- The first attack of this year was against Cryptopia, which resulted in the exchange filing for bankruptcy.
- UpBit shut down operation for the next two weeks as the result of the attack.
Hackers are getting bolder and smarter, which isn’t good news for the cryptocurrency community. On January 15th, Cryptopia shut down as they found a “security breach,” causing them to experience massive losses. The platform remained relatively quite as local police investigated the matter through January and February, stating that the investigation prevented them from making any comment.
Even with this investigation, it still isn’t clear how the hacking took place, but a discovery in August revealed that the exchange had been using their own wallet to pool the funds of users. The exchange tried to correct the damage after this hack, and even tried to relaunch in early spring. However, the exchange ended up keeping doors closed permanently when it filed for bankruptcy.
In March, DragonEx became the next hack, losing an “undisclosed” amount of funds from user accounts, eventually revealing the total cost to be $7 million in a security breach, after declining to even release an estimate. There was no promise of a refund, unlike other exchanges, but it told consumers that it was working on a reimbursement effort that they called a “preliminary compensation plan.” The plan would reimburse funds in the form of Tether or Dragon Tokens.
In the same month, Bithumb became a victim of the third attack of the year, stealing $13 million in EOS, as well as $6.2 million in XRP. This attack came within the same year that Bithumb lost $31 million in a separate attack in 2018. The platform suggested that the attack was an inside job, considering the “abnormal withdrawal” found in one of the wallets. Based on statements from Bithumb, no user funds were ultimately lost.
By May, the fourth hack took place against Binance, resulting in a loss of $40.7 million. Binance was the largest exchange by volume, but it discovered a vulnerability in its hot wallet, which reportedly only held 2% of the total funds in its possession. Hackers attempted to wash the stolen coins, transferring them quickly through a series of transactions into smaller wallets where they were held or cashed out in fiat currency. For a week, Binance worked to increase the strength of its security efforts, shutting down deposits and withdrawals with consumers in the meantime. By May 15th, their services were reopened with a promise to restore funds for the users that lost their own in the hack.
Next came the hack of BiTrue in June, which primarily pulled XRP ($4.01 million) and ADA ($231,800) in the hack. The breach was made possible with an exploit made on the internal user access review process, allowing the hackers to send 9.3 million in XRP and 2.5 million in ADA across multiple exchanges. However, BiTrue was able to act quickly by working with those partner exchanges to freeze the funds. Like Binance, BiTrue promise to issue a refund.
The sixth attack was against Bitpoint, which lost $28 million in a hack in July, which impacted 50,000 users. The cause is still unknown, but Bitpoint ultimately had to shut down activity on the platform for about a month. The parent company of Bitpoint, Remixpoint, quickly promised to reimburse users who were affected soon after the hack. The exchange relaunched their trading for Bitcoin, Bitcoin Cash, Ether, Litecoin, and XRP in August this year.
Now, Upbit is the latest to face these challenges. At 9:00 UTC on November 26th, the only warning sign was an “abnormal transaction” before 342,000 in Ether was lost just a few minutes later. According to the exchange, the loss didn’t come from user funds, but the exchange has shut down all functions for the two weeks following the hack.
Considering the frequency, it would be hard to believe that more hacks won’t happen this year, and there is a clear risk that users and exchanges take with using any kind of private or public wallet. Will 2020 be the same? Hopefully, the fate of these exchanges will be much different.
This year has not been kind to exchanges and their customers. Hackers have been aggressive about taking on these platforms to steal money from unsuspecting consumers, leading them to attack another exchange – Upbit. This attack marks the seventh exchange hack to occur in 2019 alone.