as the value of digital assets has grown. This post will present a list of crypto exchange hacks since 2012 and some measures for investors to safeguard their funds.
Can Cryptocurrency Exchanges Be Hacked?
Cyber security threats have existed since the inception of the internet and occur regularly. Criminals and organised hackers are targeting exchanges to steal large amounts of Bitcoin, Ethereum, and other valuable cryptocurrencies. At least 46 bitcoin exchanges have suffered cyberattacks since 2012. In 2019, 19 crypto exchanges were infiltrated by hackers, a record figure that has been dropping over the past few years.
Crypto Hacks: What Have We Learnt
- Since 2012, roughly $2.66 billion has been stolen from cryptocurrency exchanges.
- At least 46 Bitcoin exchangers have lost assets due to a severe cyber security breach since 2012.
- The number of successful hacking attempts dropped in 2021 due to enhancements to business distributed storage systems.
- The most prevalent type of hack was the theft of the private keys to the exchange’s hot wallet.
- While users transfer funds for withdrawals, hot and cold wallet exchanges might still be subject to hacks.
- Difficult to confirm whether cold wallet solutions are utterly offline as claimed by the exchanges.
- Absence of transparency about internal security measures and adherence to stringent management norms
- Personal hardware wallets are still the most secure way to store crypto assets.
List of Hacked Crypto Exchanges
Below is a list of all cryptocurrency exchanges and platforms hacked or experienced significant security breaches. If we missed any, please email us to let us know.
DATE |
EXCHANGE |
CAUSE OF HACK |
AMOUNT STOLEN (USD) |
2022, January 17 |
Crypto.com |
Unknown |
$34 million |
2021, December 11 |
AscendEX |
Obtained access to hot wallet |
$80 million |
2021, December 5 |
BitMart |
Obtained access to hot wallet |
$150 million |
2021, August 19 |
Liquid |
Obtained access to hot wallet |
$97 million |
2021, April 29 |
Hotbit |
Obtained access to hot wallet |
Nil |
2020, December 23 |
Livecoin |
Compromised system/servers |
Unknown |
2020, December 21 |
EXMO |
Obtained access to hot wallet |
$4 million |
2020, December 1 |
BTC Markets |
Internal staff error/mistake |
270,000 user’s private details |
2020, September 25 |
KuCoin |
Data leak |
$275 million |
2020, July 11 |
Cashaa |
Malware |
$3.1 million |
2020, June 29 |
Balancer |
Vulnerability in protocol |
$500,000 |
2020, April 19 |
Lendf.me |
Bugs and Re-entrancy attack |
$24.5 million |
2020, April 19 |
Uniswap |
Bugs and Re-entrancy attack |
$500,000 |
2020, February 5 |
Altsbit |
Obtained access to hot wallet |
$70,000 |
2019, December 19 |
Youbit |
Obtained access to hot wallet |
Unknown |
2019, November 26 |
Upbit |
Obtained access to hot wallet |
$49 million |
2019, November 5 |
Vindax |
Unknown |
$500,000 |
2019, July 11 |
Bitpoint |
Compromised system/servers |
$32 million |
2019, June 27 |
Bitrue |
Compromised system/servers |
$4.5 million |
2019, June 6 |
Gatehub |
Unknown |
$9.5 million |
2019, May 7 |
Binance |
Obtained access to hot wallet |
$40 million |
2019, March 29 |
Bithumb |
Unknown |
$29 million |
2019, March 25 |
Coinbene |
Suspected trusted insider |
$40 million |
2019, March 24 |
DragonEX |
Unknown |
$1 million |
2019, February 15 |
Coinmama |
Data leak |
450,000 user’s private details |
2019, January 26 |
LocalBitcoins |
Phishing data on fake site |
$27,000 |
2018, October 28 |
Maplechange |
Suspected trusted insider |
$51,000 |
2018, September 14 |
Zaif |
Obtained access to hot wallet |
$60 million |
2018, June 18 |
Bithumb |
Unknown |
$31 million |
2018, June 10 |
Coinrail |
Unknown |
$40 million |
2018, April 13 |
CoinSecure |
Suspected trusted insider |
$3.5 million |
2018, February 10 |
Bitgrail |
Suspected trusted insider |
$146 million |
2018, January 27 |
CoinCheck |
Unknown |
$560 million |
2017, December 20 |
EtherDelta |
Server DNS compromised |
$1.4 million |
2017, July 5 |
Bithumb |
Unknown |
$7 million |
2017, April 22 |
Yapizon |
Obtained access to hot wallet |
$5.3 million |
2017, January 14-17 |
Cryptopia |
Unknown |
$16 million |
2016, August 2 |
Bitfinex |
Unknown |
$623 million |
2016, May 9 |
Gatecoin |
Obtained access to hot wallet |
$2.14 million |
2016, April 7-9 |
Shapeshift |
Suspected trusted insider |
$230,000 |
2016, February 16 |
BTER |
Unknown |
$1.75 million |
2015, December 11 |
Bitstamp |
Malware |
$5 million |
2015, August 15 |
BTER |
Suspected trusted insider |
$1.65 million |
2014, July 13 |
Mintpal |
Obtained access to hot wallet |
$2 million |
2014, March 4 |
Poloniex |
Obtained access to hot wallet |
$50,000 |
2014, February |
Mt. Gox |
Various methods |
$460 million |
2013, November 11 |
Bitcash |
Compromised system/servers |
$100,000 |
2012, September 12 |
Bitfloor |
Compromised system/servers |
$250,000 |
2012, March 1 |
Bitcoinica |
Compromised system/servers |
$87,000 |
Cryptocurrency Exchange Hacks
Since they entered the market, the following cryptocurrency exchanges have been compromised by cyber security attacks with the loss of customer funds or a data privacy violation. This list comprises centralised, decentralised, wallet, and leverage trading systems.
2022 Exchange Hacks
Crypto.com – January 17, 2022
Crypto.com, one of the world’s most well-known crypto exchanges, was the first one to be hacked in 2022. According to sources, around 483 client accounts were compromised on January 17. The CEO of Crypto.com, Kriz Marszalek, said that the security compromise forced the exchange to shut down certain services for 13 to 14 hours. The specific cause of the breach has yet to be determined. The exchange had 4,836,26 ETH, 443,93 BTC, and around $66,200 in other currencies stolen.
2021 Exchange Hacks
AscendEX – December 11, 2021
AscendEX, a platform for trading Bitcoin and other cryptocurrencies, has been the latest target of an exchange breach owing to a hacked hot wallet. According to reports, the alleged amount of stolen funds is $80 million. The lost assets were transferred off the exchange from a BSC and Polygon wallet.
BitMart – December 5, 2021
Sheldon Xia, the CEO of the cryptocurrency exchange BitMart, revealed on Twitter that its Ethereum and BSC hot wallet systems had been compromised. The damages have been assessed at $196 million and mark one of the most severe exchange breaches of 2021. BitMart stated in an official statement at the beginning of December that it would use its funds to pay victims of the breach, which it blamed on a stolen private key.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
— Sheldon Xia (@sheldonbitmart) December 5, 2021
Liquid – August 19, 2021
According to reports, the Japanese crypto exchange Liquid was hacked for $97 million. The hackers moved Bitcoin, Ether, XRP, Tron, and 65 other currencies to UniSwap and SushiSwap to avoid frozen assets. Liquid has now upgraded its secure vaults to resume trading services. FTX CEO Sam Bankman-Fried has loaned $120 million to Liquid Global to protect all affected consumers and re-establish the exchange’s balance sheet to satisfy financial and regulatory obligations.
Hotbit – April 29, 2020
Popular bitcoin exchange Hotbit has approximately 2 million registered customers globally. On April 29, 2021, the exchange paused all services to investigate a significant cyber assault on its infrastructure. According to reports, internal systems blocked the hackers from accessing the exchange’s hot wallets that keep a portion of consumers’ funds. While the hackers were unsuccessful in obtaining cash, they could penetrate an internal database, including user information such as email addresses, phone numbers, and asset portfolio details.
2020 Exchange Hacks
Livecoin – December 23, 2020
On December 23, 2020, the Russian cryptocurrency service Livecoin experienced a severe security compromise. The exchange has lost control of its computers after hackers altered the asset price exchange rates. The values of Bitcoin and Ethereum increased from $23,000 to more than $450,000 and $15,000, respectively. The hackers could convert their bitcoins into enormous profits since the exchange could not govern its systems.
EXMO – December 21, 2020
On December 21, 2020, 6% of the total crypto assets stored on EXMO were stolen from the prominent London-based crypto exchange. According to a corporate representative, the hacker obtained access to the architecture of the hot wallet, which allowed them to access the funds. Approximately $4 million in clients were removed from the exchange via Poloniex and were not recovered.
BTC Markets – December 1, 2020
BTC Markets has been a bitcoin exchange in Australia without issue since 2013. While technically not an exchange attack, BTC Markets disclosed thousands of users’ identities and email addresses in an email that remained unreported in December 2020. The breach of information security affects all traders on the platform who might engage in illegal activities.
KuCoin – September 25, 2020
On September 25, 2020, KuCoin, a famous cryptocurrency exchange, was hacked. The exchange lost $275 million in digital assets in the incident. A leak of KuCoin’s hot wallet private keys caused the breach. Fortunately, all of Kucoin’s clients’ stolen funds were covered by insurance. According to estimates, $204 million in crypto assets stolen during the breach were recovered, and suspects were reported to the police.
A quick update since my last livestream on Sep 30.
After a thorough investigation, we have found the suspects of the 9.26 #KuCoin Security Incident with substantial proof at hand. Law enforcement officials and police are officially involved to take action.
— Johnny_KuCoin (@lyu_johnny) October 3, 2020
Cashaa – July 11, 2020
The UK-based cryptocurrency platform Cashaa halted all crypto-related transactions on July 11, 2020, after a hacker withdrew 336 Bitcoins worth $3.1 million in a 3-minute window. The hack was caused by malware on a computer used for withdrawals by hackers. When an employee logged on to the Blockchain.info wallet, the malware notified the hacker to move 336 BTC to their address.
Balancer – June 29, 2020
Balancer, a provider of non-custodial asset management, reported it was prey to an ingenious Defi protocol exploit. The hackers could exploit a weakness that resulted in the theft of tokens worth about $500,000 from the pool. The assault was technically complex, requiring in-depth knowledge and comprehension of the top Defi protocols. The project was unable to reimburse the victims of the breach.
Lendf.me & Uniswap – 19 April, 2020
Lendf.Me was a prominent decentralised lending platform on Ethereum. In April 2020, a cyberattack took 99.95% of the funds, or $24.5 million. According to reports, hackers exploited platform flaws to undertake a re-entrancy assault. This lets the hacker withdraw funds before the original transaction is accepted or refused. The popular DEX Uniswap was also hit and lost $300,000 to $1.1 million, suggesting the same hacker or group of hackers was involved.
Altsbit – February 5, 2020
On February 5, 2020, the very modest Italian cryptocurrency platform Altsbit was hacked. The exchange kept approximately $70,000 in Bitcoin and Ether in hot wallets. At the time, a small number of the exchange’s assets were housed in cold wallets. This was contrary to established practices in the sector because most funds should be maintained in separate storage. Altsbit partially refunded its clients prior to ceasing operations in May.
Yapizon & Youbit – December 19, 2020
The Korean crypto platform Yapizon was hacked for 3,816 BTC or $5.3 million on April 22, 2019, or 37% of holdings. The exchange spread the loss across all exchange clients to help the impacted individuals. After this, the exchange was renamed YouBit. The exchange lost 17% of its assets after a cyberattack on December 19, 2020. The business didn’t say which cryptocurrencies were taken or how much. Youbit went bankrupt and is no longer available.
2019 Exchange Hacks
Upbit – November 26, 2019
Upbit is another Korean cryptocurrency exchange that suffered a cyber security attack in 2019. Several significant transactions emanating from their hot wallet were found, and its users were warned of a security problem. The exchange reportedly transferred assets between hot and cold storage facilities when the crime happened. The worth of 342,000 ETH at the time of the theft was $49 million. The monies have been transferred to many unidentified wallets and have yet to be paid out.
Vindax – November 5, 2019
In March 2019, the Vietnam-based cryptocurrency exchange VinDAX was created, emphasising token sales for innovative blockchain projects. In the same year, a hacker stole at least $500,000 worth of cryptocurrency from the exchange.
Bitpoint – July 11, 2019
The hackers of a second Japanese cryptocurrency exchange stole $32 million from hot and cold wallets, including Bitcoin, Bitcoin Cash, Ether, Litecoin, and XRP. Approximately $23 million of the stolen funds belonged to the exchange’s clients. Given that cash was taken from offline and online wallets, the exchange’s security mechanisms were severely penetrated by hackers. Consequently, the exchange was ultimately shut down.
Bitrue – June 27, 2019
Bitrue is a prominent Singaporean cryptocurrency exchange hacked on June 27, 2019, with the loss of about $4.5 million in cryptocurrencies. The hack used a security flaw in the exchange to get access to the money of 90 consumers, including 9.3 million XRP and 2.5 million ADA. Bitrue is the 68th largest cryptocurrency exchange and is well-known for its extensive selection of XRP trading pairs and sophisticated trading platform.
Gatehub – June 6, 2019
In 2019, a Gatehub wallet attack resulted in the loss of $9.5 million and the disclosure of 1.4 million consumers’ personal information and passwords. In August, approximately 3.7 terabytes of 2FA keys and recovery seeds were hacked and released on a famous hacker website.
Binance – May 7, 2019
Binance is the #1 cryptocurrency exchange by trading volume and overall liquidity. The platform was hacked on May 7, 2019. Hackers took 7,000 Bitcoin or $40 million from a hot wallet containing 2% of all BTC. According to Binance CEO CZ, some two-factor authentication credentials and API tokens were hacked. According to the Binance Blog, the attackers exploited Binance’s security systems using several techniques, including phishing, malware, and other vectors. Affected customers were compensated in full from the insurance account of the exchange.
Bithumb – March 29, 2019, June 18, 2018 & July 5, 2017
The Korean crypto exchange is a repeat offender on our list, having been implicated in three distinct hacking incidents over three years. The first Bithumb theft occurred in July 2017 when hackers stole $7 million in Bitcoin and Ethereum, while the second occurred in June 2018 when $31 million worth of Ripple was stolen. On March 29, 2019, hackers stole roughly $20 million worth of XRP tokens from the online wallets of Bithumb. Later, it was determined that the exchange was negligent and should have devoted more security resources to avoid the large data leak. According to a Security report detailing the investigation’s findings, two hacks have been linked to Lazarus Group.
Coinbene – March 25, 2019
Coinbene is another crypto exchange that was compromised in 2019. Large transactions moved from the exchange on March 25 to an unknown wallet address were detected. Approximately $40 million worth of ERC-20 tokens were believed to have fled the exchange. Coinbene has denied involvement with the attack and has not provided any official response to queries about the causes of the compromise.
DragonEX – March 24, 2019
Hackers hacked the Singaporean exchange DragonEX on March 24, 2019. DragonEX notified their official Telegram channel that a cyber security breach had occurred. The value of stolen funds was expected to exceed $1 million. The exchange is now still operational, but its volume and liquidity have not recovered after the catastrophe.
Coinmama – February 15, 2019
Coinmama is a well-known cryptocurrency exchange that accepts credit and debit card payments for crypto purchases. Bitcoin and other digital assets are not held on the exchange, dramatically reducing the risk of theft. In 2019, the exchange had a massive data breach that affected 450,000 users. A huge worldwide attack involving 24 websites and 747 million data compromised customers’ email addresses and passwords.
LocalBitcoins – January 26, 2019
On January 26, 2019, a highly acclaimed and top-rated peer-to-peer cryptocurrency exchange had a security vulnerability that lasted a few hours. At the time, hackers could take around $7,900 worth of Bitcoins. The compromise was caused by hackers phishing login credentials and 2FA one-time codes from a LocalBitcoins forum rather than the exchange itself.
2018 Exchange Hacks
MapleChange – October 28, 2018
The Canadian cryptocurrency exchange MapleChange ceased operations in 2018 after a cyberattack on October 28. Approximately 8 Bitcoins, valued at roughly $51,000 at the time, were withdrawn from the accounts. There are rumours of an exit scam due to the deletion of the website’s social media pages following the hack.
Zaif – September 14, 2018
Approximately $60 million worth of bitcoin assets were taken from the Japanese-based exchange Zaif. On September 14, 2018, Bitcoin, Bitcoin Cash, and MonaCoin were the three digital currencies moved out of hot wallets. According to Coinmarketcap, Zaif is one of the top 50 cryptocurrency exchanges in terms of trading volume, traffic, and liquidity. It has reimbursed impacted clients for their lost holdings and restored full service.
Coinrail – June 10, 2018
Coinrail, a cryptocurrency exchange located in South Korea, lost more than $40 million in Initial Coin Offering (ICO) tokens it owned. Several ERC-20 tokens were taken from the exchange, including 1,927 ether, 2,6 billion NPXS, 93 million ATX, and 831 million DENT coins.
CoinSecure – April 13, 2018
CoinSecure was an India-based crypto exchange that permitted Bitcoin trading using Rupees. In 2018, the exchange was the victim of a huge attack that resulted in the theft of 438 Bitcoins worth $3.5 million. A CoinSecure employee was held responsible for an incident since he was the only one with access to the private keys. Such incidents may have influenced the decision of India’s regulatory authorities to declare Bitcoin illegal in the nation.
Bitgrail – February 10, 2018
The creator of Bitgrail was accused of hacking itself to steal around $146 million worth of cryptocurrencies from the trading platform. According to estimates, the attack affected 230,000 users in early 2018. Following legal processes, the exchange and its owner were personally at blame and should be declared bankrupt to repay clients as much money as possible.
Coincheck – January 27, 2018
In 2018, the Japanese cryptocurrency exchange Coincheck was the target of one of the most significant cyber security breaches in recent history. The event led to the digital currency theft valued at $560 million. The exchange acknowledged that it contributed to the security breach by storing vast quantities of customer cash in hot wallets rather than cold wallets.
2017 Exchange Hacks
EtherDelta – December 20, 2017
EtherDelta is a decentralised exchange that does not store bitcoin holdings. The website was used to host the service and was compromised and replaced with a similar-looking copy. The hackers could gain the consumers’ login credentials and take their funds. The hackers effectively took cryptocurrency valued at around $1.4 million.
Cryptopia – January 14-15, 2017
The New Zealand cryptocurrency exchange Cryptopia was hacked many times between January 14 and 17, 2017. The reported loss of assets during the event amounted to 9.4% of the company’s entire holdings, or around $16 million. The Cryptopia breach is considered one of the most significant cyberattacks in New Zealand’s history. Once the security vulnerability was discovered, the exchange was placed in maintenance mode and suffered a second attack that resulted in an additional $180,000 loss. While the firm was in insolvency, the exchange was hacked for the third time. Without authorisation, $45,000 in XSN was moved out of the cold wallet.
2016 Exchange Hacks
Bitfinex – August 2, 2016
Founded in 2012 and ranked #5 in trading volume, liquidity, and traffic, Bitfinex offers bitcoin traders charting tools. Bitfinex has had a few issues, including an unlawful transfer of 120,000 Bitcoins on August 2, 2016. Coindesk stated that Bitcoin was worth $623M at the moment. The stolen money hasn’t been paid out or recovered. Bitfinex is offering incentives to find hackers. Bitfinex will award 5% of the total property recovered (or equal funds or assets at the current market prices).
The 2016 Bitfinex hack BTC are some of the most tracked & blacklisted funds in the world. No exchange will process them. They can basically never be cashed out.
This isnt the first time that the whale has moved them during a market rally to cause panic and likely cash in a short https://t.co/kMFkydgwCo
— Adam Cochran (adamscochran.eth) (@adamscochran) April 14, 2021
Gatecoin – May 9, 2016
In 2013, the Hong Kong-based cryptocurrency exchange was one of the first globally regulated marketplaces. In a cyberattack against Gatecoin, hackers were able to get access to the private keys. The exchange reported losing up to 185,000 ethers and 250 bitcoins, valued at $2.14 million. Gatecoin never recovered from the heist and ceased operations in the end.
Shapeshift – March 14, 2016
Shapeshift is a crypto-to-crypto platform for exchanging a range of digital assets established in 2014 and is run by Erik Voorhees. Three times Shapeshift was hacked by an employee of the firm. The initial occurrence occurred on March 14 and led to the loss of 315 Bitcoin. Additional Bitcoin and Ethereum were stolen in subsequent days, leading to a total loss of approximately $230,000 in digital assets. The hacker also sold Shapeshift sensitive security information and compelled the exchange to cease service to enhance its security architecture.
BTER – February 16, 2016
In a breach of its cold wallet, the Chinese Bitcoin exchange BTER lost 7,170 bitcoin valued at more than $1.75 million at the time. Several months before this event in 2015, a hacker infiltrated BTER by penetrating the exchange’s systems. $1.65 million worth of NXT tokens were moved off the market. A spokesman with BTER claimed responsibility for the event, and the website has subsequently been taken down in the end.
2015 Exchange Hacks
Bitstamp – December 11, 2015
Approximately 19,000 Bitcoins were stolen from a Bitstamp worth roughly $5 million. The overall amount taken constituted a negligible proportion of the user cash kept in offline cold storage wallets. A member of the exchange’s employees fell prey to a social engineering assault in which they were convinced to open and distribute malware-infected files. The files were finally executed, allowing the attacker to access the backup passphrase for Bitstamp’s wallet.
2014 Exchange Hacks
Mintpal – July 13, 2014
Mintpal was the victim of a massive breach on July 13, 2014, in which attackers took 8 million Vericoin worth around $2 million, or roughly 30% of the circulating quantity. When the coins were taken, they were stored in an online wallet. Bitcoin, Ethereum, and Litecoin funds stored in cold wallets on an exchange were unaffected.
Poloniex – March 4, 2014
In 2014, the prominent trading site Poloniex lost around 12.3% of its entire Bitcoin holdings due to an assault. According to reports, a hacker exploited a flaw in the exchange’s programming to access the private keys. As the hackers successfully transferred 76 Bitcoins worth $50,000 at the moment from the exchange, trading was suspended. The cryptocurrency exchange claims that all clients who suffered a financial loss have been reimbursed.
Aware that markets are frozen. Some BTC was stolen. Details coming as soon as possible.
— Poloniex Exchange (@Poloniex) March 4, 2014
Gox – February 2014
The Japanese exchange Mt. Gox handled almost 70% of Bitcoin transactions globally in 2014. The exchange fell victim to multiple security breaches in its earlier years. In 2014, a cyberattack destroyed 740,000 client Bitcoins and 100,000 exchange-owned Bitcoins. This attack was noteworthy given the volume of mined and circulating Bitcoins. The $460 million breach was among the largest in history and led to the Bitcoin price collapse. The business immediately froze deposits and withdrawals and filed for bankruptcy in Japan. Mt. Gox damaged the industry’s reputation, and it took years to rebuild the public trust in centralised exchanges.
2013 Exchange Hacks
Bitcash – November 11, 2013
An older exchange breach from 2013 impacted Bitcash.cz in the Czech Republic. Nearly 4,000 user accounts with an estimated total value of 2 million Czech koruna, or roughly $100,000 at the time, were compromised.
2012 Exchange Hacks
Bitfloor – September 12, 2012
Bitfloor was a New York-based licensed cryptocurrency exchange in the United States. Bitfloor was the fourth largest US Dollar-accepting exchange at the time. Bitfloor’s servers storing unencrypted backups of wallet keys were hacked on September 12, 2012, leading to the loss of 24,000 BTC worth about $250,000.
Bitcoinica – March 1, 2012
Bitcoinica was a cryptocurrency brokerage that specialised in Bitcoin to USD leveraged CFDs. In 2011, a large heist occurred on the site, resulting in the loss of 18,547 Bitcoins valued at $87,000. At current market pricing, the quantity of stolen Bitcoin would be equivalent to 681 million dollars.
Cyberattacks against Cryptocurrency Exchange centres
Cryptocurrency exchange platforms are susceptible to several hacks.
Phishing
No company, regardless of the security measures already in place, can completely prevent phishing assaults. Phishing is a sort of social engineering that uses psychological manipulation to compel an unsuspecting user to breach security standards. As with other businesses, cryptocurrency exchanges are prone to phishing attempts of many types.
In 2020, the United States Department of Justice charged two Russian hackers with stealing $16.8 million using bitcoin phishing websites; the operation began in 2017 and continued through 2020. The suspects operated bogus websites that allowed them to steal digital currencies from hundreds of individuals enrolled on the Poloniex, Binance, and Gemini platforms. Unsolicited phone calls, SMS messages, and the internet are utilised in social engineering attempts against bitcoin exchange consumers.
Weak security Measures
Crypto exchange companies are not cybersecurity specialists. Therefore, they do not employ the most recent defence technologies to safeguard their digital assets. Many outsource their cybersecurity activities to a third-party supplier, making them susceptible to attacks if the third-party service is compromised. Some crypto exchange companies safeguard the hot wallets of their members using a single private key, which is a security flaw for cryptocurrency hot wallets. If an attacker successfully breaches the system, he will have access to all wallets kept by users.
Utilising weak access controls
Any IT system’s security is not based solely on technological protections. For example, installing a security authentication system that permits employees to utilise weak passwords creates a concern. It can provide criminal attackers with the opportunity to steal stored digital assets.
Software’s security vulnerabilities
A bitcoin trading platform is a software system, and it is nearly difficult to create an IT system that is 100% safe. Threat actors attempt to exploit vulnerabilities in crypto exchange platforms to steal funds and conduct unlawful transactions.
Another approach used by hackers to steal money from bitcoin exchange customers is the distribution of bogus Android and iOS trading and cryptocurrency applications.
How to secure crypto wallets from cybercriminals?
Keeping your crypto wallet safe is not the cryptocurrency exchangers’ task. Investors must follow proper security procedures to protect their digital assets. The nature of blockchain technology that does not have a centralised authority to oversee transactions has put more duties on users to save their digital money.
In technical terms, crypto wallets hold your digital assets, and the user’s private key authorises online transactions. If cybercriminals succeed in compromising the key, they can –in addition to stealing your money- impersonate user identity to conduct other types of online frauds.
The following suggests best practice security precautions to secure online investor wallets.
- Protect your computer to safeguard your crypt transactions: A strong antivirus and antimalware should be installed on an investor’s computer. A personal firewall is also good; most premium antivirus packages include a firewall. Nevertheless, you can install a free firewall such as the Comodo firewall. Numerous varieties of malware may capture user keystrokes, allowing them to steal cryptographic private keys.
- Keep everything up to date: Keep everything up-to-date: The operating system, apps, and security solutions (Firewall, antivirus, antimalware) of all users must be kept up to date to prevent a vulnerability that might lead to a security breach.
- Encrypt sensitive data: Ensure you employ encryption to safeguard your digital assets. This stops fraudsters from accessing your data even if they get access to your system.
- Use a strong password: Use a strong password to safeguard your wallet and other online accounts. A user can use a password manager, such as KeePass Password Safe, to generate complicated passwords and store them safely in an encrypted vault to facilitate the usage of strong and complex passwords.
- Set a strong password for your mobile system: If you are using your online wallet from mobile devices such as a laptop, tablet, or smartphone, be careful to safeguard them with a strong password.
- Utilise Two-Factor Authentication: Activate Two-Factor Authentication if you use an online wallet so that even if an enemy obtains your crypto account details, he cannot access your wallet.
- Use offline digital wallet storage: This protects your wallet from internet threats. For example, you can store your offline wallet on a separate USB stick. Hardware wallets, such as those offered by Ledger or Bitlox, provide a high level of security since they allow users to separate their private keys from their vulnerable devices, such as computers or smartphones.
- Disable automatic logins on your device: Having your computer remember your login information is a helpful way to avoid entering passwords whenever you wish to access a protected resource. Be cautious about disabling these functions so that no one can access your online wallet if your computer gets into the wrong hands.
- Use a VPN service: Use a VPN service from a reputable provider before accessing online wallets or doing cryptocurrency transactions.
- Avoid phishing websites: When connecting to the website of your cryptocurrency exchange provider, ensure that you are inputting the correct URL. Cybercriminals imitate legal crypto exchange websites to deceive unwary customers into divulging their passwords and stealing their cryptocurrency accounts.
- Use multiple wallets: Never put all your eggs in one basket! You should utilise numerous wallets if you have everyday transactions and a substantial amount of cash in your wallet. Put a modest amount of money in a hot wallet and use it for daily transactions while storing most of your funds in one or more cold wallets. It is advisable to safeguard each wallet with a strong password.
The security measures above help secure cryptocurrency accounts and the end-user devices that use them. However, before registering for a specific cryptocurrency exchange account, the investor must ensure that the crypto provider follows the highest security standards for protecting users’ funds and personal data. Here are some considerations for your possible cryptocurrency exchanger service.
- What is its insurance coverage if a successful hacking attempt or data breach leads to the theft of client funds or other sensitive data?
- Choose a blockchain-powered bitcoin exchange provider. As a result, they maintain transaction data.
- What security measures have the crypto exchange provider implemented to prevent and mitigate cyberattacks?
- Can the crypto exchange’s workers access sensitive client information, such as personal data? Always choose a service that can conceal important client information from its staff.
- It is a plus if the service already adheres to recognised security standards, such as ISO 27002:2013.
- Does the crypto exchange comply with data protection requirements, such as the GDPR and PCI Data Security Standard?
- Examine the service provider’s website and read feedback from former consumers. Verify that real individuals are behind this provider.
- Consider thoroughly reviewing the provider’s privacy policies and terms of service before utilising its services.
- Lastly, ensure that the exchange platform is registered in its nation of residence.
Frequently Asked Questions
How Many Cryptocurrency Exchanges Were Hacked?
According to our investigation, 46 exchanges have been hacked, resulting in consumer funds or personal information loss. Based on confirmed and reported occurrences, the number of compromised exchanges reduced by 62.5% in 2021, with several exchanges being compromised on numerous occasions.
Has Anyone Been Hacked On Coinbase?
Since its founding in 2012, the wildly successful digital currency website Coinbase has never been compromised. There have been allegations of client accounts being hacked. However, these events are likely the result of conventional cyber threats such as malware, phishing, and social engineering efforts stealing the user’s login credentials.
Can Binance Be Hacked Again?
Since the Binance Exchange hack on May 7, 2019, no more security breaches or events have resulted in the loss of users’ funds or personal information. Binance has an insurance fund to pay clients in the event of a future security breach. However, there are no assurances, and consumers should never put their whole balance on Binance.
What’s the Latest Crypto Exchange Hack?
In January 2022, Crypto.com became the latest crypto exchange to be compromised. The major cryptocurrency exchange had 4,836,26 ETH, 443,93 BTC, and around $66,200 in other currencies stolen.
Conclusion
This post should serve as a reminder to never keep your funds idle on a centralised exchange and instead transfer them to a secure location, such as a trustworthy hardware wallet. Most of the exchanges described above exercised due diligence and used many layers of security procedures to protect money, yet were penetrated by hackers and cybercriminals. While the number of crypto exchange hacks is reducing, it’s better to be cautious about investing in Bitcoin and other cryptocurrencies.
This news is republished from another source. You can check the original article here
Be the first to comment