Bitcoin Scams and Cryptocurrency Hacks List

A Complete History of Bitcoin Hacks, Thefts, Losses, and Exit ScamsBitcoin Scams: Complete List of Cryptocurrency Hacks, History & Help by BitcoinExchangeGuide

Hello valued visitors, welcome to the biggest, most comprehensive bitcoin scams guide on the Internet. It is the largest, most detailed all-in-one cryptocurrency hacks list available during bitcoin’s ten-year history you will find anywhere online (last updated April 2019).

Today, we’re taking the opportunity to display every major crypto exchange hack, theft and fraudulent exit scam that has taken place to date. It will be a total community effort moving forward as it is vitally important to highlight all of the associated risks inherent within ₿itcoin's ‘peer-to-peer / be your own bank' taglines. It can result in a hefty price tag attached if users are not prepared or equipped with the right industry-intel upfront.

This complete catalogue of crypto asset scams was a must-do for you, us and the industry as a whole. We know highlighting everyone of these unfortunate circumstances will help bring better awareness and insight, as well as usher in optimal safety storage protocols.

This invaluable crypto scams and bitcoin hacks overview below required ample amounts of rigorous research and organization to optimize all of the known incidents we could dig up from the earliest days of bitcoin to the latest attacks occurring real-time.

We have every intention of continually updating this guide with new facts and findings as they become known so you can stay educated and informed moving forward. For the sake of brevity, because this review is extremely lengthy already, (unfortunately but necessary), it's designed as a two-part series to follow along with so you can gain the most crystalized clarity out of it as humanely possible as we witness the blockchain era dawn upon us.

Cryptocurrency's Timeline of Bitcoin Hacks, Thefts, Losses and Exit Scams During the Blockchain Era

Part 1: First, a list on all of the bitcoin fraud and wrongdoings from June 2011 til April 2019 is dated from the oldest to the newest and will also be updated with every single verified scam and hack in the future. By associating proper facts, figures and timelines; we feel this is the best readers’ digest featuring all of the notable bitcoin attacks in the crypto space. It was a tall task to tackle but one we hope gives guidance for the greater good.

Part 2: Then, after seeing the scope of all recognized cryptocurrency scams and bitcoin hacks reported, there will be a few different user-centric guides featuring safety tips, risk protection and prevention measures. We have also included smart investing methods and best practices for day traders as well as long time hodlers. Also provided is a summary of the SEC’s virtual currency ponzi scheme notice, as well as the not-so-ideal darkweb and money laundering threats that bitcoin poses on it’s way to becoming the future of finance.

bitcoin-hacks-list-historyDespite the topic of interest at hand being a dreaded, daunting digital asset risk; we consider this one of our foundational flagship focal point pieces aiming to be the most thorough list of bitcoin scams and cryptocurrency hacks ever created from 2011-2019.

During blockchain's 10 year history and counting, there have been hundreds of major hacks reported in the ecosystem, leading to the loss of hundreds of millions of dollars’ worth of bitcoin if not billions by some expert estimations and community contributors.

These ordeals are a major concern moving forward and need proper transparency so users can find comfortability using bitcoin and top altcoins as a financial instrument. The events below include the norm of exchange hacks and user mishaps, to kidnappings, ransom demands and cryptojacking computer attacks to name a few. It was created to give you a full-spectrum understanding of how these happen. But we didn't stop there, and wanted to provide one of the most complete crypto asset user safety guides ever assembled in part 2.

Contents

2011
JUN 13 / Allinvain Bitcointalk
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 25.000 Bitcoin
AMOUNT STOLEN: $500k
COMPANY/VICTIM:
JUN 13 / MT Gox Auditor
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 2.000 Bitcoin
AMOUNT STOLEN: $30k
COMPANY/VICTIM: Mt Gox
AUG 01 / Bitomart Exchange
SCAM TYPE: Wallet.dat file deleted / Funds Locked
STOLEN CRYPTO: 17.000 Bitcoin
AMOUNT STOLEN: $220k
COMPANY/VICTIM: Bitomart
AUG 08 / MyBitcoin Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 154.406 Bitcoin
AMOUNT STOLEN: $2.000k
COMPANY/VICTIM: MyBitcoin
OCT 05 / Bitcoin7 Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 5.000 Bitcoin
AMOUNT STOLEN: $50k
COMPANY/VICTIM: Bitcoin7
2012
MAR 02 / Linode
SCAM TYPE: Webhost Cloud Server Hack / Theft
STOLEN CRYPTO: 46.703 Bitcoin
AMOUNT STOLEN: $228k
COMPANY/VICTIM: Bitcoinica
MAY 06 / Bitcoinica
SCAM TYPE: Hot Wallet Hack / Theft
STOLEN CRYPTO: 18.548 Bitcoin
AMOUNT STOLEN: $90k
COMPANY/VICTIM: Bitcoinica
JUL 02 / Bitcoin Savings and Trust Ponzi Scheme
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 150.000 Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: Bitcoin Savings and Trust
SEP 04 / Bitfloor Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 24.000 Bitcoin
AMOUNT STOLEN: $240k
COMPANY/VICTIM: Bitfloor
NOV 16 / 2012 Trojan Wallet
SCAM TYPE: Trojan Wallet Hack / Theft
STOLEN CRYPTO: 3.457 Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: Individual
2013
JAN 11 / Vircurex Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 1.666 Bitcoin
AMOUNT STOLEN: $50.000k
COMPANY/VICTIM: Vircurex
FEB 14 / BitMarket.eu
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 18.787 Bitcoin
AMOUNT STOLEN: $400k
COMPANY/VICTIM: Bitmarket
MAR 10 / BTCGuild Mining Pool
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 1.254 Bitcoin
AMOUNT STOLEN: $58K
COMPANY/VICTIM: BTCGuild
MAR 28 / Bitcoin Rain
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 2.150 Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM:
JUL 15 / Just Dice
SCAM TYPE: Incident / Hack / Theft
STOLEN CRYPTO: 1.300
AMOUNT STOLEN: $121K
COMPANY/VICTIM: Just Dice
AUG 27 / Bitfunder and WeExchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 6.000 Bitcoin
AMOUNT STOLEN: $560k
COMPANY/VICTIM: Bitfunder
OCT 01 / Canada Bitcoins
SCAM TYPE: Social Engineering Theft / Exit Scam
STOLEN CRYPTO: 149 Bitcoin
AMOUNT STOLEN: $100k
COMPANY/VICTIM: Canada Bitcoins
OCT 23 / Input.io
SCAM TYPE: Wallet Hack / Theft
STOLEN CRYPTO: 4.100 Bitcoin
AMOUNT STOLEN: $1.300K
COMPANY/VICTIM: Tradefortress
OCT 26 / GBL Exchange
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 9.640 Bitcoin
AMOUNT STOLEN: $4.100k
COMPANY/VICTIM: GBL
NOV 19 / BIPS
SCAM TYPE: Payment Services Hack / Theft
STOLEN CRYPTO: 1.295 Bitcoin
AMOUNT STOLEN: $1.000
COMPANY/VICTIM: BIPS
NOV 21 / Sheep Marketplace
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 5.400 Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: Sheep Marketplace
NOV 29 / Picostocks
SCAM TYPE: Cold Wallet Hack / Theft
STOLEN CRYPTO: 5.875 Bitcoin
AMOUNT STOLEN: $6.000K
COMPANY/VICTIM: Picostocks
2014
FEB 07 / MT Gox
SCAM TYPE: Halts Trade Over Major Hack
STOLEN CRYPTO: 650.000 Bitcoin
AMOUNT STOLEN: $3.000.0000k
COMPANY/VICTIM: Mt Gox
MAR 04 / Poloniex
SCAM TYPE: Withdrawal Hack / Theft
STOLEN CRYPTO: 97 Bitcoin
AMOUNT STOLEN: $1k
COMPANY/VICTIM: Poloniex
MAR 04 / Flexcoin
SCAM TYPE: Hot Wallet Hack / Theft
STOLEN CRYPTO: 896 Bitcoin
AMOUNT STOLEN: $50.000k
COMPANY/VICTIM: Flexcoin
MAR 09 / PonziCoin
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 10 Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: PonziCoin
MAR 11 / CryptoRush
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 950 Bitcoin
AMOUNT STOLEN: $800k
COMPANY/VICTIM: CryptoRush
MAY 15 / Cryptsy Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 13.000 Bitcoin / Litecoin
AMOUNT STOLEN: $9.580k
COMPANY/VICTIM: Cryptsy
OCT 08 / Mintpal Exchange
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 3.894 Bitcoin
AMOUNT STOLEN: $1.300k
COMPANY/VICTIM: Mintpal
2015
JAN 04 / Bitstamp
SCAM TYPE: Hot Wallet Hack / Theft
STOLEN CRYPTO: 19.000 Bitcoin
AMOUNT STOLEN: $5.000k
COMPANY/VICTIM: Vircurex
JAN 28 / 796 Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 1.000 Bitcoin
AMOUNT STOLEN: $230k
COMPANY/VICTIM: Vircurex
FEB 09 / MyCoin Exchange
SCAM TYPE: Theft / Exit Scam / Bankruptcy
STOLEN CRYPTO:
AMOUNT STOLEN: $8.000k
COMPANY/VICTIM: Vircurex
FEB 15 / BTER
SCAM TYPE: Cold Wallet Hack / Theft
STOLEN CRYPTO: 7.170 Bitcoin
AMOUNT STOLEN: $1.750k
COMPANY/VICTIM: Vircurex
FEB 19 / Kipcoin Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 3.000 Bitcoin
AMOUNT STOLEN: $690k
COMPANY/VICTIM: Vircurex
MAR 18 / Evolution Marketplace
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 43.000 Bitcoin
AMOUNT STOLEN: $1.200k
COMPANY/VICTIM: Vircurex
MAY 22 / Bitfinex Hot Wallet
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 1.400 Bitcoin
AMOUNT STOLEN: $400k
COMPANY/VICTIM: Vircurex
SEP 17 / Bitpay
SCAM TYPE: Social Engineering Theft / Exit Scam
STOLEN CRYPTO: 5.000 Bitcoin
AMOUNT STOLEN: $1.800k
COMPANY/VICTIM: Vircurex
2016
APR 07 / Shapeshift Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 469 Bitcoin
AMOUNT STOLEN: $200k
COMPANY/VICTIM: Shapeshift
MAY 13 / Gatecoin
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 250 Bitcoin
AMOUNT STOLEN: $2.500k
COMPANY/VICTIM: Gatecoin
JUN 17 / DAO
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 360.000 Bitcoin
AMOUNT STOLEN: $60.000k
COMPANY/VICTIM: DAO
AUG 02 / Bitfinex
SCAM TYPE: Security Breach Hack / Theft
STOLEN CRYPTO: 120.000 Bitcoin
AMOUNT STOLEN: $72.000k
COMPANY/VICTIM: Bitfinex
OCT 14 / Bitcurex Exchanges
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 2.300 Bitcoin
AMOUNT STOLEN: $50.000k
COMPANY/VICTIM: Bitcurex
2017
FEB 17 / ZCash Glitch
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 370.000 ZCash
AMOUNT STOLEN: $585k
COMPANY/VICTIM: ZCash
FEB 24 / Coinhoarder
SCAM TYPE: Phishing / Theft / Exit Scam
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $1.800k
COMPANY/VICTIM: Coinhoarder
APR 24 / Asian-European Currency Ponzi Scam
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO:
AMOUNT STOLEN: $680k
COMPANY/VICTIM: Asian-European Currency
APR 26 / Yapizon Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 3.831 Bitcoin
AMOUNT STOLEN: $7.600k
COMPANY/VICTIM: Yapizon
MAY 17 / eBitz
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 388 Bitcoin
AMOUNT STOLEN: $2.900k
COMPANY/VICTIM: eBitz
JUN 02 / QuadrigaCX
SCAM TYPE: Contract Error / Funds Locked
STOLEN CRYPTO: Ether
AMOUNT STOLEN: $60.000k
COMPANY/VICTIM: QuadrigaCX
JUN 26 / VERI ICO
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: Ether
AMOUNT STOLEN: $8.000k
COMPANY/VICTIM: Veritaseum
JUN 29 / Bitthumb
SCAM TYPE: Hack / PII Leak / Theft
STOLEN CRYPTO: XRP
AMOUNT STOLEN: $31.000k
COMPANY/VICTIM: Bitthumb
JUN 29 / ClassicEtherWallet
SCAM TYPE: DNS Hack / Theft
STOLEN CRYPTO: 1.001 Ether
AMOUNT STOLEN:
COMPANY/VICTIM: ClassicEtherWallet
JUL 4 / AlphaBay
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $4.000k
COMPANY/VICTIM: AlphaBay
JUL 18 / CoinDash ICO
SCAM TYPE: Cryptojack / Theft / Exit Scam
STOLEN CRYPTO: 35.000 Ether
AMOUNT STOLEN: $7.000k
COMPANY/VICTIM: Coindash
JUL 19 / Parity
SCAM TYPE: Wallet Breach / Hack / Theft
STOLEN CRYPTO: 153.000 Ether
AMOUNT STOLEN: $30.000k
COMPANY/VICTIM: Parity
JUL 25 / BTC-e
SCAM TYPE: Shut Down / Theft / Exit Scam
STOLEN CRYPTO: 66.000 Bitcoin
AMOUNT STOLEN: $k
COMPANY/VICTIM: BTC-e
AUG 21 / Enigma
SCAM TYPE: Theft / ICO Accounts Scam
STOLEN CRYPTO: 1.500 Ether
AMOUNT STOLEN: $500k
COMPANY/VICTIM: Enigma
NOV 06 / Parity Frozen
SCAM TYPE: Glitch / Wallets Bug / Funds Locked
STOLEN CRYPTO: 513.774 Ether
AMOUNT STOLEN:
COMPANY/VICTIM: Parity
NOV 21 / Tether Critical Announcement
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 3.000.000 USDT
AMOUNT STOLEN: $30.000k
COMPANY/VICTIM: Tether
NOV 26 / Bitcoin Gold
SCAM TYPE: Wallet Repository Hack / Theft
STOLEN CRYPTO: Bitcoin Gold
AMOUNT STOLEN: $3.300k
COMPANY/VICTIM: Bitcoin Gold
DEC 06 / NiceHash Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 4.700 Bitcoin
AMOUNT STOLEN: $60.000k
COMPANY/VICTIM: NiceHash
DEC 19 / Youbit Exchange
SCAM TYPE: Hack / Bankruptcy
STOLEN CRYPTO:
AMOUNT STOLEN:
COMPANY/VICTIM: Youbit
DEC 25 / RegalCoin
SCAM TYPE: Theft / Exit Scam / Ponzi Shut Down
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: Regal Coin
2018
JAN 07 / ATT
SCAM TYPE: Sim Jacking / Theft
STOLEN CRYPTO:
AMOUNT STOLEN: $23.800k
COMPANY/VICTIM:
JAN 14 / BlackWallet
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 670.000 XLM
AMOUNT STOLEN: $400k
COMPANY/VICTIM: BlackWallet
JAN 16 / Bitconnect
SCAM TYPE: Theft / Shut Down / Exit Scam
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN:
COMPANY/VICTIM: BitConnect
JAN 23 / Benebit
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $2.700k
COMPANY/VICTIM: Benebit
JAN 26 / Coincheck Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 500.000.000 NEM
AMOUNT STOLEN: $400.000k
COMPANY/VICTIM: Coincheck
JAN 29 / Experty
SCAM TYPE: Theft / ICO Scam
STOLEN CRYPTO: Ether
AMOUNT STOLEN: $150k
COMPANY/VICTIM: Experty
FEB 01 / Bee Token
SCAM TYPE: Theft / ICO Scam
STOLEN CRYPTO: 890 Ether
AMOUNT STOLEN: $920k
COMPANY/VICTIM: Bee Token
FEB 04 / Seele ICO Insider Hack
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 2.162 Ether
AMOUNT STOLEN: $1.800k
COMPANY/VICTIM: Seele
FEB 11 / Bitgrail NANO
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 17.000.000 NANO
AMOUNT STOLEN: $120.000k
COMPANY/VICTIM: Bitgrail
MAR 01 / BTC Global
SCAM TYPE: Theft / Exit Scam / Ponzi Scheme
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $50.000k
COMPANY/VICTIM: BTC Global
APR 08 / GainBitcoin India
SCAM TYPE: Theft / Exit Scam / Ponzi Scheme
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $300.000k
COMPANY/VICTIM: GainBitcoin
APR 10 / Sailesh Bhatt alleged extortion
SCAM TYPE: Theft / Extortion
STOLEN CRYPTO: 200 Bitcoin
AMOUNT STOLEN: $1.300k
COMPANY/VICTIM:
APR 12 / iFan
SCAM TYPE: Theft / Exit Scam / Ponzi Scheme
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $650.000k
COMPANY/VICTIM: iFan
APR 13 / Coinsecure Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 438 Bitcoin
AMOUNT STOLEN: $3.300k
COMPANY/VICTIM: Coinsecure
APR 24 / MyEtherWallet
SCAM TYPE: DNS Hack / Theft
STOLEN CRYPTO: 215 Ether
AMOUNT STOLEN: $152k
COMPANY/VICTIM: MyEtherWallet
MAY 23 / Taylor Trading Crypto
SCAM TYPE: ICO Hack / Theft
STOLEN CRYPTO: 2.578 Ether
AMOUNT STOLEN: $1.500k
COMPANY/VICTIM: Taylor Crypto Trading
JUN 05 / Syndicate Wallet
SCAM TYPE: ICO Hack / Theft
STOLEN CRYPTO: Ether
AMOUNT STOLEN: $10.000k
COMPANY/VICTIM: Syndicate ICO
JUN 10 / Coinrail Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 1.927 Ether
AMOUNT STOLEN: $40.000k
COMPANY/VICTIM: Coinrail
JUL 09 / Bancor
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 24.984 Ether
AMOUNT STOLEN: $23.500k
COMPANY/VICTIM: Bancor
JUL 26 / KICKICO
SCAM TYPE: Hack / Theft / Security Breach
STOLEN CRYPTO: 70.000.000 KICK
AMOUNT STOLEN: $7.700k
COMPANY/VICTIM: KICK
SEP 05 / OneCoin
SCAM TYPE: Theft / Exit Scam / Ponzi Scheme
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $400.000k
COMPANY/VICTIM: OneCoin
SEP 20 / Zaif Exchange
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 5.966 Bitcoin
AMOUNT STOLEN: $60.000k
COMPANY/VICTIM: Zaif
OCT 08 / SpankChain
SCAM TYPE: ICO Hack / Theft
STOLEN CRYPTO: 165 Ether
AMOUNT STOLEN: $40k
COMPANY/VICTIM: Spankchain
OCT 15 / William Kopko
SCAM TYPE: Theft / Extortion / Ransom
STOLEN CRYPTO:
AMOUNT STOLEN:
COMPANY/VICTIM:
OCT 25 / Australia XRP
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 100.000 XRP
AMOUNT STOLEN: $450k
COMPANY/VICTIM: Individual
OCT 28 / MapleChange Exchange
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 913 Bitcoin
AMOUNT STOLEN: $6.000k
COMPANY/VICTIM: MapleChange
OCT 29 / Oyster Protocol CEO
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: Oyster
AMOUNT STOLEN: $300k
COMPANY/VICTIM: Oyster Protocol
NOV 07 / DragonCoin
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $2.400k
COMPANY/VICTIM: Individual
NOV 13 / PureBit
SCAM TYPE: Theft / Exit Scam
STOLEN CRYPTO: 13.000 Ether
AMOUNT STOLEN: $2.800k
COMPANY/VICTIM: PureBit
NOV 21 / Nicholas Truglia
SCAM TYPE: SIM Swapping Hack / Theft
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $1.000k
COMPANY/VICTIM: Individual
NOV 26 / Bulgaria Police Charge 3 With Crypto Hack
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $5.000k
COMPANY/VICTIM: Individual
DEC 26 / Exmo CEO pays ransom
SCAM TYPE: Theft / Extortion / Ransom
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $1.000k
COMPANY/VICTIM: Exmo
DEC 27 / Electroneum
SCAM TYPE: Wallet Hack / Theft
STOLEN CRYPTO: 250 Bitcoin
AMOUNT STOLEN: $800k
COMPANY/VICTIM: Electroneum
2019
JAN 07 / ETC 51% Gate.io
SCAM TYPE: Attack / Theft
STOLEN CRYPTO: 40.000 ETC
AMOUNT STOLEN: $272k
COMPANY/VICTIM: Gate.io
JAN 15 / Cryptopia Exchange
SCAM TYPE: ERC20 Hack / Theft
STOLEN CRYPTO: Ether
AMOUNT STOLEN: $16.000k
COMPANY/VICTIM: Cryptopia
JAN 26 / LocalBitcoins
SCAM TYPE: Hack / Theft
STOLEN CRYPTO: 8 Bitcoin
AMOUNT STOLEN: $28k
COMPANY/VICTIM: LocalBitcoins
FEB 01 / Joel Ortiz
SCAM TYPE: SIM Swapping Hack / Theft
STOLEN CRYPTO: Bitcoin
AMOUNT STOLEN: $5.000k
COMPANY/VICTIM: Individual
FEB 05 / QuadrigaCX
SCAM TYPE: Theft / Exit Scam / Bankruptcy
STOLEN CRYPTO: Bitcoin / Ether
AMOUNT STOLEN: $145.000k
COMPANY/VICTIM: QuadrigaCX

Allinvain Bitcointalk Hack from Compromised Windows Software

  • Date: June 13, 2011
  • Amount Stolen: $500,000 / 25,000 BTC
  • Type: Hack

According to Kyle Gibson, who created a timeline of major bitcoin hacks and scams, the Allinvain Bitcointalk user hack was the first recorded theft of bitcoin. The theft occurred on June 13, 2011. 25,000 BTC, or $500,000, was stolen from a Bitcointalk user after hackers compromised the Windows computer that person was using. As far as the world knows, this was the first recorded theft of bitcoin, and it was almost certainly the largest individual bitcoin theft during the early days of the digital currency. The price of bitcoin was just forming.

Mt. Gox Theft Using Auditor’s Compromised Computer

  • Date: June 19, 2011
  • Amount Stolen: $30,000 / 2,000 BTC
  • Type: Theft / Hack

This was the first recorded major exchange hack in the bitcoin community. On June 19, 2011, a security breach caused the price of bitcoin to fraudulently drop to one cent on Mt. Gox after a hacker allegedly used credentials from a Mt. Gox auditor’s compromised computer to transfer a large number of bitcoins illegally to himself. The auditor was hired to verify that Mt. Gox had sufficient bitcoin and cash reserves to cover its holdings, but the hacker was able to use the auditor’s computer to steal bitcoins from the exchange. The hacker used the auditor’s access to sell bitcoins to his or her own wallet, causing the price of bitcoin on the exchange to plummet. The hacker acquired an estimated 2,000 BTC through this strategy, with an additional 650 BTC purchased by other Mt. Gox users at deflated prices. None of the bitcoins were returned to their rightful owners.

Bitomart Exchange Wallet.dat File Deleted

  • Date: August 1, 2011
  • Amount Stolen: $220,000 / 17,000 BTC
  • Type: Glitch / Locked Funds

On August 1, 2011, the Bitomart Exchange’s wallet.dat file was inadvertently deleted in one of the costliest mistakes in crypto history. The Bitomart team was attempting to update its server via AWS Elastic Cloud. Th entire server would be deleted during the upgrade. Bitomart’s funds disappeared entirely overnight, leaving users completely out of luck. Bitomart sold its debt to Mt. Gox in August 2011.

MyBitcoin Exchange Hack

  • Date: August 8, 2011
  • Amount Stolen: $2 million / 154,406 BTC
  • Type: Hack / Theft

MyBitcoin was a user-friendly wallet platform catering mostly to crypto newbies interested in buying bitcoin for the first time. Dozens of users flocked to the platform in its early days. Unfortunately, MyBitcoin suffered one of the worst hacking attacks in early bitcoin history, losing 154,406 BTC (worth $2 million at the time) to a hack. The Bitcoin Show host Bruce Wagner was one notable crypto personality who lost funds during this attack.

Bitcoin7 Exchange Hack

  • Date: October 5, 2011
  • Amount Stolen: $50,000 / 5,000 BTC
  • Type: Hack / Theft

An early bitcoin exchange called Cyrpto7 was hacked in fall 2011. In a message to users on October 5, 2011, Bitcoin7 revealed that a hacking attack had compromised user wallets and all databases, leading to a total loss of funds from the exchange. A total of 5,000 BTC, worth $50,000 at the time, was lost in the attack.

Linode Webhost Cloud Server Hack

  • Date: March 2, 2012
  • Amount Stolen: 46,703 BTC / $228,000
  • Type: Hack / Theft

On March 2, 2012, a hacker was able to obtain customer support privileges for Linode, giving the hacker a unique level of access to customer information. The hacker was able to find out which customers were holding bitcoin wallets. Using that information, the thief logged into individual accounts using a weakness in the Linode manager, a platform customers were using to configure their virtual machines. The hacker rebooted the virtual machines to change the root passwords, giving the hacker access to any account and the bitcoins inside. A total of 46,703 BTC was stolen, worth $228,000 at the time.

Bitcoinica Hot Wallet Hack

  • Date: May 6, 2012
  • Amount Stolen: 18,548 BTC / $90,000 USD
  • Type: Hack / Theft

On May 6, 2012, bitcoin exchange Bitcoinica announced that their hot wallet had been hacked. The exchange told users that they had “discovered a suspicious bitcoin transaction that doesn’t seem to be initiated by any one of the company owners.” The hot wallet hack was initially suspected to be linked to Bitcoinica owner A. Vinnik, leading some to suspect it was an exit scam.

Bitcoin Savings and Trust Ponzi Scheme

  • Date: July 2, 2012
  • Amount Stolen: 150,000 BTC
  • Type: Pyramid Scheme / Exit Scam

The Bitcoin Savings and Trust Ponzi scheme was the first pyramid scheme or Ponzi scheme in the world of bitcoin. The scam operated like an ordinary high yield investment program (HYIP), promising users enormous returns for investing a small amount today. The scam was run by pirateat40, who described the investment opportunity as a “virtual hedge fund”. On July 2, 2012, the virtual hedge fund suddenly closed, disappearing with all user funds. 150,000 of BTC was suspected to have been stolen in the attack, although it’s not totally clear how much bitcoin had been invested.

Bitfloor Exchange Hack

  • Date: September 4, 2012
  • Amount Stolen: $240,000 USD / 24,000 BTC
  • Type: Hack / Theft

Bitfloor, an early cryptocurrency exchange, announced that it had been hacked on September 4, 2012, leading to a loss of $240,000 or 24,000 BTC. The attacker, according to Bitfloor, “gained access to an unencrypted backup of the wallet keys”, although Bitfloor claimed the actual keys were stored in an encrypted area.

Trojan Wallet Hack

  • Date: November 16, 2012
  • Amount Stolen: 3,457 BTC
  • Type: Hack / Theft

In 2012, hackers started to realize they could build software designed specifically to steal users’ bitcoins. The 2012 trojan wallet hack was one of the first recorded instances of an ordinary PC trojan leading to a loss of bitcoins. In this attack, a trojan horse virus was installed inadvertently on user PCs. The trojan looked for private keys and wallet.dat files, stealing them wherever possible. One user on the Bitcointalk forums reported that he lost 2600 BTC during the attack. A total of 3,457 BTC was sent to an anonymous bitcoin wallet address.

Vircurex Exchange Hack

  • Date: January 11, 2013
  • Amount Stolen: $50 million USD / 1,666 BTC

Vircurex was a popular early bitcoin exchange. In January 2013, however, the exchange announced that it had been hacked. “We sadly need to announce that our wallet has been compromised,” announced Vircurex on January 11, 2013. The hackers targeted the exchange’s massive cash reserves, and Vircurex reportedly lost $50 million during the attack along with 1,666 BTC. The exchange suffered another two hacks later in 2013. Those second and third hacks were officially revealed to the exchange’s customers in 2014, although many users had already withdrawn funds and depleted the exchange’s cash reserves after the first hack was announced in January.

BitMarket.eu Exit Scam

  • Date: February 14, 2013
  • Amount Stolen: $400,000
  • Type: Theft / Exit Scam

BitMarket.eu was a Polish bitcoin exchange that successfully operated for two years before losing customer funds and cash reserves in an exit scam. BitMarket initially blamed the loss of funds on a hacking incident. It was later revealed, however, that BitMarket had setup a bitcoin hedge fund through Bitcoinica. When Bitcoinica was hacked in May 2012, all of BitMarket’s funds were lost as well. The BitMarket insolvency wasn’t revealed until February 14, 2013.

BTCGuild Mining Pool Hack

  • Date: March 10, 2013
  • Amount Stolen: $58,000 / 1,254 BTC
  • Type: Hack / Theft

In March 2013, the BTCGuild mining pool had one of the most disastrous upgrade attempts in bitcoin history. BTCGuild upgraded its client in March 2013 in what was supposed to be a smooth process. While the blockchain was being re-indexed during the upgrade, however, the mining pool paid out BTC for difficulty-1 shares. A total of 16 pool users emptied their hot wallets after the mistake, leading to losses of 1,254 BTC, worth $58,000 at the time.

Bitcoin Rain Exit Scam

  • Date: March 28, 2013
  • Amount Stolen: 2,150 BTC
  • Type: Exit Scam / Ponzi Scheme

Bitcoin Rain followed in the footsteps of the Bitcoin Savings and Trust Ponzi scheme, operating a long-running bitcoin investment scam that lured users into depositing bitcoins as part of a virtual pool of investment funds. On March 28, 2013, Bitcoin Rain announced that it was defaulting on money owned. Bitcoin Rain founder Leandro Cesar claimed there was a security breach on his exchange website, Mercado Bitcoin, and because investor funds were stored there, Bitcoin Rain investors lost money as well. Although some money was later paid back, most was never returned. Ultimately, it’s believed Bitcoin Rain was an exit scam, with the founding team disappearing with investors’ money while blaming others along the way.

Just Dice

  • Date: July 15, 2013
  • Amount Stolen: $121,000 / 1,300 BTC
  • Date: Loss of Funds

Just Dice was one of the most popular gambling platforms in the bitcoin community in 2013. On July 15, 2013, the gambling site announced that it had lost over 1,300 BTC in one of the stupidest mistakes in early bitcoin history. A user asked to withdraw his 1,300 BTC in gambling winnings from the site. There wasn’t 1,300 BTC in the Just Dice hot wallets, which means site administrator Chris Moore should have withdrawn the BTC from the website’s offline cold wallet. Unfortunately, he did not remove the balance from the cold wallet, allowing the player to spend the fake balance, which the user eventually lost.

Canada Bitcoins Social Engineering Theft

  • Date: October 1, 2013
  • Amount Stolen: $100,000 / 149 BTC
  • Type: Social Engineering / Hack

The Canada Bitcoins hack was one of the first notable incidents of social engineering leading to the loss of bitcoins. Using nothing more than a chat session and social engineering tactics, a hacker convinced an employee at the Rogers Data Centre to reboot the Canadian Bitcoins server in failsafe mode, bypassing all security measures and allowing the hacker to gain easy access to the exchange’s funds. A total of $100,000, or 149 BTC, was stolen during the attack.

Input.io Wallet Hack

  • Date: October 23, 2013
  • Amount Stolen: $1.3 million
  • Type: Hack / Theft

The Input.io wallet hack allegedly occurred on October 23 and 26 when the service’s operator announced that all 4,100 bitcoins held by Input.io had been stolen, leading to a loss of $1.3 million. Bitcoins were all stored on servers in the United States. Input.io waited one week before alerting customers to the attack.

GBL Exchange Exit Scam

  • Date: October 26, 2013
  • Amount Stolen: $4.1 million / 9,640 BTC
  • Type: Theft / Exit Scam

GBL Exchange was a popular early bitcoin exchange that was eventually revealed to be a complete fraud. On October 28, the users behind the exchange suddenly shut down, disappearing with all user funds. The exchange was based in China. The hackers chose an ideal time for the hack, as the price of bitcoin peaked at $400 just a few weeks later.

BIPS Payment Services Hack

  • Date: November 19, 2013
  • Amount Stolen: $1 million / 1,295 BTC
  • Type: Hack / Theft

Crypto payment platform BIPS was hacked on November 15, 2013 as part of a massive DDoS attack. The platform announced the hack on November 19, claiming that over $1 million had been stolen “despite several layers of protection.” Hackers targeted multiple vulnerabilities within the system, eventually allowing them to gain access to several user wallets.

Sheep Marketplace Exit Scam

  • Date: November 21, 2013
  • Amount Stolen: $6 million / 5,400 BTC

Czech Republic-based darknet website Sheep Marketplace pulled an exit scam in November 2013, disappearing with all user funds stored on the platform. The married couple behind the exit scam, Thomas Jiřikovský (the owner) and his wife Eve Bartošová were later indicted by prosecutors in the Czech Republic. At the time, this was the largest exit scam in the history of darknet markets, leading to a loss of $6 million or 5,400 BTC.

Picostocks Cold Wallet Hack

  • Date: November 29, 2013
  • Amount Stolen: $6 million / 5,875 BTC
  • Type: Hack / Theft

Picostocks had a mysterious hack in November 2013, leading to the loss of around $6 million worth of bitcoin. While announcing the hack, Picostocks claimed that there were no signs of an intrusion into their systems, and that both of their wallets had been located on different computers. Despite the lack of intrusion, Picostocks claimed both wallets had been emptied. “We suspect that these [wallets] have been copied by people who had access to the system in the past and decrypted,” announced Picostocks on Reddit.

Mt. Gox Halts Trading After Biggest Hack in crypto History

  • Date: February 7, 2014
  • Amount Stolen: $300 million / 650,000 BTC
  • Type: Hack / Theft

The Mt. Gox hack was the biggest in bitcoin history to date. Today, it remains the single largest loss of BTC in history. Approximately 650,000 BTC was lost from the exchange in multiple hacks throughout 2013. The hacks slowly drained Mt. Gox wallets of funds throughout 2013. When Mt. Gox finally checked on the cold wallets in 2014, they found their exchange was totally insolvent. On February 7, 2014, Mt. Gox announced that it was halting all BTC withdrawals from the exchange, claiming there was a “transaction malleability bug in the core bitcoin software.” Users became suspicious when withdrawals remained halted for two weeks, although trading on the exchange continued. With users worried about the solvency of Mt. Gox, the price of bitcoin dropped to a point 20% lower than any other exchange. On February 24, 2014, Mt. Gox announced that it was suspending all trading activity. Then, Mt. Gox went offline completely and never came back online. Eventually, the exchange’s “crisis strategy draft” was leaked, revealing that Mt. Gox was completely insolvent and had lost 744,408 BTC of customer funds. Eventually, Mt. Gox recovered about 100,000 BTC, although the damage was done. As of 2019, the Mt. Gox case is still making its way through courtrooms in Japan, where the exchange was based.

Poloniex Withdrawal Hack

  • Date: March 4, 2014
  • Amount Stolen: $1,000 / 97 BTC
  • Type: Hack / Theft

Although small compared to other hacks on this list, the Poloniex hack is notable because it affected one of the world’s largest, most reputable, and best-known crypto exchanges. Poloniex, which continues to operate successfully to this day, was hacked in March 2014. “The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time,” announced Poloniex in their Bitcointalk forum thread announcing the attack. “This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.” In other words, the hacker was able to deposit fake funds into Poloniex and withdraw real funds before the exchange realized its error. Approximately 12.3% of all BTC on Poloniex was stolen during the breach. After the attack, Poloniex claimed to have implemented procedures to prevent further hacks. To this day, Poloniex has not suffered another major breach.

Flexcoin Hot Wallet Hack

  • Date: March 3, 2014
  • Amount Stolen: $600,000 / 896 BTC
  • Type: Hack / Theft

The Flexcoin hot wallet was hacked in 2014, leading to a loss of $600,000 or 896 BTC. The Alberta, Canada-based crypto wallet platform shut down after the attack. Flexcoin had dubbed itself “the first bitcoin bank”. Some customers with funds stored in Flexcoin cold wallets were able to withdraw funds after the attack, although other customers lost significant amounts of money. The shutdown occurred just one week after Flexcoin had reassured users, claiming that Flexcoin had never stored any coins in Mt. Gox or other recently-shuttered exchanges.

PonziCoin Exit Scam

  • Date: March 9, 2014
  • Amount Stolen: 10 BTC
  • Type: Ponzi Scheme / Scam

In 2014, a developer launched a coin that was – literally – called PonziCoin. The coin was transparent about the fact that it was a pyramid scheme. Investors were told they needed to invite more people to the platform to make more money. The developer of PonziCoin accepted BTC in exchange for coins, selling the coins in a series of rounds. The PonziCoin scheme didn’t quite take off like the developer intended, although he still made off with 10 BTC when he suddenly shut the scheme down. The BTC were worth around $7,000 at the time. PonziCoin disappeared from the internet on March 9, 2014.

CryptoRush Hack

  • Date: March 11, 2014
  • Amount Stolen: $800,000 / 950 BTC
  • Type: Hack / Theft

Popular crypto exchange CryptoRush announced the loss of funds on March 11, 2014. The exchange was run by a single developer, who claimed to work 40 hours a week at his full-time job, ignoring the exchange’s issues as they continued to pile up. Customers became suspicious that the exchange was insolvent. Tickets and withdrawal requests were ignored. On March 11, 2014, CryptoRush told its employees that it had been hacked. Someone with an IP from Ukraine stole 950 BTC and 2500 LTC, which collectively accounted for most of the crypto holdings of the small exchange. CryptoRush later shut down.

Cryptsy Exchange Hack

  • Date: July 2014
  • Amount Stolen: $9.58 million / 13,000 BTC
  • Type: Hack / Theft

Crypto exchange Cryptsy was hacked in 2014, leading to the loss of an enormous amount of bitcoin. After Mt. Gox, the Cryptsy exchange hack was one of the largest of the year. Cryptsy would not release further details of the hack until 2016, when the exchange revealed that it had been hacked for a significant amount in 2014. Cryptsy claimed the hack was traced to the developer of an altcoin called Lucky7Coin, who was able to exploit vulnerabilities in Cryptsy servers to steal an enormous amount of user funds.

Mintpal Exchange Exit Scam

  • Date: October 8, 2014
  • Amount Stolen: $1.3 million / 3,894 BTC
  • Type: Theft / Exit Scam

A cryptocurrency exchange called Mintpal completed a successful exit scam in 2014, disappearing offline with millions of dollars in user funds. The exit scam was widely believed to have been perpetrated by Moopay and Moolah executive and founder Alex Green (who also goes by the name Ryan Kennedy), seen as a shady scammer by the community. During the hack, approximately 3,900 BTC was stolen from Mintpal users and never returned. Alex Green / Ryan Kennedy fled the crypto scene and never returned. To add another crazy layer to the story, Alex Green / Ryan Kennedy was arrested for rape in 2016 and is currently serving an 11 year sentence in the UK, although it’s unclear where the lost funds disappeared to.

Bitstamp Hot Wallet Hack

  • Date: January 4, 2015
  • Amount Stolen: $5 million / 19,000 BTC
  • Type: Hack

Popular bitcoin exchange Bitstamp was hacked in late 2014 / early 2015, with Bitstamp announcing the hack on January 4, 2015. Bitstamp revealed that 19,000 BTC or $5 million had been stolen in the hack. Bitstamp initially suspended withdrawals and trading activity, leading some users to believe the exchange was shutting down (similar to how other exchanges had handled previous hacks). Bitstamp, however, restored all ordinary activity a week later, and the exchange remains active and popular to this day. The hack took place a few months after Bitstamp had received a ransom demand of 75 BTC from hackers, denying the ransom after claiming that they did not negotiate with “terrorists”. It’s unclear if the two incidents were linked.

796 Exchange Hack

  • Date: January 28, 2015
  • Amount Stolen: $230,0000 / 1,000 BTC
  • Type: Hack / Theft

In January 2015, cryptocurrency exchange 796 Exchange was hacked after hackers “compromised areas of the exchange”. The hackers eventually tampered with deposit and withdrawal addresses, confusing users and eventually leading to the loss of 1,000 BTC or $230,000. The Chinese crypto exchange would shut down in 2017 after successfully operating since June 2013.

MyCoin Exchange Bankruptcy and Ponzi Scheme

  • Date: February 9, 2015
  • Amount Stolen: $8 million
  • Type: Scam / Ponzi Scheme

Hong Kong-based bitcoin exchange MyCoin was a popular exchange platform operating throughout 2014 and 2015. In February 2015, however, a Chinese media outlet called SCMP published a report claiming that MyCoin had duped investors by promising big returns, only to disappear with investor funds soon after. MyCoin shut down in what amounted to a combination of an exit scam and a Ponzi scheme rolled into one.

BTER Cold Wallet Hack

  • Date: February 15, 2015
  • Amount Stolen: $1.75 million / 7,170 BTC
  • Type: Hack / Theft

On February 15, BTER revealed that it was performing a “security check” and was temporarily suspending trading, although it was not believed that the cold wallet was compromised. Later, it was revealed that the BTER cold wallet had been compromised. On October 23, 2015, BTER revealed that 7,170 BTC was missing from its cold wallet, stolen in a single transaction. The exchange announced a 720 BTC for the return of the BTC. The hack came just months after BTER had lost 50 million NXT, although BTER was later able to negotiate a partial return of those funds. BTER announced it was shutting down in October 2017.

Kipcoin Exchange Hack

  • Date: February 19, 2015
  • Amount Stolen: $690,000 / 3,000 BTC
  • Type: Hack / Theft

Crypto exchange Kipcoin released a statement through Chinese social media network Weibo on February 19, 2015 claiming that all services were on hold temporarily while the platform investigated a security breach. Kipcoin claimed no Chinese Yuan had been stolen during the breach. It was soon revealed that Kipicoin had lost 3,000 BTC to hackers. Kipcoin announced it was shutting down soon after.

Evolution Marketplace Exit Scam

  • Date: March 18, 2015
  • Amount Stolen: $12 million / 43,000 TBC
  • Type: Theft / Exit Scam

There’s a long history of darknet marketplaces disappearing from the internet overnight. Evolution Marketplace was yet another darknet market that pulled an exit scam, disappearing with over $12 million of crypto funds from users. The first signs of trouble appeared on Reddit when a user called NSWGreat published a post called, “EVOLUTION EXIT SCAM”. NSWGreat claimed to be a moderator for the site, and claimed that the admins were “preparing to exit scam with all the funds.” “I am so sorry, but Verto and Kimble have f***ed us all,” explained the user in the Reddit post.

Bitfinex Hot Wallet Hack

  • Date: May 22, 2015
  • Amount Stolen: $400,000 / 1,500 BTC
  • Type: Hack / Theft

Bitfinex lost 1,500 bitcoin, worth $400,000 at the time, after its hot wallets were hacked. Hackers exploited Bitfinex vulnerabilities to gain access to Bitfinex hot wallets. The theft amounted just 0.06% of the company’s total holdings. Bitfinex announced that it planned to absorb the losses, and Bitfinex continues to operate successfully to this day.

Bitpay Social Engineering Theft

  • Date: September 17, 2015
  • Amount Stolen: $1.8 million / 5,000 BTC
  • Type: Theft / Social Engineering

Crypto exchange Bitpay announced a hack on September 17, 2015, claiming that an attacker had obtained email credentials for Bitpay CFO Bryan Krohn, then used those credentials to dupe CEO Stephen Pair and executive chairman Tony Gallippi to authorize three payments totalling 5,000 BTC on December 11th and 12th, 2014., including one transaction from a wallet on Bitstamp. A total of 5,000 BTC were lost in the attack, worth $1.8 million at the time.

Shapeshift Exchange Hack

  • Date: April 7, 2016
  • Amount Stolen: $200 million / 469 BTC
  • Type: Hack / Theft

ShapeShift, which continues to operate successfully to this day, experienced the worst hack in its history on April 7, 2016 when it lost 469 BTC or $200 million. In a statement regarding the hack, ShapeShift claimed that they had “suspicion that someone previously on the team was involved, and that this person assisted an outside hacker.” They later confirmed that was the case, filing a civil suit and launching a criminal investigation of the perpetrators. Although ShapeShift temporarily took down its site to investigate the issue, the exchange re-launched and published full details about the ongoing investigation and discoveries.

Gatecoin Hack

  • Date: May 13, 2016
  • Amount Stolen: 250 BTC / $2.5 million
  • Type: Hack / Theft

Hong Kong-based crypto exchange Gatecoin was hacked in 2016, announcing the news on May 13 of that year. The exchange “experienced a cyberattack on its hot wallets that resulted in the loss of funds,” according to media reports at the time. The exchange later confirmed that as much as $2 million had been lost. Gatecoin absorbed the loss, however, and continues to operate successfully to this day.

DAO Hack

  • Date: June 17, 2016
  • Amount Stolen: $60 million / 3.6 million ETH

The DAO hack is one of the most notorious hacks in the history of the crypto community. It changed the trajectory of the world’s second largest digital currency, Ethereum. It was also one of the largest hacks in crypto history, although hackers were ultimately unable to access the stolen funds because they were frozen. The DAO was launched as a crowdsourced hedge fund, where users would make collective decisions about where to invest funds. Users locked millions of dollars’ worth of ETH in The DAO. A hacker, however later exploited a vulnerability within the code, freezing 3.6 million ETH. The DAO debacle would eventually lead to the creation of ETH and ETC, as the two sides disagreed on how to handle the hack.

Bitfinex Security Breach

  • Date: August 2, 2016
  • Amount Stolen: $72 Million / 119,756 BTC

A Bitfinex security breach in 2016 led to one of the largest hacks in crypto history. As announced on August 2, 2016, Bitfinex lost 119,756 BTC or $72 million at the time of the attack. The exchange temporarily suspended trading, deposits, and withdrawals. By August 4, Bitfinex confirmed that it had been robbed, telling Reuters that they had lost 119,756 bitcoins from user accounts. Bitfinex remains operational to this day, although the 2016 Bitfinex hack remains one of the largest in crypto history.

Bitcurex Exchange Hack

  • Date: October 13, 2016
  • Amount Stolen: $50 million / 2,300 BTC
  • Type: Hack / Theft

Poland-based crypto exchange Bitcurex was hacked on February 17, 2017, leading to the loss of $1.5 million. Prior to the hack, Bitcurex had been one of the largest crypto exchanges in Europe, particularly for Polish users interested in trading the Zloty for BTC. Over the course of 2016 up to the time of the hack, the Lodz-based exchange had processed over $50 million. On October 28, 2016, Bitcurex confirmed that it had lost $1.5 million and was shutting down. The problem was traced back to a third party performing an automated data collection on the site, resulting in the loss of partial assets.

ZCash Glitch

  • Date: February 17, 2017
  • Amount Stolen: $585,000 / 370,000 ZCash
  • Type: Hack / Theft

One of the crazy parts about crypto is that a single missing digit or letter can lead to the loss of millions of dollars’ worth of coins. Such was the case in February 2017 when it was revealed that the ZCash team had left one extra character inside the Zerocoin source code. That single extra character allowed an attacker to reuse his or her existing valid proofs to generate additional Zerocoin spend transactions. The issue led to the loss of 370,000 of ZCash, worth about $585,000 at the time.

Asian-European Currency Ponzi Scheme

  • Date: April 24, 2017
  • Amount Stolen: $680 million
  • Type: Scam / Ponzi Scheme

The Asian-European Currency Ponzi scheme operated under the guise of a legally registered company. Company founders advertised it as a get rich quick scheme, convincing victims that they could quickly earn money through a multilevel marketing scam. Investors were promised absurdly high returns. A total of 47,000 people were victimized by the Asian-European Currency scam. New trading victims were required to purchase at least 10,000 RMB of virtual currency, but your currency was frozen for 250 days. Eventually, the multilevel marketing scam was shut down. The Hainan City Police Department announced on August 10, 2017 that a man titled, “Suspect Xu” had been arrested for perpetrating the scam, along with a number of other executive members of the company. Law enforcement officials seized 4.6 billion RMB from the scammers, or approximately $680 million USD, making it one of the biggest seizures (and crypto scams) in industry history.

Yapizon Exchange Hack

  • Date: April 26, 2017
  • Amount Stolen: $7.6 million / 3,831 BTC
  • Type: Hack / Theft

Korean exchange Yapizon was hacked in early 2017, leading to a loss of nearly 40% of the company’s assets. On April 26, 2017, Yapizon announced that hackers had stolen 3,800 BTC in customer funds, “equivalent to 37.08% of total assets.” Instead of shutting down like smaller exchanges after a similar-scale hack, Yapizon decided to give customers a haircut, spreading the burden of losses across the userbase and giving customers a “haircut”. The reason you don’t hear about Yapizon today is because the exchange rebranded to Youbit after the April 2017 hack. By December 2017, the platform had declared bankruptcy. However, the company still appears to be active today. In mid-2018, YouBit had started to re-emerge, and it may begin to operate again in the near future.

eBitz Exit Scam

  • Date: May 17, 2017
  • Amount Stolen: $2.9 million / 388 BTC
  • Type: Theft / Exit Scam

eBitz pulled an exit scam in May 2017, suddenly disappearing with the assets of all users after a fraudulent ICO. The same team behind eBitz had previously pulled an exit scam with Opair.co. the total amount lost in the eBitz exit scam was estimated to be around 237 BTC, or around $432,000 at the time. The eBitz founding team published details of their ICO online, claiming that they were launching a new version of Zcash with founders rewards and other MLM-style incentives. After the ICO was complete, all information about eBitz disappeared from the internet.

QuadrigaCX Contract Error

  • Date: June 2, 2017
  • Amount Lost: 60,000 ETH
  • Type: Glitch / Locked Funds

Canadian crypto exchange QuadrigaCX made its most noteworthy headlines in 2019 when the founder suddenly died with the only private key to the exchange’s wallets. Prior to 2019, however, QuadrigaCX made headlines for a contract error that led to the loss of 60,000 ETH. This wasn’t a hack or a security issue; instead, it was a problem with the way the exchange was transferring money between accounts. “Earlier this week, we noticed an irregularity with regards to the sweeping process of incoming Ether to the exchange,” explained QuadrigaCX in their official statement after the issue. The end result was 60,000 ETH lost while swapping ETH/ETC, with the ETH frozen in that splitter contract permanently. QuadrigaCX resolved the issue, and customers were not penalized.

Bithumb Hack and Private Info Leak

  • Date: June 29, 2017
  • Amount Stolen: $31 million
  • Type: Hack / Theft

On June 29, 2017, Bithumb revealed that hacker shad stolen $31 million worth of Korean Won along with the personally identifiable information of 31,000 Bithumb website users, including their names, mobile phone numbers, and email addresses. At the time, Bithumb was the world’s fourth largest bitcoin exchange and the largest exchange in South Korea, accounting for over 75% of bitcoin trading volume in South Korea. The hack was traced back to a single employee’s compromised PC. Many users reported having millions of Won disappear from their personal accounts overnight.

ClassicEtherWallet DNS Hack

  • Date: June 29, 2017
  • Amount Lost: 1,001 ETH
  • Type: Hack / Social Engineering

ClassicEtherWallet was hacked in June 2017. Users watched helplessly as hackers exploited a glitch to quietly drain ETH from targeted wallets. The vulnerability was traced back to social engineering: the hacker convinced support staff at the web hosting provider to concede control over the official domain to a different owner, allowing the hacker to gain access to customer wallets. A total of 1,001 ETH was estimated to have been lost in the attack.

AlphaBay Exit Scam

  • Date: July 4, 2017
  • Amount Stolen: $4 million
  • Type: Theft / Exit Scam

This is the third major darknet marketplace exit scam on this list to date. In July 2017, darknet marketplace AlphaBay pulled the same trick previous marketplaces had pulled, disappearing from the darknet overnight and taking customer funds with it. AlphaBay, like previous darknet marketplaces, uses an escrow system to facilitate secure transactions between buyers and sellers. AlphaBay also allowed buyers and sellers to store money on the site in a wallet. When AlphaBay shut down overnight, all funds held in escrow and wallets disappeared with it. An estimated $4 million was lost in the AlphaBay exit scam, most of which was in crypto.

CoinDash ICO Cryptojack

  • Date: July 18, 2017
  • Amount Stolen: $7 million / 35,000 ETH
  • Type: Cryptojack / Theft

Israeli startup CoinDash launched like many other ICOs: the company wanted to sell its own digital tokens in exchange for ETH. Unfortunately, disaster struck just 13 minutes into the CoinDash ICO. An unknown perpetrator hacked CoinDash’s website, changing the receiving address to a separate address owned by the hackers. Investors submitted money to CoinDash believing they were investing in the ICO. In reality, they were sending millions of dollars directly to hackers. By the time the dust had settled and CoinDash realized what was going on, the “cryptojackers” had stolen over 35,000, worth around $7 million at the time.

Parity Wallet Breach

  • Date: July 19, 2017
  • Amount Stolen: $30 million / 153,000 ETH
  • Type: Hack / Theft

In one of the costliest and most surprising hacks in crypto history, the Parity Wallet was breached in July 2017, causing several major ICOs to lose millions of dollars in raised capital. Parity Wallet was trusted by users and ICOs around the world to provide safe, effective cryptocurrency storage. Certain ICOs had tens of millions of dollars stored in their Parity Wallet. Hackers exploited a vulnerability in the Parity Wallet code, allowing them to steal a total of $30 million, or around 153,000 ETH. The issue was traced back to a bug in a specific multi-signature contract known as wallet.sol. The hack was originally reported to be as much as 500,000 ETH, although an additional 377,000 ETH was retrieved from vulnerable wallets by white hat hackers.

BTC-e Exit Scam

  • Date: July 25, 2017
  • Amount Stolen: 66,000 BTC
  • Type: Theft / Exit Scam

On July 25, 2017, BTC-e suddenly shut down, with over 66,000 BTC moved to a wallet believed to be owned by Alexander Vinnik, known as the mastermind behind BTC-e. He would later face 21 charges from a US grand jury related to money laundering, computer hacking, and drug trafficking. BTC-e wasn’t an obvious scam: it was one of the world’s largest cryptocurrency exchanges, and it was widely recognized as one of the more reputable exchanges in the space. Unfortunately, it was later revealed that BTC-e’s reputability was largely based on illicit activity, and 95% of bitcoin transactions from ransomware transactions were cashed out through BTC-e. In the days leading up to the shutdown of BTC-e, 66,000 BTC were moved from the exchange, marking one of the largest exit scams in industry history.

Veritaseum (VERI) ICO Hack

  • Date: July 26, 2017
  • Amount Stolen: $8 million
  • Type: Hack / Theft

2017 was the year of the ICO, and it wasn’t smooth sailing for all ICO projects. The Veritaseum (VERI) ICO lost 46,000 of its tokens during an ICO hack. The hackers quickly exchanged the tokens for ETH using EtherDelta, which was the only exchange that supported VERI/ETH trading at the time. The tokens were worth $8 million at the time. Veritaseum only admitted to the hack after a user posted a screenshot of Veritaseum founder Reggie Middleton mentioning the hack on Slack, and Veritaseum was later forced to acknowledge the hack, which they did on July 26, 2017. The lost tokens accounted for less than 0.07% of the total supply of VERI tokens, and Veritaseum remains an active project today.

Enigma ICO Accounts Scam

  • Date: August 21, 2017
  • Amount Stolen: $500,000 / 1,500 ETH
  • Type: Theft / Exit Scam

On August 21, 2017, the team behind the Enigma blockchain project released a statement claiming their ICO had been compromised, leading to the theft of $500,000 in ETH from investors. Hackers were able to gain control of certain Enigma accounts, then used that control to post links to a phony pre-sale. Investors deposited money into the pre-sale, only to realize that the money wasn’t going towards Enigma at all, and that the accounts were owned by the hackers – not the Enigma team “At this time, the Enigma team has retaken control of all compromised accounts, including the website,” explained Enigma in a statement. The damage was done, however, and a total of $500,000 (1,500 ETH) was stolen.

Parity Frozen Wallets Bug

  • Date: November 6, 2017
  • Amount Lost: 513,774 ETH
  • Type: Glitch / Locked Funds

Just months after the first major Parity wallet hack, the team announced a second vulnerability had been discovered. Parity, which was the second most popular Ethereum client at the time, had a devastating security bug affecting any Parity wallet deployed after July 20 using the platform’s multi-signature functionality. The security vulnerability was identified by a developer named devopps199, who reported it on Github. A total of 513,774 ETH was frozen as a result of the vulnerability.

Tether Treasury Attack

  • Date: November 21, 2017
  • Amount Stolen: $30,950,010 / 30 million USDT
  • Type: Hack / Theft

Hackers attacked the Tether (USDT) treasury in November 2017, stealing over $30 million in funds from the Tether Treasury wallet and sending it to an unauthorized bitcoin address. Because Tether was in full control of USDT, the company took steps to prevent the attackers from trading that USDT onto broader markets, and blocked attempts to sell USDT to other cryptocurrencies or fiat currencies. Today, Tether continues to hold approximately 30% of the total supply of USDT in its Treasury wallet, although it’s not totally clear what happened to the 31 million USDT that went missing in the November 2017 hack.

Bitcoin Gold Wallet Repository Hack

  • Date: November 26, 2017
  • Amount Stolen: $3 million+
  • Type: Hack / Theft

Bitcoin hard fork project Bitcoin Gold (BTG) got off to a rocky start when its wallet repository on GitHub was hacked in November 2017. Hackers infiltrated the repository, uploading two suspicious files of unknown origin. Users who downloaded the official Bitcoin Gold Windows wallet from the Bitcoin Gold website or Github repository were affected by the bug. By the time the dust settled, users had lost over $3 million through the hack. Users downloaded the wallet, then used the wallet to send, receive, or store cryptocurrency, eventually losing $3.2 million when hackers accessed their private keys.

NiceHash Exchange Hack

  • Date: November 26, 2017
  • Amount Stolen: $3 million
  • Type: Hacks / Theft

In December 2017, NiceHash users experienced one of the worst hacking attacks in bitcoin history when they logged into their accounts and discovered all funds missing. Hackers infiltrated NiceHash, moving money from internal NiceHash bitcoin addresses to a single bitcoin wallet controlled by an unidentified third party. Prior to the hack, NiceHash had been operating smoothly for years as a way for crypto users to buy and sell hashpower. Users stored money in on-site wallets, only to discover one day that it had all disappeared. A total of $3 million was lost during the attack, although Nicehash would eventually return 60% of stolen coins to users by August 2018.

YouBit Exchange Hack

  • Date: December 19, 2017
  • Amount Stolen: Exchange
  • Type: Hack / Theft

We talked about YouBit just up above. The exchange experienced one of the worst hacks in South Korean crypto history earlier in the year when it was known as Yapizon. After rebranding to YouBit, the exchange was hacked once again in December 2017. It’s unclear how much was lost in the December 2017 attack, or if the two attacks were linked. However, some reports indicated that North Korean hackers were behind the YouBit exchange attack as well as similar attacks on Bithumb. In any case, an unknown amount of money was lost in the December 2017 YouBit attack, and the Korean exchange was forced to declare bankruptcy soon afterward.

RegalCoin Ponzi Scheme

  • Date: December 25, 2017
  • Amount Stolen: Unknown
  • Type: Theft / Exit Scam

It was obvious that RegalCoin was a Ponzi scheme from the first day it launched. The company didn’t even attempt to hide the fact during its ICO, promising enormous returns to users who referred friends to the platform. Despite the fact that it was an obvious scam, RegalCoin’s ICO sold out quickly, generating attention from across the crypto space. The ICO continued successfully for several weeks, selling out numerous times while being fueled by hype. Eventually, the RegalCoin ICO concluded. The founders made an effort to convince gullible investors that the scheme was legitimate, posting vague updates to social media for months. By early 2018, however, it was obvious that RegalCoin had no real technology behind its promises, and the RegalCoin team eventually disappeared, taking user funds with it in one of the larger exit scams in crypto history. It’s unknown how many people were victimized by RegalCoin, and we don’t know how much money was lost during the attack.

Exmo Employee Kidnapping

  • Date: December 26, 2017
  • Amount Stolen: $1 million
  • Type: Kidnapping / Extortion

On December 26, 2017, 40-year old Exmo bitcoin exchange employee Pavel Lerner was kidnapped while leaving his office in Kiev, Ukraine. Exmo is a Ukrainian crypto exchange. Lerner was reportedly dragged into a black Mercedes vehicle by men wearing balaclavas. The kidnappers demanded a $1 million ransom in bitcoin. Police searched for Lerner across the city but were unable to locate him. Eventually, the $1 million ransom was paid, and Lerner was released. Ukrainian and Russian media reports indicate that Lerner paid the ransom himself, although it’s unclear if the funds were connected to the Exmo exchange in any way. It was initially reported that Pavel Lerner was CEO of the Exmo exchange, although it was later revealed that he was an analytics manager with no unique access to any Exmo accounts or funds. To this day, there’s limited information about the Lerner case available online, although Lerner and Exmo are both alive and well today.

AT&T Customer SIM Jacking

  • Date: January 7, 2018
  • Amount Stolen: $23.8 million
  • Type: SIM Jacking / Social Engineering

Reports of “SIM jacking” attacks could be found throughout 2017 and 2018. In January 2018, however, one of the worst SIM jacking attacks in crypto history allegedly took place. On January 7, 2018, an American entrepreneur became the victim of a devastating SIM jacking attack, losing $23.8 million in digital tokens. SIM jacking attacks use social engineering strategies to convince carrier customer service agents to switch the SIM card to a new phone, allowing hackers to gain access to your mobile phone number, bypassing dual factor authentication and allowing them to gain access to sensitive accounts. In the January 7, 2018 attack, US entrepreneur Michael Terpin reportedly lost $23.8 million when employees from AT&T switched his SIM card to a new phone, gaining access to his crypto accounts. “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” explained Terpin in a complaint. Terpin is now seeking $23.8 million in compensation from AT&T along with $200 million in punitive damages, although AT&T is disputing the allegations.

BlackWallet Hack

  • Date: January 14, 2018
  • Amount Stolen: $400,000 / 670,000 XLM
  • Type: Hack / Theft

BlackWallet’s domain name system (DNS) server was hacked in January 2018. Hackers added a piece of code that transferred any deposits of 20 Stellar Lumens (XLM) or more into another wallet. By the time the malicious code was discovered, hackers had claimed 670,000 XLM from vulnerable users, worth a total of $400,000 at the height of the altcoin market. Although the hacker’s wallet was identified, they immediately started laundering the money to hide their tracks. To date, the hackers have not been identified, and it appears the BlackWallet DNS hackers have gotten away with it.

Bitconnect Pyramid Scheme Pulls an Enormous Exit Scam

  • Date: January 16, 2018
  • Amount Stolen: Unknown
  • Type: Theft / Exit Scam

Bitconnect was an infamous pyramid scheme or Ponzi scheme targeted towards the most gullible members of the bitcoin community. The scam was promoted by an army of social media influencers who were reaping the rewards of being early investors in a pyramid scheme. By January 2018, Bitconnect reached its inevitable conclusion, eventually collapsing as the founders pulled the largest exit scam in Bitconnect history. In days, the value of a single Bitconnect token (BCC) plummeted from $400 to just pennies. Investors who thought they were holding onto token stashes worth millions sound found themselves penniless. It was never revealed who was behind Bitconnect, and the founders of the company have not been brought to justice to this day. Anyone who invested in Bitconnect late, however, lost money, while anyone who invested early escaped with a fortune – just like every well-run pyramid scheme in history.

Benebit Exit Scam

  • Date: January 23, 2018
  • Amount Stolen: $2.7 million
  • Type: Theft / Exit Scam

At first glance, Benebit seemed like a promising ICO backed by an experienced and legitimate team of executives. Anyone taking a closer look, however, would quickly realize that Benebit was a scam. The photos of the founders were all stolen from the website of a prep school for boys in the UK. The names were completely fake. Most information on the website was made up. Despite the obvious forgery, Benebit launched during the absolute height of the ICO craze, which allowed it to attract significant investment before the scam was discovered. Benebit’s ICO lasted for a week before it was revealed that the company was running a scam. After the revelation hit crypto media outlets, Benebit took down its website, pulling down all information from the internet. Within days, Benebit had successfully pulled off an exit scam, disappearing with $2.7 million. The founders were never revealed.

Coincheck Exchange Hack

  • Date: January 26, 2018
  • Amount Stolen: $500 million / 500 million NEM
  • Type: Hack / Theft

Coincheck was hacked in January 2018. The crypto exchange platform revealed details of the hack on January 26, 2018, explaining that $400 to $530 million worth of NEM tokens had been stolen, making the Coincheck hack the largest hack in crypto history. A total of 500 million NEM tokens went missing during the attack. At the time, Coincheck was one of Japan’s largest cryptocurrency exchanges. The hack occurred when NEM was near its all time high, making the hack look even worse (and making it particularly lucrative for hackers). Coincheck suspended all withdrawals and halted most trading activity after the hack was revealed. Eventually, however, Coincheck came back online and resumed trading activity. In January 2019, Coincheck even received a cryptocurrency exchange license from Japan’s Financial Services Authority, indicating that Coincheck is moving forward with strict regulatory protocols and security systems in place.

Experty ICO Scam

  • Date: January 29, 2018
  • Amount Stolen: $150,000
  • Type: Theft / Exit Scam

Continuing with the trend of ICO exit scams, Experty disappeared with investor money after a moderately successful ICO. Users were asked to send money to an Ethereum wallet in exchange for EXY tokens. Users were approached via email, and it appears hackers used an existing mailing list from a previous ICO to target users, which means users were identified by their wallet address and other personal information, increasing the legitimacy of the email and making it seem like it came from a legitimate company. In reality, scammers were successfully leveraging a mailing list to target gullible hackers, eventually disappearing with $150,000 in ill-gotten gains.

Bee Token ICO Scam

  • Date: February 1, 2018
  • Amount Stolen: $920,000 / 890 ETH
  • Type: Theft / Exit Scam

It’s not totally clear what happened with the Bee Token exit scam to this day. However, it appears that hackers approached interested Bee Token investors via social media and email, explaining that they could sign up for a pre-sale by responding to an illicit email address. The email address was controlled by the hackers, and investors were depositing money into wallet addresses controlled by the hackers. By the time the mess cleared up, hackers had attracted 890 ETH in investments, disappearing with $920,000 in customer funds. Today, Bee Token (BEE) remains a legitimate cryptocurrency and blockchain project dedicated towards decentralizing real estate via a digital currency, although the 2018 Bee Token phishing scheme continues to hang over the project to this day.

Seele ICO Insider Hack

  • Date: February 4, 2018
  • Amount Stolen: $1.8 million / 2,162 ETH
  • Type: Theft / Exit Scam

In February 2018, scammers infiltrated the official Seele telegram channel, posing as two admins under the handles @SeeleSupport and @nicsmith. The two hackers solicited members of the Seele chat using direct messages to convince users that they could participate in a private token sale at a discount rate. The scam was very effective, due largely to the fact that Dr. Nic Smith was a legitimate member of the Seele team, serving as a data analyst at the startup. The scammer’s fake @nicsmith account even used Dr. Smith’s real photo. By the time Seele discovered the hack, the attackers had attracted 2,162 ETH in investments, worth $1.8 million at the time.

Bitgrail NANO Hack

  • Date; February 11, 2018
  • Amount Stolen: $120 million / 170 million NANO
  • Type: Hack / Theft

In one of the largest altcoin hacks in industry history, crypto exchange Bitgrail lost $120 million in NANO tokens, losing a total of 170 million of tokens in the breach. Initially, only 15 million NANO tokens were reported stolen in early February. Before long, however, it was revealed that the hack was much worse than initially realized, eventually leading to the loss of $120 million. To this day, it’s not totally clear what happened with the Bitgrail NANO hack. Bitgrail claimed the issue was linked to a hard fork, while others claimed Bitgrail was simply trying to cover up its solvency issues.

Coinhoarder Phishing Scam

  • Date: February 14, 2018
  • Amount Stolen: $1.8 million
  • Type: Scam / Phishing Attack

Computer security intelligence firm Talos Intelligence identified an attack pattern where attackers used malicious Google Ads to display phishing links for crypto-related keywords. Victims would search for terms like “blockchain” or “bitcoin wallet”, for example, and phishing links would appear at the top of search results pages. Victims would be redirected to a landing page serving customized phishing content based on the user’s geographic location and IP, convincing users to divulge sensitive information. It’s estimated that $1.8 million was stolen through this phishing scheme, which was later dubbed Coinhoarder when Talos Intelligence revealed the results of their investigation in February 2018. Talos Intelligence had been tracking the campaign throughout 2017 in partnership with police in Ukraine, which is where the scammers were based.

BTC Global Ponzi Scheme

  • Date: March 1, 2018
  • Amount Stolen: $50 million
  • Type: Theft / Exit Scam

BTC Global followed in the footsteps of obvious crypto Ponzi schemes like RegalCoin and Bitconnect, convincing gullible users that they could earn enormous returns on investments simply by depositing money into a mysterious company. The scam mostly targeted users in South Africa, and the scam appeared to be run by a mysterious South African currency trader named ‘Steve Twain’. The scam run successfully for a few weeks, with users receiving regular payouts from Twain’s team. After attracting $50 million in investments, self-described ‘master trader’ Steve Twain disappeared from the internet. To this day, Twain has never been prosecuted, and it’s not totally clear what happened with BTC Global. One thing is clear, however: investors lost a ton of money with BTC Global. As of 2019, South African police are still investigating the BTC Global crypto scam.

GainBitcoin India Ponzi Scheme

  • Date: April 8, 2018
  • Amount Stolen: $300 million
  • Type: Theft / Exit Scam

GainBitcoin was a Ponzi scheme targeted towards gullible crypto traders in South Asia. By the time the team had pulled off a successful exit scam, GainBitcoin had disappeared with $300 million, making it one of the most profitable exit scams in industry history. Unfortunately for GainBitcoin and its team, they would eventually be identified and arrested in November 2018. The case continues to make its way through courts in India after the founders were arrested at airports while attempting to travel abroad.

Sailesh Bhatt Extortion

  • Date: April 10, 2018
  • Amount Stolen: $1.3 million / 200 BC
  • Type: Abduction / Extortion

A businessman in India named Sailesh Bhatt was allegedly the victim of extortion by local police on February 9, 2018. The story was first reported on April 10, 2018, when Bhatt filed a police report. Bhatt claims ten police officers, including a superintendent of police and an inspector, participated in the alleged crime. He claims officers held him captive until he sent 200 BTC (worth around $2 million at the time) to his former business partner. “They beat me up inside a room and threatened to kill me in a fake encounter if I did not have over my bitcoins,” explained Sailesh Bhatt in his statement. To this day, the course continues to make its way through the system, and it’s unclear what really happened to Sailesh Bhatt at the hands of local police.

iFan Ponzi Scheme

  • Date: April 12, 2018
  • Amount Stolen: $650 million
  • Type: Ponzi Scheme / Exit Scam

iFan was yet another Ponzi scheme that promised enormous returns to investors with no risk and no effort required. Run by a company called Modern Tech, the Ponzi scheme guaranteed payouts of 48% per month, paid out within a four month period. In order to receive that money, investors needed to recruit people to the scheme. Some investors were paid via bank transfers. Eventually, however, iFan started paying users in a value-less digital currency while requiring larger and larger deposits. The iFan Ponzi scheme was enormously successful, eventually leading to total losses of VND 15 trillion ($650 million USD), largely from Vietnamese investors. Like other Ponzi schemes on this list, investors are still seeking retribution against the company.

Coinsecure Exchange Hack

  • Date: April 13, 2018
  • Amount Stolen: $3.3 million / 438 BTC
  • Type: Hack / Theft

Crypto exchange Coinsecure accidently exposed the private keys of users in an attempt to distribute Bitcoin Gold to buyers. The India-based exchange later announced that 438.318 bitcoins, worth $3.3 million at the time, had been stolen “due to the actions of a rogue employee.” Coinsecure shoved all the blame onto the company’s chief security officer, Dr. Amitabh Saxena, who reportedly followed incorrect procedures when distributing Bitcoin Gold (BTG) to customers.

MyEtherWallet DNS Hack

  • Date: April 24, 2018
  • Amount Stolen: $152,000 / 215 ETH
  • Type: Hack / Theft

MyEtherWallet’s domain name server (DNS) was hacked in April 2018, leading to momentary panic for users of the world’s largest Ethereum world. “Do not use myetherwallet.com if you’re using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment,” warned the Reddit user who spotted the issue. These DNS servers were resolving the domain to a bad server, and that bad server could steal keys. A number of users lost ETH in this breach, leading to total losses of $152,00, with ETH trading near its all time highs at the time.

Bitcoin Gold Hacked for $18 Million

  • Date: May 24, 2018
  • Amount Stolen: $18 million
  • Type: Hack / Theft

Bitcoin Gold experienced the second major attack in its young history in May 2018, when hackers repeatedly engaged in double spending attacks on the network to steal $18 million. Hackers used enormous amounts of hashpower to launch a 51% attack on the network, allowing them to double spend Bitcoin Gold and steal a large sum of money. Major crypto exchanges like Bittrex decided to de-list Bitcoin Gold after this security incident, although the coin remains an active project to this day, ranking in the top 30 cryptocurrencies by market cap as of March 2019.

Taylor Trading Crypto ICO Hack

  • Date: May 23, 2018
  • Amount Stolen: $1.5 million / 2,578 BTC
  • Type: Hack / Theft

A crypto trading app startup called Taylor had its ICO hacked in May 2018, leading to the loss of 2,578.98 ETH and 659,000 Tay (TAYLR) tokens. The stolen ETH was the entire amount raised by the company throughout February 2018. The only tokens that were not stolen were in the founders’ and advisors’ pools. Taylor was later criticized for keeping a significant amount of its total supply of ETH and TAYLR tokens in a hot wallet. Despite the setback, the Estonia-based startup moved on to launch its app, and the company continues to be active more than one year after the breach.

Coinrail Exchange Hack

  • Date: June 10, 2018
  • Amount Stolen: $40 million / 1,927 ETH
  • Type: Hack / Theft

Crypto exchange Coinreal was hacked in June 2018, leading to the loss of $40 million and several altcoins. The small, South Korea-based exchange announced the hack on June 11, 2018, admitting that it had lost $40 million in a “cyber intrusion” that targeted ERC20 tokens on the platform. Hackers disappeared with 1,927 ETH, 2.6 billion NPXS, 93 million ATX, and 831 million DENT coins, as well as significant amounts of six other tokens. After the hack, Coinrail insisted that 70% of its cash reserves were safe. Coinrail remains operational to this day, although it continues to be one of the smaller Korean exchanges by trading volume.

Bancor Hack

  • Date: July 9, 2018
  • Amount Stoeln: $23.5 million
  • Type: Hack / Theft

Israel and Switzerland-based crypto giant Bancor raised over $150 million in an ICO in 2017, only to have a significant chunk of those funds stolen in a hack in July 2018. Bancor, which offers a decentralized exchange platform, admitted on July 10 that “a wallet used to upgrade some smart contracts was compromised,” allowing hackers to disappear with $12.5 million in Ether, $1 million in Pundi X’s NPXS tokens, and $10 million in Bancor’s BNT tokens. Bancor took the exchange offline while investigating the incident, then later started up again. Bancor remains active to this day, offering decentralized trading of ERC20 and EOS tokens using a cross-china liquidity network.

KICKICO Security Breach

  • Date: July 26, 2018
  • Amount Stolen: $7.7 million
  • Type: Hack / Theft

KICKICO lost a significant number of its own KICK tokens in a hack in July 2018. As announced on July 26, the company admitted that it had lost nearly $8 million of KICK tokens after a security breach. That breach allowed attackers to gain access to the KICK smart contract By the time the dust settled, KICKICO had lost 70 million KICK tokens before regaining control of the smart contract. The security breach was tracked back to hackers obtaining the private key of the owner of the KickCoin smart contract. KICKICO solved the issue and moved forward without the tokens, which were never recovered.

OneCoin Ponzi Scheme

  • Date: September 5, 2018
  • Amount Stolen: $400 million
  • Type: Theft / Exit Scam

Multilevel marketing company OneCoin lured gullible investors into depositing money into a scheme called OneCoin. After investors deposited money, the founding team laundered the money through several shell companies based worldwide. A total of $400 million was suspected to have been stolen from investors. An American scam artist named Mark Scott was officially indicted by a grand jury in August 2018, then arrested on September 5. Scott allegedly used some of the funds to purchase a massive mansion for himself and his family in Massachusetts.

Zaif Exchange Hack

  • Date: September 20, 2018
  • Amount Stolen: $60 million / 913 BTC
  • Type: Hack / Theft

Cryptocurrency exchange Zaif, operated by a company called Tech Burea, was hacked in September 2018. The Japan-based exchange discovered unusual withdrawal activity on September 14 and immediately disabled withdrawals and deposits. The efforts were too late, however, as hackers disappeared with approximately $60 million worth of bitcoin, Bitcoin Cash, and MonaCoin. Hackers were able to extract the funds after gaining unauthorized access to Zaif’s hot wallets. After the hack, Zaif’s total asset reserves totaled around 2.2 billion Yen, or $20 million, and the exchange was sold to a Japan-listed corporation soon after.

William Kopko Kidnapping and Ransom

  • Date: September 24, 2018
  • Amount Stolen: $950,000
  • Type: Kidnapping / Extortion

American businessman William Sean Creighton Kopko was kidnapped in Costa Rica in September 2018. Kopko was walking in the town of Granadilla, east of San Jose, when he was kidnapped with the alleged collaboration of two traffic officials. Kopko’s kidnappers contacted his family to demand a ransom of $950,000 in bitcoin. That ransom was eventually paid, although Kopko was never released. Kopko owns the popular gambling platform 5Dimes. As of March 2019, he continues to be missing. In January 2019, however, twelve people suspected to be involved in the kidnapping of Kopko were arrested in Costa Rica and Spain. The three leaders of the group, a Costa Rican named Morales Vega, his mother, and his partner, moved to Cuba after the kidnapping, then fled to Spain, where they were later arrested.

SpankChain ICO Hack

  • Date: October 8, 2018
  • Amount Stolen: $40,000 / 165 ETH
  • Type: Hack / Theft

SpankChain’s ICO was hacked in October 2018. The adult industry startup experienced a breach and lost around 165.38 ETH, worth around $38,000 at the time. Hackers exploited a bug in the network’s payment channel smart contract. That same bug caused $4,000 in SpankChain’s BOOTY tokens to be frozen. Making matters worse for SpankChain was the fact that the hack wasn’t discovered until 24 hours after the breach. It was later revealed that SpankChain had not paid for a security audit for the payment channel contract “due to the costs involved.” SpankChain remains an active project to this day, dedicated to bringing adult entertainment to the blockchain.

Norwegian Man Murdered After Cash-for-Crypto Exchange

  • Date: October 18, 2018
  • Amount Stolen: Unknown
  • Type: Theft / Murder

On October 18, 2018, police in Oslo announced that a 24-year old Norwegian man had been murdered after an apparent cash-for-crypto exchange went wrong. The murder occurred in the 24-year-old’s apartment after the victim had transferred his crypto for the murderer’s cash. The killer escaped with the cash and the bitcoin. Norwegian police have traced the crime to a 20-year old Swedish citizen named Makaveli Lindén, who was on the run from Interpol after the incident. Initial reports seemed to indicate that the murder took place immediately after the in-person crypto transaction. Later, however, police revealed that Lindén climbed into the victim’s bedroom through a window later that night. A fight ensued, and the victim was stabbed 20 times. It’s not clear if the robber even knew about the victim’s bitcoin holdings, or if it was a random attack. However, it’s believed that the robber discovered the victim’s cash and crypto holdings while conducting the P2P transaction earlier in the day, then entered the victim’s apartment that night with the goal of seizing that cash and crypto. Makaveli Lindén, meanwhile, was arrested in France just a few days later.

23-Year Old Australian Woman Steals $450,000 of XRP

  • Date: October 25, 2018
  • Amount Stolen: $450,000 / 100,000 XRP
  • Type: Hack / Theft

In October 2018, police in New South Wales arrested a 23-year old woman over the alleged theft of more than $450,000 worth of the cryptocurrency Ripple (XRP). The 23-year old woman had allegedly stolen more than 100,000 XRP from the electronic wallet of a 56-year old victim. The victim told investigators he believed his email account had been hacked in January 2018 after he was unable to gain access to his account for two years. When he regained access and checked the account, his XRP had disappeared. Police arrested a woman in Epping, Australia “following extensive investigations”, and it seems the stolen XRP has been returned.

32-Year Old Jilted Lover Pays $11,000 in Bitcoin to Have Partner’s Ex-Wife Murdered

  • Date: October 26, 2018
  • Amount: $11,000
  • Type: Murder for Hire

In October 2018, 32-year old American Tina Jones was arrested after allegedly paying $11,000 to a dark web company that offered murder for hire. The dark web company would later turn out to be a scam, but Jones was later arrested and charged with solicitation of murder for hire and attempted murder. Jones, who worked as a nurse at Loyola University Medical Center, had been involved in a relationship with her co-worker until late 2017, when the co-worker ended it. Jones allegedly later tried to hire an assassin to murder her co-worker’s wife. She provided allegedly provided details of the pair’s whereabouts and schedule to the murder-for-hire service. The Tina Jones bitcoin-for-murder case continues to make its way through DuPage County Court in Chicago.

MapleChange Exit Scam

  • Date: October 28, 2018
  • Amount Stolen: $6 million / 913 BTC
  • Type: Theft / Exit Scam

Canadian cryptocurrency exchange MapleChange appeared to pull an exit scam after opening in May 2018 and closing in October that same year. The exchange listed 62 tokens at the time of closure, with modest trading volume of around $70,000 per day on average. In October 2018, however, the MapleChange team announced that they had lost 913 BTC (close to $6 million) in a hack. Soon after the hack was announced, the exchange decided to close down, claiming they were “in the process of a thorough investigation” and that “until the investigation is over, we cannot refund anything.” Today, it’s all but confirmed that MapleChange was an exit scam. In fact, MapleChange may have never had any connection to Canada whatsoever: the latest information about the MapleChange exit scam indicates that two Romanian brothers may have been involved. Users who lost money in the MapleChange exit scam have rallied around a Twitter account called MapleChange’d in an attempt to bring the founders to justice. As of March 2019, however, victims of MapleChange have received no compensation.

Oyster Protocol CEO Exit Scam

  • Date: October 29, 2018
  • Amount Stolen: $300,000
  • Type: Theft / Exit Scam

Oyster Protocol experienced a devastating hack in October 2018, during which someone used the transferDirector function on the Oyster Protocol smart contract, allowing the new director to re-open the ICO for PRL and re-issue new tokens. The hacker was ultimately able to send more than 3 million PRL tokens to KuCoin, where they were sold for about $300,000. Oyster Protocol alerted KuCoin to shut down deposits and withdrawals, but the damage had been done. Today, Oyster Protocol continues to operate as a hybrid IOTA/Ethereum smart contract platform that helps websites raise revenue without traditional advertising, allowing users to earn Oyster Pearls (PRL), an ERC-20 token. Surprisingly, the Oyster Protocol hack was eventually discovered to be an inside job. The hack was traced back to the project’s original designer, Bruno Block. Block was able to circumvent the security procedures despite three separate security audits taking place. The issue ultimately boiled down to an exit scam. Bruno Block was later revealed to be a pseudonym. As far as we can tell, Block remains at large.

Anne-Elisabeth Falkevik Hagen Kidnapping and Ransom Scam

Anne-Elisabeth Falkevik Hagen, the wife of one of the richest men in Norway, was kidnapped on October 31. She’s still missing. Her husband, Tom Hagen, is a real estate investor and owner of power facilities in the country reportedly worth around $2 billion. Norwegian media claims Hagen’s kidnappers are demanding a 9 million EUR ransom paid in Monero (XMR). Kidnappers have also claimed that Hagen would be killed if police were involved. Despite the threat, Hagen decided to go public with the case in January 2019. Europol and Interpol continue to work on the case. The whereabouts of the 68-year old are unknown, and it’s unclear if the ransom has been paid.

Dragon Coin Exit Scam

  • Date: November 7, 2018
  • Amount Stolen: $2.4 million
  • Type: Theft / Exit Scam

Thailand-based Dragon Coin was a shady operation from the start. In November 2018, three Thai siblings accused of operating the $24 million bitcoin scam pled not guilty. The three siblings allegedly defrauded a 21-year old Finnish investor by selling him shares in Expay Software Co and a gambling-focused crypto startup called Dragon Coin (DRG). After receiving the money, the siblings allegedly purchased a massive amount of land in Thailand. The Finnish investor received no profit, then later filed a complaint with Thai police. The case continues to make its way through the Thai court system. It seems from the start, however, that Dragon Coin was designed to be an exit scam.

Pure Bit Exit Scam

  • Date: November 13, 2018
  • Amount Stolen: $2.8 million / 13,000 ETH

In November 2018, a group of South Korean scam artists pulled an exit scam and then, surprisingly, refunded victims after apparently having a change of heart. On November 4, a crypto startup called Pure Bit launched its ICO, raising more than $30 million. On November 13, Pure Bit suddenly disappeared from the internet, shutting down its website and social media. The authorities were alerted. It was widely believed that Pure Bit had pulled an exit scam and that victims would not be compensated. A week after, however, Pure Bit released a statement claiming that the CEO was “blinded by money” and made an “unforgivable mistake”. Victims received a refund. It’s unclear if Pure Bit and its CEO had a genuine change of conscience, or if South Korean law enforcement authorities were able to persuade the group to return the money.

Nicholas Truglia SIM Swapping

  • Date: November 21, 2018
  • Amount Stolen: $1 million+
  • Type: Cryptojacking / Theft

Scam artist Nicholas Truglia used SIM swapping or cryptojacking tactics to steal money from some of the San Francisco Bay Area’s largest crypto holders. Truglia contacted tech support agents at various carriers to convince them to switch a phone number to a SIM card that he controlled. Then, he used this access to steal crypto from unwitting victims. As a bizarre addition to this story, Truglia’s friends later tortured him in an effort to extract his crypto account information. Investigators in Santa Clara would eventually arrest Truglia for stealing $1 million from various Bay Area crypto holders. One of the victims was Robert Ross, a father of two from San Francisco who was holding his life savings in Gemini and Coinbase accounts. Truglia allegedly emptied the $500,000 that Ross had stored in each account, giving him a total of $1 million from just one victim. Only $300,000 of the funds were ultimately recovered. Truglia, meanwhile, is facing 21 felony counts.

CoinSignals Scams Twitter Followers with Fraudulent Investment Fund

  • Date: November 20, 2018
  • Amount Lost: Unknown
  • Type: Scam / Ponzi Scheme

CoinSignals is a crypto social media personality who became active in January 2018, encouraging followers to join paid crypto groups throughout the year before tweeting his last tweet and disappearing from the internet on November 20, 2018. For the scam, CoinSignals raised a large trading fund on BitMEX, then lost the money or stole it. His followers believe he lost a significant amount of money, then disappeared from the internet to avoid the wrath of users, stealing the remaining funds. Prior to pulling an apparent exit scam, CoinSignals had built a strong reputation as a BitMEX trader. In the early days of 2018, CoinSignals decided to take things a step further, advertising his fund to followers and encouraging them to deposit money. He advertised the scam on paid Telegram and Discord groups like Blockchain Bulls, posting pictures of charts that showed enormous profits and returns. Later, it was revealed that this data was fake, and that CoinSignals was the leader of a group called the Pump & Dump of Haven. In September 2018, amidst plummeting bitcoin prices, CoinSignals started to block withdrawals from his BitMEX fund, preventing users from accessing their money. By November, CoinSignals had disappeared from the internet entirely.

Bulgarian Scammers Steal $3 Million of Crypto

  • Date: November 26, 2018
  • Amount Stolen: $5 million
  • Type: Hack / Theft

In November 2018, police in Bulgaria announced they had arrested three men for cryptocurrency theft. The three men had allegedly managed to steal around $5 million worth of cryptocurrency. Police eventually recovered $3 million of the currency but claimed that $2 million of it was still missing. The scammers were described as “fairly sophisticated” and had strong “computer literacy skills” that allowed them to steal cryptocurrencies. It’s not totally clear where the stolen funds came from. However, it’s possible that the three men arrested in Bulgaria in November 2018 were responsible for one of the unsolved hacks mentioned above.

Electroneum Wallet Hack

  • Date: December 27, 2018
  • Amount Stolen: $800,000 / 250 BTC
  • Type: Hack / Theft

The Electroneum wallet was hacked in late December 2018, leading to the loss of around $800,000. A hacker setup a bunch of malicious servers on the network. Unsuspecting Electroneum users would connect to these servers and try to send a BTC transaction, only to receive a seemingly-official message requesting that they update their Electrum Wallet app through a scam URL. The clever scam led to Electroneum users sending $800,000 worth of tokens to anonymous wallets owned by the hackers.

ETC 51% Gate.io Attack

  • Date: January 7, 2019
  • Amount Stolen: $271,500 / 40,000 ETC
  • Type: Hack / Theft

Gate.io was targeted by a hacker through a 51% attack on the Ethereum Classic (ETC) network. Gate.io’s censor successfully blocked some of the transactions, although many transactions slipped through and were confirmed on the blockchain. Ultimately, the hacker disappeared with 40,000 worth of ETC, worth $271,500 at the time.

Cryptopia Exchange ERC20 Hack

  • Date: January 15, 2019
  • Amount Stolen: $16 million
  • Type: Hack / Theft

Crypto exchange Cryptopia was hacked on January 15, 2019. Hackers were able to extract funds from more than 76,000 different wallets. Based on the nature of the attack, it was assumed that thieves had gained access to thousands of private keys, then used this information to extract money from users. A total of $16 million in ERC20 tokens was stolen by the time the dust settled. The hack was so devastating to the New Zealand-based exchange that it remained shut down well into March 2019. However, Cryptopia plans to resume operations by the end of March. Cryptopia has transitioned 24% of all wallets to new, more secure servers, although it’s unclear how attackers obtained private user keys in the first place.

LocalBitcoins Phishing Hack

  • Date: January 26, 2019
  • Amount Stolen: $28,000 / 8 BTC
  • Type: Hack / Phishing

LocalBitcoins is a long-running bitcoin exchange with a proven track record of securely managing funds for customers. On January 26, 2019, however, LocalBitcoins lost 8 BTC (worth $28,000 at the time) to a hacker. Forum users claimed they were redirected to a login page that was a phishing website. Users were asked to enter their credentials. Then, those credentials were sent to the hacker. LocalBitcoins temporarily disabled access to its forums after the breach, although the website and forum continue to run smoothly today. It’s possible that more than 8 BTC was stolen in the attack as well, as at least one additional user has come forward claiming that his or her 11 BTC was stolen during the attack.

Joel Ortiz SIM Swapping Hack

  • Date: February 1, 2019
  • Amount Stolen: $5 million
  • Type: Cryptojacking / Theft

Scam artist and 20-year old college student Joel Ortiz used SIM swapping techniques to steal $5 million of cryptocurrency before being quickly caught by police in Santa Clara County, California. Ortiz allegedly stole more than $5 million from 40 victims. He has since pleaded guilty to theft, accepting a plea deal of 10 years in prison. Ortiz officially became the first individual convicted of a crime for SIM swapping. SIM swapping, also known as cryptojacking, involves using social engineering strategies to convince carrier support agents to switch a phone number to a new SIM, thereby giving you access to the user’s two factor authentication tool.

QuadrigaCX Declares Bankruptcy After Mysterious Death of Founder

QuadrigaCX’s bankruptcy has become one of the largest and strangest news stories in recent crypto history. On February 1, 2019, the Canadian crypto exchange filed for creditor protection, claiming it was having liquidity problems after it was no longer able to access funds. The problem was linked back to the death of QuadrigaCX founder Gerry Cotten on December 9. Cotten was reportedly the only person able to access $145 million in digital assets stored by the exchange. He was the only one holding the private keys. Cotten died without telling the private keys to anyone. QuadrigaCX reportedly has just $286,000 in digital assets remaining and owes nearly $200 million to its users. The QuadrigaCX issue continues to unfurl. Cotton’s wife reportedly has no knowledge of the private keys, and cybersecurity experts have been unable to break into Cotton’s computer. There’s also a controversy over whether or not Cotton is even dead: some conspiracy theorists on Reddit are claiming Cotten faked his death. The official record claims Gerald Cotten died suddenly at age 30 from complications with Crohn’s Disease while traveling in India. We have no proof to suggest this wasn’t the case, and Quadriga’s wallets have not moved any funds. However, conspiracy theorists continue to suggest that Cotten pulled a $190 million exit scam.

Gatecoin Hack ($2 Million) Closure

  • Date: March 13, 2019
  • Amount Stolen: $2M ~ $3 million
  • Type: Hack / Theft

In May 2016, Gatecoin announced that it had lost 185,000 ETH and 250 BTC, worth roughly $2.14 million at the time, in a hack. The Hong Kong-based exchange experienced an intrusion on its hot wallets, leading to the loss of funds. Days after the hack was discovered, Gatecoin announced that it had lost $2 million during the attack. Gatecoin also assured users that most cryptoassets were stored in multi-signature cold wallets, and that most of the exchange’s assets were completely safe.

The hack occurred at around the same time as The DAO’s infamous ICO. Gatecoin was one of several exchanges where users could purchase DAO tokens and contribute to the crowdfunding project, which had raised 10.72 million ETH (worth $120 million at the time) by the time the Gatecoin hack took place. After the hack, Gatecoin announced it was building a portal where users could withdraw DAO-related tokens and fiat currencies.

Following the hack, Gatecoin continued to operate successfully for several years. However, the exchange always suffered from banking issues. Founded in 2013, Gatecoin announced on March 13, 2019 that it was closing down and liquidating all assets. The final nail in Gatecoin’s coffin was the breakdown of a banking partnership in September 2018.

Coinomi Hack ($70,000)

  • Date: February 26, 2019
  • Amount Stolen: $70,000
  • Type: Hack / Theft

On February 26, 2019, a major security bug was found in the Coinomi crypto wallet. Coinomi’s security vulnerability caused the wallet to send your plain text seed phrase to Google’s remote spell check API when you enter it into the software.

The news was announced on Twitter by Warith Al Maawali, who tweeted that users could spell check a crypto wallet’s passphrase remotely using an exploit in Coinomi. The exploit was shared by Luke Childs, who created a video showing the exploit in action, and then spread across Reddit shortly after.

Founded in 2014, Coinomi is one of the oldest multi-asset wallets available to cryptocurrency users. It supports over 500 different tokens, allowing users to store their crypto fortunes on desktop and mobile devices using convenient software.

It’s unclear how much was lost from the Coinomi exploit. The man who initially shared the exploit on Twitter, Warith Al Maawali, claims to have lost $70,000 of his own funds from his Coinomi wallet. He also claims that Coinomi is avoiding the question of whether or not they’ll reimburse him. No other victims seem to have come forward.

DragonEx Hack (Undisclosed Amount)

  • Date: March 24, 2019
  • Amount Stolen: Undisclosed
  • Type: Hack / Theft

On March 24, 2019, Singapore-based crypto exchange DragonEx announced it had been hacked, leading to the loss of an undisclosed amount of crypto. The DragonEx team announced the news on its Telegram channel, claiming that they had experienced a cyberattack that led to the loss of cryptocurrency funds owned by users and the exchange.

As of now, we still have no information about how much was stolen during the attack. However, DragonEx claims that “part of the assets” had already been retrieved, and that they were doing their best “to retrieve back the rest of stolen assets”. We do know that BTC, ETH, XEM, EOS, XRP, ETC, NEO, ABBC, LTC, XLM, XMR, ADA, ONT, TRX, BTM, XAS, and ICX were stolen during the attack. The loss appears to be significant: DragonEx is closing down all platform services while it investigates the issue. DragonEx, however, claims that they “will take the responsibility no matter what.”

DragonEx has alerted law enforcement in Estonia, Thailand, Singapore, and Hong Kong of the attack. The exchange has also shared 20 hot wallet addresses where the ill-gotten gains were transferred. After traveling through those hot wallets, hackers appeared to have transferred the stolen assets to Huobi and Gate.io, although both exchanges later froze the stolen assets.

Bithumb ($19.2 Million)

  • Date: March 30, 2019
  • Amount Stolen: $19 million
  • Type: Hack / Theft

In late March 2019, South Korea crypto exchange giant Bithumb was hacked for $19.2 million. The hack is suspected to be an inside job. Initially, Bithumb announced that it had lost 3.07 million EOS (worth about $13 million). On April 1, however, Bithumb updated the story and added that 20.2 million XRP (worth $6.2 million) had also been stolen during the same attack.

It’s believed that the hacker has already laundered all of the stolen funds, making the chances of recovering the assets even less likely.

Bithumb announced the hack on Saturday, March 30, claiming that their security team had spotted an “abnormal withdrawal” on Friday, March 29. Bithumb suspended asset withdrawals and deposits while it investigated the issue. Bithumb also added that all the stolen cryptocurrency was “owned by the company”, and that customer funds remain protected in a cold wallet. Bithumb has already notified government agencies while conducting an internal investigation. It’s not clear, however, which “inside employee” perpetrated the hack, or how a single employee was able to disappear with nearly $20 million.

The March 2019 Bithumb hack also occurred roughly one year after a separate attack when Bithumb lost $30 million of cryptocurrencies, although the exchange later retrieved $14 million of the stolen funds.

Binance Loses $41 Million in ‘Large Scale’ Hot Wallet Hack

  • Date: May 7, 2019
  • Amount Stolen: 7,040 BTC ($41 Million)
  • Type: Cryptocurrency Exchange

Binance, one of the world’s largest cryptocurrency exchanges, experienced one of the worst hacks of 2019 when it lost 7,040 BTC in a hot wallet attack. Hackers were able to withdraw 7,040 BTC from Binance’s hot wallet in a single transaction on May 7, 2019. Binance is revealing few details about the attack. The notoriously non-transparent exchange claims that hackers “used a variety of techniques, including phishing, viruses and other attacks” to attack the exchange. Hackers were also “able to obtain a large number of user API keys, 2FA codes, and potentially other info.”

These statements are from the official Binance press release, yet they reveal virtually nothing about the attack. It’s just generic information. Some members of the community are accusing Binance of being ‘in’ on the attack, while others claim Binance has no idea what really happened. In any case, the 7,040 BTC represented only about 2% of the exchange’s current BTC holdings, and all other wallets are secure and unharmed. Binance is covering all losses using its emergency fund. Withdrawals and deposits were immediately suspended but resumed after a few days.

Cryptopia Hack and Bankruptcy

  • Date: May 15, 2019
  • Amount Stolen: $23 Million
  • Type: Theft / Hack

As mentioned above, New Zealand-based cryptocurrency exchange Cryptopia was hacked back in January 2019. Thieves stole cryptocurrency from 76,000 different exchange wallets. At the time, the stolen ERC20 tokens were worth about $16 million. Today, those same tokens are worth about $23 million. On May 15, 2019, Cryptopia announced that it was beginning the liquidation process after weeks of failing to return to profitability.

The hack was devastating for the small exchange, and Cryptopia had remained down for weeks after the hack. Cryptopia had initially tried to resume services in March 2019 as a read-only website while giving users a ‘haircut’ to compensate for lost funds, although clearly, this strategy did not work. The company informed shareholders of its decision to shut down on May 14, with the news publicly reported on May 15. Christchurch-based Cryptopia joins Mt. Gox and other major crypto exchanges that were forced to shut down after being hacked.

It's Now May 2019; stay safe, get in touch and follow us daily.

Source Crypto Theft Incidents Timeline

What is a Bitcoin Scam?

bitcoin-scams-crypto-hacks infographic

As any cryptocurrency investor, digital asset trader or virtual currency user can see – Bitcoin scams come in all shapes, sizes, and varieties. Some scams are advanced wallet intrusions performed by elite hackers. Other scams involve simply tricking someone into sending money to an incorrect address.

Top 10 Bitcoin Scams Online Today

Bitcoin has plenty of legitimate use cases. Every day, users transfer millions of dollars’ worth of bitcoin for legitimate purposes. Unfortunately, bitcoin also has a seedy side filled with scams, money laundering, and theft. Here are some of the most common bitcoin scams we’ve seen in the past few years:

Malware Scams

Malware is literally as old as the internet. However, bitcoin and other cryptocurrencies have made malware scams even more prevalent. These scams are surprisingly sophisticated. One type of malware, for example, is called Cryptocurrency Clipboard Hijackers. That malware works by monitoring the Windows clipboard for cryptocurrency addresses. Then, if a cryptocurrency address is detected, it will automatically be swapped out with an address controlled by the malware manufacturer.

Most of us copy and paste bitcoin addresses when transferring funds. When you do this, this information gets temporarily stored on the clipboard. You might paste the address in your intended destination. Since the address is so long and complicated, you don’t notice any changes to the address. You send the money to the address, only to realize the money has never showed up and you’ve been scammed.

When a hacker tricks you into installing malicious software on your computer, and that software steals your crypto, then it’s a crypto malware scam.

How to Identify and Avoid Crypto Malware: Check all software before you download it. Make sure all downloads are from reputable publishers with a proven track record. Avoid downloading shady software from third party websites. Remember that many crypto malware programs masquerade as an innocent, unrelated file – like a free movie download or free premium software.

Fake or Fraudulent Bitcoin Exchanges

Fake or fraudulent websites might claim to be a real bitcoin exchange. You might search for something like “Canadian bitcoin exchange” online. The website that pops up looks like a legitimate exchange. You deposit funds to the address listed on the website. However, you can never access the exchange and your funds never appear. You’ve been scammed.

There was one infamous instance of this scam in 2017, when a scammer created a South Korean exchange called BitKRX. That exchange claims to be a great place to exchange and trade bitcoin. It also claimed to be affiliated with major Korean financial organizations like KOSDAQ, the South Korean Futures Exchange, and the South Korean Stock Exchange. Later, it was revealed that it was all a scam, and the scammers disappeared with an unknown amount of customer funds.

How to Identify and Avoid Fake or Fraudulent Bitcoin Exchanges: Choose regulated exchanges based in countries with established crypto exchange regulatory schemes – like South Korea, Japan, or the United States. Don’t be fooled into thinking that the world’s biggest exchanges will stay solvent forever. Mt. Gox is a cautionary tale, and a similar collapse could happen any time.

Ponzi Schemes

Ponzi schemes are older than crypto. Crypto, however, has given Ponzi schemers a new way to capture new victims.

We’ve seen plenty of bitcoin Ponzi schemes. These schemes lure in unsuspecting investors with promises of easy money and fast payouts. Some of these scams are obvious: they’re high yield investment programs (HYIP) promising impossible ROIs. Other Ponzi schemes present themselves as legitimate business opportunities – like the infamous Bitconnect Coin (BCC) that became prominent in 2017 before collapsing in January 2018 when it was revealed to be a scam.

Other Ponzi schemes involve bitcoin mining, where you send bitcoin to a website today in exchange for “crypto mining hashrate”. In reality, you don’t make any money through mining, but you do make money by referring other people to the scheme. The scheme grows and grows until it collapses. No real mining ever takes place, and the originals scammer eventually shuts down the fund, stealing everyone’s funds.

How to Identify and Avoid a Ponzi Scheme: If someone is promising something that’s too good to be true, then it probably is. Be suspicious whenever someone promises guaranteed returns, high ROIs, and easy profits online – especially when crypto is involved.

Fake Crypto Projects and ICOs

Don’t you wish you bought bitcoin when it was worth $0.10? Of course you do. You’d be a millionaire today.

That’s why scammers have come up with a clever strategy: they launch new coins while claiming these coins are “the next bitcoin”. Instead of buying 1 BTC for $4,000 today, you can buy this new coin for just $1 today – and it could be worth $4,000 tomorrow.

We saw a record number of ICO scams and fake crypto projects in 2017 and 2018. Many of these projects tried to convince investors that they could purchase the next bitcoin today. Today, most of these coins are completely value-less.

One of the most famous ICO scams of 2018 was the one promoted by celebrities like DJ Khaled, among others. Centra Tech raised $32 million by allegedly misleading investors and lying about its products, among other fraudulent activities. DJ Khaled bragged about the scam on social media, writing:

“I just received my titanium centra debit card. The Centra Card & Centra Wallet app is the ultimate winner in Cryptocurrency debit cards powered by CTR tokens!”

Bitcoin Savings and Trust raised $40.7 million in a similar scam in 2017, using a combination of an ICO scam and a Ponzi scheme.

As long as there are gullible investors wanting to get rich quick, crypto scams like this will always succeed.

How to Avoid Fake Crypto Projects and ICOs: Research ICOs comprehensively before you invest. Avoid sending money to anonymous projects online. Don’t listen to celebrity promoters trying to make a quick buck.

Bitcoin Wallet Scams

Bitcoin wallets are pieces of software – like a mobile app or PC program – that hold your crypto tokens. There are plenty of legitimate, secure crypto wallets out there. Unfortunately, there are also wallets designed to steal your crypto funds.

The Bitcoin Gold wallet scam from 2018, for example, reportedly scammed $3.2 million from users by convincing them that they could claim BTG tokens by sending private keys to a wallet address.

Other crypto wallet scams have involved uploading fraudulent wallets onto the Google Play Store or iOS App Store, then waiting for users to download the wallets and send crypto.

How to Avoid Bitcoin Wallet Scams: Only use trusted bitcoin wallets, including software and hardware wallets from trusted and established manufacturers. Update your wallet software regularly.

Pump and Dump Scams

Some groups of crypto traders band together to launch pump and dump schemes. A group of scammers will organize on platforms like Telegram to buy a coin en masse, artificially increasing prices. Then, they start sharing hype about the coin with the crypto community, flooding social media with buy signals and other indicators.

Coin prices rise. Then, the scammers sell when the coin reaches its peak. The value of the coin plummets as scammers ‘dump’, while anybody who bought the coin during the ‘pump’ loses their money.

How to Identify and Avoid a Pump and Dump Scam: Have you noticed a sudden and unusual amount of hype online for a specific cryptocurrency? Is there any justification behind this hype? Are people tossing around terms like ‘FOMO’ online on unfiltered communities like Reddit and Twitter? When coins surge with little to no warning, it could be a sign a Telegram trading group has called a pump and dump.

Social Media Giveaway Scams

No, Elon Musk isn’t really giving away ETH to anyone who sends money to an ETH address. Since 2017, there has been a surge of fake social media accounts promising to give cryptocurrency away for free online. Often, these social media accounts masquerade as prominent business celebrities – like Elon Musk – or notable crypto personalities – like Vitalik Buterin. The fake social media account will reply to a real tweet from Elon Musk or Vitalik Buterin saying something like, “I’m giving away 10 ETH to anyone who sends 0.25 ETH to this address.” Amazingly, people still fall for this scam every day.

How to Identify and Avoid Social Media Giveaway Scams: Nobody gives away money for free online. Never send money to a random crypto address online. It’s a scam.

Fake Forking Scams

There have been multiple major hard forks in crypto history. Ether branched into ETH and ETC. Bitcoin branched into BTC and BCH. After a hard fork, there’s often confusion over how people can claim their new tokens. That’s when hackers try to take advantage. They post fake forking instructions online, claiming users can retrieve their forked coins by uploading private keys to a malicious address.

How to Identify and Avoid Fake Forking Schemes: Hold onto your private keys after a fork until an exchange officially supports the forked version of the coin. Then, send your coins to that exchange if you want to sell them.

Fake Support Team Scams

Do a quick Google Search for ‘Binance support’ and other search terms. You’ll find scammers advertising their own support teams instead of the real Binance support teams. This is particularly common for exchanges that have limited support personnel: frustrated users might turn to Google to try to find someone to help them. You click a link and begin talking to a real person over live chat. That person claims to be an employee of, say, Binance. In reality, that person is about to steal your information. We’ve seen this scam on Telegram and other major networks.

How to Avoid Fake Support Team Scams: Only contact exchange support personnel through the official exchange website. Never give your username or password to a member of the support team of an exchange (real support personnel will almost certainly never ask for this information).

Cloud Mining Scams

We touched on this scam above under Ponzi schemes and pyramid schemes. Cloud mining scams are commonly linked with pyramid schemes, but they’re also an entirely separate scam of their own.

Want to make money through bitcoin mining with none of your own equipment, no risk, and no maintenance costs? Cloud mining might be the right choice for you! Cloud mining scammers promise easy profits in exchange for a monthly payment. You pay, say, $1,000 per month for a certain amount of hashrate, and the website claims to send mining profits to your bitcoin wallet monthly. In reality, the website never pays back your initial investment, and it operates like a Ponzi scheme until everything collapses.

How to Avoid Cloud Mining Scams: It’s virtually impossible to make real profit through cloud mining. Yes, there are some legitimate providers out there, but most cloud mining services are scams.

Other Ways to Avoid Bitcoin Scams and Crypto Fraud

Here are some additional steps you can take to safeguard your crypto and defend your online accounts from scammers:

You Can Never Have Too Much Crypto Security

Your bitcoin is an incredibly valuable asset, and you have to protect that asset using every digital tool available to you. Your ultimate goal is to make your private key ownership as secure as possible.

The best way to do this is to take steps to make your passwords accessible to only one person – yourself. Keeping your Bitcoin in a wallet isn't the same as depositing it in a bank – there's no regulatory body like the FDIC to guarantee your funds from loss – so you've got to take personal steps to ensure you're the only one with access.

The safest wallet is one that is locally hosted on your own hardware, on a password-protected computer that has good overall security. Some bitcoin users even practice cold storage, keeping bitcoin stored on an offline computer until it needs to be used.

Choose the Right Crypto Services and Exchanges

Obviously, choosing the right crypto exchange is crucial for maintaining strong bitcoin security. Only use reputable exchanges with strong reputations. Never store more crypto in an exchange that you’re willing to lose.

Understand the Underlying Technology

One of the best ways to maximize crypto security is to educate yourself on the underlying technology. Research blockchain technology. Understand how private keys and encryption work. If you own a significant amount of crypto, it’s irresponsible to avoid learning about the underlying technology. By teaching yourself about the technology today, you can avoid being scammed tomorrow.

Double Check All Websites Before Entering Information

Phishing attacks can be surprisingly sophisticated in the world of crypto. Hackers have built entire copies of major exchange websites in an effort to lure in victims. You might have received an email encouraging you to reset your password, for example. Or, you might have accidently mistyped a website URL. One slip-up can cause your crypto accounts to disappear.

For other tips you can use to avoid bitcoin and cryptocurrency scams, visit here.

Crypto Exchange Trading Tips: How to Choose the Most Secure Exchange

Choosing the right crypto exchange is like choosing the right bank: you’re trusting a third party with control of your money. It’s an important decision that you should not take lightly – regardless of the amount of funds you plan to leave with the exchange.

6 Signs You’re Dealing with a Scammy Crypto Exchange

How can you identify and avoid crypto exchange scams? How can you prevent yourself from becoming a victim like users of some of the exchanges listed above? Keep reading to discover our favorite tips for avoiding bad crypto exchanges.

Limited Transparency

Where did the exchange come from? Where is it based? How can you contact the exchange? Scam exchanges have limited transparency regarding any aspect of their operation. If an exchange refuses to disclose any aspect of its operation, then why would you trust that exchange with your money?

Anonymous Team Members or Management

When a crypto exchange refuses to disclose information about its team, its managers, its executives, and others involved with the company, it’s a red flag you’re dealing with a scammy company.

Limited Banking Partnership Information

Banking partnerships can be tricky for crypto exchanges. Even legitimate crypto exchanges may struggle to find a banking partner. Conventional banks want nothing to do with crypto. That means crypto exchanges are often forced to use sleazy banks operating out of countries with dubious banking regulations.

Lack of Communication and Contact Options

A bad crypto exchange may have limited communication and contact options. There might be an online support submission form and nothing else, for example. When exchanges refuse to disclose transparent contact methods, it can be a red flag.

Copied Project Info or Whitepaper

Some exchanges publish a whitepaper or business plan online. With sleazier exchanges, however, these whitepapers are often copied or ripped directly from the websites of more legitimate exchanges.

Long Maintenance Downtime

Most scam exchanges don’t shut down overnight. Most exchanges slowly lose functionality to prevent users from making a run on exchange reserves. The exchange might claim withdrawals are temporarily suspended, for example. Or, they might claim that the exchange is in maintenance mode. In reality, long maintenance downtime can be the early sign of an exit scam. If a crypto exchange routinely goes down for unexplained reasons, it could be a sign of future problems.

Not all exchanges operate as scams, but exchanges that have one or more of the problems listed above may have problems.

Most Popular Crypto Hacking Methods

Up above, we talked about some of the most popular scams in the crypto community. Many of those scams are just plain old business scams: gullible investors are convinced to invest in a troubled company, for example. But some crypto scams take things to the next level: hackers infiltrate exchanges, change DNS servers, and use advanced intrusion techniques to gain powerful access.

Some of the most popular hacking methods in the crypto space today include:

DNS Hacks

DNS hacks are more advanced than the average crypto scam. With a DNS hack, a hacker takes control of a website’s server information, redirecting users to a malicious website instead of the original site. The scammer might have a duplicate version of a crypto exchange posted on that fake site, for example, encouraging users to enter their usernames and passwords to login.

How to Avoid DNS Hacks: Double check the SSL certificate of a website before you enter login information. The URL might look legitimate, but if you don’t see an SSL certificate or verification symbol in the address bar, then the website could be malicious.

SIM Jacking and Cryptojacking

A new type of crypto theft involves stealing someone’s phone number, then using that phone number to gain access to someone’s online accounts. To do this, a hacker will contact your carrier – like AT&T – and ask the support team to switch the victim’s number to a new SIM card. The hacker controls the new SIM card. The hacker might claim the victim’s phone was stolen, for example, and that they need the phone number transferred to a new phone. If the carrier’s support team falls for this scam, then the hacker gains complete control of the victim’s phone number, bypassing two factor authentication and phone-based authentication systems, allowing the hacker to gain access to the victim’s crypto accounts.

How to Avoid SIM Jacking and Cryptojacking Attacks: Instead of using phone-based authentication, use an app-based authentication system – like Google Authenticator. As long as you have control of your phone, you’ll be able to accept or deny any authentication request. These app-based authentication systems do not rely on your phone number.

Wallet Intrusions

There are dozens of popular crypto wallets available today, including software and hardware wallets. Both software and hardware wallets, however, can have latent vulnerabilities just waiting to be exploited. Hackers will comb through a hardware or software wallet to find these vulnerabilities and then steal user funds.

How to Avoid Wallet Intrusions: Use only popular hardware and software wallets. Update software wallets frequently with the latest security patches.

51% Attacks Against Blockchains

Blockchains are secured by a network of users. This network of users verifies transactions on the blockchain without the need for a centralized authority. Once the majority of users (more than 51%) have agreed on a particular change or addition, that change or addition is added to the blockchain. This system, unfortunately, falls apart when more than 51% of users act maliciously. Sometimes, hackers will use an army of computers to launch a 51% attack against a small blockchain. The hacker’s army overwhelms the current community, allowing hackers to verify illegitimate transactions for personal gain.

How to Avoid 51% Attacks: Avoid buying or using coins on smaller blockchain networks. Larger blockchains – like bitcoin – cannot be toppled by a 51% attack because there isn’t enough computing power in the world to launch such an attack. Smaller, newer blockchains, however, can become victims of a 51% attack, particularly in the early days after launch.

Malicious Mobile Apps

Sometimes, hackers will create a mobile app and post it onto the Google Play Store or iOS App Store. Often, the app is unrelated to crypto. It might be a calculator app or a stopwatch app, for example. It’s something innocent. The app has a hidden feature, however: it scans the user’s device for private keys, crypto apps, and other crypto-related information. By the time Google and Apple identify the problematic app, it’s already too late, and users have already lost funds.

How to Avoid Malicious Mobile Apps: Only download mobile apps from reputable publishers. Avoid giving apps unnecessary permissions. Your calculator app doesn’t need permission to view your photos and contacts, for example.

ICO and Exchange Website Hacks

Sometimes, an ICO website will be hacked to change the address of the ICO. Instead of ICO funds being sent to one address, for example, the hackers will post a fake wallet address. Users send their funds to a wallet controlled by the hackers instead of the legitimate ICO team. By the time the ICO team spots the problem, the hackers have collected an enormous amount of stolen funds.

How to Avoid ICO and Exchange Website Hacks: Verify the wallet is legitimate before you send funds to that address. Double check every address. Make sure the wallet address is posted on the ICO’s website and official social media.

Public Wi-Fi Hacks

Performing sensitive financial transactions over public Wi-Fi is generally a bad idea. Never perform a crypto transaction over public Wi-Fi. Hackers have used strategies like KRACK attacks to act as a ‘man in the middle’. Someone sitting at a Starbucks might believe they’re connected to the official Starbucks Wi-Fi network. In reality, the hacker has substituted a different network designed to steal any information sent and received.

How to Avoid Public Wi-Fi Hacks: Never do crypto-related transactions over public Wi-Fi or in any public space.

Site Clones and Phishing Attacks

Hackers might create a clone of a website, then substitute that clone for the real thing. They might email a victim the URL of the fake website and encourage them to enter a username and password. The user doesn’t realize the website is fake until it’s too late.

How to Avoid Site Clones and Phishing Attacks: Check HTTPS before you enter any information online. Double check the URL and SSL certificate to ensure you’re dealing with your legitimate exchange.

By educating yourself on hacking strategies used today, you can avoid being a victim of a crypto hacker in the future.

9 Hacker-Proof Security Tips: Protect Your Crypto Today

Whether you have $10 in your crypto wallet or $10 million, it’s crucial that you protect those funds from hackers and scammers. There’s no shortage of scammers trying to steal your crypto funds. Here are some tips that will help you protect your crypto today:

Create Strong And Complex Passwords

A good password is your first line of defense against scammers and hackers. Using strong, unique passwords on all your exchange and social media accounts is the best way to start safeguarding your accounts. Password creation strategies include:

  • Never use popular patterns and sequence in your passwords. Common numbers like ‘12345’ or common words like ‘password’ make the account more vulnerable to attacks.
  • Avoid using family names, birthdays, addresses and personal information in your password. A hacker can find this information online, then guess your password.
  • Dictionary words such as Mustang, monkey, password, and love, among others, are frequently among the top 50 most popular passwords used worldwide. Don’t use them.
  • Use unique passwords for all accounts. If one account or website is hacked, then the hacker won’t have access to all your accounts using that same password.
  • Avoid using repeated numbers, letters and patterns on the keyboard such as asdfg, aaa, 111 and qwerty.
  • Use capital letters and special characters to make your password even stronger.
  • Add spaces to your password to reduce the risk of being hacked.
  • Use misspelled words such as ‘My Pa$$word’. Hackers will use dictionaries of common words to break into accounts. If your password isn’t a word in the dictionary, then you have a huge advantage.
  • Use long passwords with unique characters consisting of uppercase, lowercase and special characters that are not easy to trace.

Share Crypto Details with Nobody

In a perfect world, nobody but you will know that you own cryptocurrencies. Share your crypto details with nobody – not even friends. If someone hears that, for example, you’re walking around with $1 million of bitcoin on your phone, then you’re instantly painting yourself as a target. Avoid sharing crypto details with anybody – whether it’s a colleague, a friend, or someone online. You might have a crypto password that’s 100% secure, but that security means nothing if someone is able to extract the information from you via blackmail, torture, or threats to your family.

Avoid Public Wi-Fi

Using a public Wi-Fi network can expose you to a ‘man in the middle’ attack. A hacker sets up a fake network in a public space, and all data passes through that hacker’s fake network. Using this strategy, a hacker can steal vital information you send online – including crypto login information and banking passwords, among other info. You can use your phone’s mobile network in public (like 4G and LTE), but avoid connecting to public Wi-Fi before performing crypto-related tasks.

Use LastPass for Password Storage

LastPass and other password managers use advanced encryption to securely store user passwords. It’s one of the best ways to store crypto passwords. Instead of storing passwords in an unsecured Word file on your own computer, you can trust LastPass to keep your information safe.

Never Click Social Media Links

Hackers use social media to spam links to gullible crypto users. A Telegram user claiming to be Bitfinex support staff might send you a message, for example, or someone could tweet a link to a URL that claims to give away free bitcoin. Avoid clicking any social media links or responding to random users on social media.

Share Crypto Information with your Heir, or Leave Access Instructions in Your Will

You never know where life will take you. You don’t want to end up like the 30-year old founder of Canadian crypto exchange QuadrigaCX, who died suddenly with no instructions on how to access the $135 million in crypto funds held by his exchange. Consider sharing crypto information with at least one person – like an heir – to ensure your funds pass on to the next generation. Many crypto users have left crypto-related instructions in their wills. If you leave no further instructions, then your crypto funds could be lost forever.

Avoid Malicious Websites and Phishing Emails

Fake phishing emails and scam websites can quickly steal your crypto fortune. Avoid visiting sleazy, low-quality websites. Don’t click on links in your email inbox from unknown sources. Avoid entering any crypto information online until you absolutely verify the source.

Update Everything Regularly

Even the best crypto software needs regular security updates. Make sure your software stays updated. Check for updates online regularly to avoid leaving yourself vulnerable to a known exploit.

Spread Crypto Funds Into Different Wallets

It’s never a good idea to store all your eggs in one basket. Instead of keeping 100% of your funds in one wallet, consider separating your funds into multiple wallets. If one wallet is infiltrated, then you don’t lose 100% of your crypto.

cryptocurrency wallet hacks infographic

Biggest Hacks and Thefts in Crypto History

Top 5 Worst Exchange Hacks in Bitcoin History

There have been many devastating exchange hacks in the history of bitcoin. Here are the five worst crypto exchange hacks to date:

1) Mt. Gox – 2014

Established in 2011, Mt. Gox was one of the first major exchanges in the bitcoin community. Everything seemed to be going well for Mt. Gox. Behind the scenes, however, Mt. Gox had suffered multiple security breaches over the years. These security breaches remained unknown until 2014, when the Mt. Gox team checked a cold storage server and found that 850,000 BTC were missing. Mt. Gox, which was handling approximately 80% of all bitcoin trades at the time of the collapse, declared bankruptcy, leaving traders out of luck.

2) Bitfinex – July 2016

In July 2016, it was discovered that 120,000 bitcoin were missing from major crypto exchange Bitfinex after a theft from the exchange’s multi-signature wallet. Worth about $80 million at the time, the theft was the biggest loss since Mt. Gox. Bitfinex absorbed the loss, giving all users a ‘haircut’ while issuing its own debt token. Bitfinex remains active and popular to this day. Unlike other exchanges on this list, it didn’t collapse after a devastating hack.

3) Coincheck – January 2018

The Coincheck hack from January 2018 was one of the most unusually underreported stories in crypto history. Japan-based Coincheck lost 523 million NEM tokens from an exchange wallet during the hack. The tokens were worth $500 million at the time (although they’re now worth ‘just’ $25 million). Coincheck, like Bitfinex, was able to absorb the loss. The exchange continues operating to this day, receiving an official crypto license from Japanese regulators in 2019.

4) BTC-e – July 2017

The FBI shut down popular crypto exchange BTC-e in July 2017 after concerns that the exchange was a massive money laundering operation. The U.S. Department of Justice unsealed an indictment against Alexander Vinnik, one of the operators of the exchange, charging him with 21 counts of money laundering and other financial crimes. The FBI claimed BTC-e was a hub of criminal activity, even claiming that the exchange was used to launder funds related to the Mt. Gox hack. The FBI claimed Vinnik played a role in stealing 800,000 BTC from Mt. Gox.

5) Bitgrail – February 2018

In February 2018, it was revealed that 17 million of Nano had been stolen from BitGrail, worth about $200 million at the time. There continues to be an air of mystery around this hack, with some evidence that the hackers were directly or indirectly involved with the attack.

There have been dozens of hacks in the crypto industry from 2011 to date, leading to the loss of millions of dollars of crypto and fiat currencies. You can read more about the history of crypto exchange hacks here.

Biggest Crypto Hacks and Thefts from 2018

2017 was the year many people heard about crypto for the first time. As crypto went more mainstream in 2017 and 2018, hacks and thefts became increasingly common. Some of the biggest crypto hacks, thefts, and scams from 2018 included:

Coincheck Hack

In January 2018, a group of hackers breached Japan-based Coincheck’s defenses, stealing 500 million NEM (worth $530 million at the time). It’s still one of the top five largest crypto thefts in history.

Giza

This scam was carried out through the use of a professional-looking ICO campaign. Giza marketed itself as a company that had developed an ultra-secure crypto wallet allowing users to store all their virtual assets in one place. The project raised $2.4 million from an excited community. Then, the development team suddenly disappeared offline. They stopped responding to emails. The website was taken down.

Later, it was revealed that Giza’s team consisted entirely of hired actors. Photos on the website had been pulled from various Instagram accounts. The entire project was designed as a scam from the ground up.

Mining Max

US-based firm Mining Max was able to raise a whopping $250 Million USD from investors by claiming to operate an Ethereum mining operation. The project seemed legitimate, and early investors even received strong initial returns as advertised.

Within two months of launch, however, it was clear that Mining Max had no real business plan in place. Investors were being paid by the deposits of new customers. After complaints from investors, Korean authorities charged Mining Max’s founders with fraud.

Benebit

Benebit was another ICO scam that fooled a lot of people using a sleek presentation and professionally-designed website. Benebit claimed to have developed a unique cryptocurrency that rewarded users for their loyalty. Benebit’s team raised $3 million from the scam. Later, it was revealed that Benebit had no substance: it was all marketing hype. The company spent $500,000 on marketing and $0 on everything else. Benebit was a complete scam.

Bitconnect

Most of the crypto community realized BitConnect was a scam from the early days. The company refused to disclose its location or management team. It had no real business plan in place. It operated as a pyramid scheme where the returns of older investors were paid by the deposits of new investors. Like all Ponzi schemes, BitConnect eventually collapsed. BitConnect Coin (BCC) plummeted from $400 to $0 within a week. Investors lost millions. To this day, the main founding team of BitConnect has not been identified or charged, making BitConnect one of the most successful scams in crypto history.

Seele ICO Impersonation

Seel is a legitimate company that became victimized by Telegram scammers. Scammers infiltrated the official Seele Telegram channel and pretended to be representatives of the company. Scammers were able to convince users to send money to fake addresses as part of the ICO. An estimated $2 million of ETH was lost during the attack.

Confido

Confido held a successful ICO in November 2017, raising $350,000 to develop a smart contract-based business management platform. The project sounded good to investors. Confido’s native currency swelled in value, eventually rising to a price of $1.20 per token. Within months of the ICO, however, it became obvious that Confido had no business plan or real project goals in place. The founding team and company website disappeared from the internet overnight, never to be seen again.

Mybtgwallet.com

The Mybtgwallet scam was created by an anonymous member of the Bitcoin Gold community who went by the pseudonym John Dass. Dass promoted Mybtgwallet across the internet, luring users into thinking it was a legitimate Bitcoin Gold wallet. Unfortunately, an analysis of the Mybtgwallet.com code revealed that the site was designed to steal the private bitcoin keys of users. An estimated $3.3 million was lost during the Mybtgwallet.com account from users attempting to claim their Bitcoin Gold (BTG).

Karbon

Karbon, like other projects on this list, seemed legitimate at first glance but quickly revealed itself to be a scam. The company raised over $200,000 during its ICO, promising to use the funds to develop a decentralized social marketplace based on Ethereum. Soon after, however, the company and its founding team disappeared online, failing to ever deliver on any promises made to investors.

Plexcoin

Plexcoin launched with similar goals to BitConnect and other crypto pyramid schemes. Gullible users were promised enormous returns with no risk whatsoever. During the ICO, Plexcoin’s founders hyped the project as ‘The next BitConnect’, claiming that Plexcoin tokens would eventually reach similar heights to BitConnect Coin (BCC). PlexCoin, unfortunately, never went live. After the ICO, the Plexcoin team eventually stopped responding to messages. Authorities would charge a man named Dominic Lacroix with fraud.

Taiwanese Dragon Coin Scam

Last summer, in August 2018, Taiwanese authorities received a complaint about a crypto scam targeting wealthy international investors. That scam had already scammed $24 million from victims.

Authorities traced the scam back to a man named Prinya Jaravijit, who allegedly targeted Aarni Otava Saarimaa, a Finnish investor, and his Taiwan-based business partner, Chonnikan Kaewkasee. Jaravijit had convinced the two victims to invest in Dragon Coin, a fraudulent gambling and casino coin.

Vietnamese ICO Scam

Vietnamese investors lost an enormous amount of money through two ICOs in 2018. The two ICOs, Pincoin and iFan, lured investors with promises of easy money. iFan claimed to be a social network for celebrities based on decentralized infrastructure, while Pincoin was an ERC20 token for an advertising network. While both projects launched with enormous goals, both projects failed to deliver.

Overall, it’s estimated that nearly one billion dollars was stolen through crypto hacks, thefts, and scams in 2018.

ICO Scams: The Biggest Exit Scams and Fundraising Fraud in Crypto

There have been a number of major ICO scams in recent years, including all of the following:

Pincoin and iFan ($660 Million)

Pincoin was a two part scam targeting investors in Vietnam. 32,000 people were victimized from the scam, causing total losses of more than $660 million. The creators of Pincoin doubled down on their scam by launching a separate project called iFan. Neither project ever came to fruition, and investors were left with enormous losses. It seems likely that Pincoin and iFan was the biggest scam in crypto history based on the amount of money stolen from investors.

Centratech ($32 Million)

Centratech was in the news only months ago for its partnership with DJ Khaled and Floyd Mayweather. Centratech paid celebrities to talk about its exclusive Visa and MasterCard debit cards that would allow consumers to spend cryptocurrencies as easily as fiat currencies wherever credit cards were accepted. The idea never came to fruition.

Centratech’s founders were eventually charged by the SEC, but only after raising $32 million during the ICO. Centratech’s fraudulent activity included fabricating biographies of everyone involved with the company, inventing technology, and making absurd promises about the benefits of the Centratech debit cards. Fortunately, all funds were returned to investors, and the founders of Centratech are legally forbidden from participating as an officer or director in any future security offering.

OneCoin ($30 Million)

OneCoin was labeled as a Ponzi scheme in India in July 2017, then was later fined by Italian authorities in September 2017. The controversial project seemed legitimate at first glance, but it was later discovered to be a complete scam. OneCoin claimed to be developing ‘one coin’ to rule over the internet. In reality, the project had no real coin, no real technology, and no real blockchain. It was a massive scam. Authorities in China eventually seized $30 million from OneCoin scammers.

Plexcoin ($15 Million)

Plexcoin was an obvious Ponzi scheme from the early days of launch. The company’s business model was based on a pyramid scheme: the returns of older investors would be paid by the deposits of newer investors until the scheme collapsed. Plexcoin ran a hype-fuelled ICO with promises of building one of the biggest projects in crypto history. Plexcoin, unfortunately, never got off the ground: the company’s founders disappeared from the internet soon after the ICO, and Plexcoin never launched.

BitCad ($5 Million)

It’s not totally clear if BitCad was a legitimate project or if it was a genuine scam. However, the project raised $5 million with the goal of putting governmental organizations and transactions on blockchains to boost efficiency. By the end of the year, BitCad’s progress had fizzled out. The team stopped responding to messages, and there have been no new updates ever since.

Benebit ($2.7 Million)

In January 2018, Benebit pulled an exit scam, disappearing with $2.7 million of investor funds after running a successful ICO in late 2017. The project was well-reviewed by the crypto community and appeared to be legitimate. Clues on the whitepaper and website, however, indicated that Benebit was a scam. As soon as news of the scam hit the internet, Benefit’s founders pulled all site material offline and disappeared entirely.

Authorship ($1 Million)

ERC20 token project Authorship raised $1 million with the goal of building a decentralized system where writers, translators, and journalists could exchange ATS tokens for their work. The project looked more legitimate than the average ICO scam. However, the crypto community quickly realized that Authorship had a fake address and problematic business plan. One of the final signs that Authorship was a scam was when the project failed to distribute tokens reserved for bounties and referrals.

Opair and Ebitz ($1 Million)

Opair’s ICO was one of the first in crypto history. Launched in 2016, the Opair ICO raised more than $1 million with the goal of developing decentralized debit cards. It was quickly discovered that the Opair team had fake social media profiles and fake biographical information posted online. The founding team disappeared offline with all investor funds. Later, the same man who launched the Opair ICO was found to have launched the EBITZ ICO. Ebitz, built on a version of Zcash, used the same server DNS records as Opair, although the crypto community spotted the scam before trouble started.

10 Ways to Identify and Avoid an ICO Scam

ICO scams have stolen millions of dollars from unsuspecting crypto users. How can you avoid becoming another victim? Here are some tips for identifying and avoiding an ICO scam:

Understand the Difference Between an Open Cap and a Hard Cap

Most legitimate ICOs have a hard cap: there’s a set limit on the amount of funds that can be raised because there’s a set limit on the number of tokens available. ICOs with an unlimited cap may be trying to launch a scam.

Avoid ICOs with Empty Code Repositories

Legitimate ICOs often post their code repositories online using platforms like Github. Investors can check the repositories and verify the project has already developed real code. When a company refuses to share its code or a repository, it’s a sign the project has developed no real product.

Research the Development Team

A good ICO team is filled with experienced and accomplished professionals with a history of bringing business projects to fruition. If an ICO refuses to disclose team information, posts fraudulent team information, or has an unqualified team, then it’s a red flag you’re dealing with an ICO scam.

Avoid Incomplete Whitepapers

All good ICO projects have a whitepaper detailing the future goals of the team, including specific timelines, features, project goals, and more. When an ICO has no whitepaper, a poorly-designed whitepaper, or a blatantly-copied whitepaper, then it’s a sign the project could be fraudulent.

Look For a Clear Roadmap

An ICO’s roadmap explains when the company plans to meet certain goals. An ICO without a clear roadmap is doomed to fail. Look for a clear roadmap with real, attainable goals prior to investing in an ICO.

Check for Unbalanced Token Distribution

ICOs distribute tokens to the public. However, token distributions vary widely between projects. A scam token project may reserve 50% of the tokens or more for the team, for example, which could indicate the team plans to pull an exit scam. Verify token distribution before investing in an ICO.

Is the Company Really Using Blockchain Technology?

Some companies launch an ICO simply to capitalize on hype: they have no interest using blockchain technology. This could indicate the company is all hype with no substance. Other ICOs simply distribute arbitrary digital tokens that aren’t based on blockchain technology, which means there’s no way to verify how token distribution works. This can also indicate a scam.

Look for Community Involvement

The entire blockchain and crypto space was built on collaboration. Good ICO projects are often backed by a strong community. Watch for ICO projects surrounded by strong community support. An ICO project with a small or non-existent community may have something to hide.

Read Reviews and Monitor Online Talk

If you did a quick Google Search for BitConnect or PlexCoin prior to investing in the infamous pyramid schemes, you would have quickly learned that they were pyramid schemes. Websites like our own at BitcoinExchangeGuide.com are dedicated to uncovering scams. Don’t just immediately invest in an ICO because someone on YouTube told you to. Do your own research.

Watch for Plagiarism

Many ICO projects have one thing in common: plagiarized information. Team photos may be copied from other websites, for example. The whitepaper may be a knock-off from a legitimate crypto project. Plagiarism is a guaranteed sign you’re dealing with an ICO scam.

Using the strategies listed above, you can avoid ICO token scams and prevent yourself from falling victim to ICO scammers.

The Dark Web and Money Laundering: Crypto’s Shady Side

Since bitcoin launched in 2009, the world’s largest cryptocurrency has had a dirty secret: it’s an excellent way to launder money and complete illegal transactions.

Bitcoin and other cryptocurrencies continue to have a shady side today. Thanks to exchanges with lax regulatory policies, criminals continue to use cryptocurrencies to launder money and complete illegal transactions online.

Bitcoin would not be as popular today if it were not for the dark web. Even today, bitcoin transaction volume would plummet if all money laundering activity and illegal transactions suddenly stopped.

Its true: bitcoin has a dark history. However, bitcoin’s dark history has also made it what it is today.

Bitcoin and Silk Road: The First Major Bitcoin Use Case

In 2009 and 2010, bitcoin was a niche technological toy with few real use cases. Somebody bought two pizzas with bitcoin in May, 2010, marking the first real-world transaction involving the digital currency. At this time, however, few merchants accepted bitcoin. You could buy 1 BTC for a few pennies. Nobody knew how high bitcoin would climb.

That all changed with the launch of Silk Road in February 2011. Silk Road was an online marketplace operating on the dark web. It was the first modern darknet market, allowing users to purchase goods and services without censorship or interference. You could buy and sell prescription drugs and illegal drugs on Silk Road, for example. You could hire hitmen on Silk Road.

The rise of Silk Road and the rise of bitcoin occurred simultaneously: the two complemented each other nicely.

Buyers and sellers on Silk Road needed a secure, anonymous, fast, and easy way to send and receive money. They couldn’t use credit cards – where transactions would be blocked by Visa and MasterCard. And they couldn’t use cash – the preferred currency of traditional drug dealers – because transactions took place online.

Bitcoin was the perfect currency for a marketplace like Silk Road:

  • Bitcoin was anonymous
  • Bitcoin could be transferred online without the need for centralized third parties, acting as a true P2P currency
  • Bitcoin could not be censored or shut down
  • Bitcoin chargebacks are impossible; transactions are irreversible once completed

In short, bitcoin was the perfect medium of transfer for a marketplace dedicated to selling illegal goods and services.

By February 2013, Silk Road had been shut down. Its owner and founder, Ross William Ulbricht (operating under the pseudonym Dread Pirate Roberts) had been arrested. The FBI seized the exchange’s bitcoin, then sold that bitcoin during an auction in 2014.

Silk Road Hurt Bitcoin’s Reputation – But It Enhanced Bitcoin’s Adoption

At first glance, it might seem that Silk Road would be a very bad thing for a growing currency, forever tainting that currency with a reputation for illegal activity. Bitcoin, however, shook off that reputation and continues operating successfully to this day.

Looking back, it’s clear that Silk Road hurt bitcoin’s reputation but enhanced its adoption. Because of Silk Road and other darknet marketplaces, bitcoin had a reputation as a currency used for illegal activity.

Today, bitcoin still has that reputation among certain groups of people. Many people continue to view bitcoin as a tool for illegal activity.

“You can hire a hitman with bitcoin!” they say. “Isn’t that what you used to buy drugs on the internet?”, they ask.

The end of Silk Road was the start of a new beginning for bitcoin, however.

The FBI seized 26,000 BTC from Ulbricht’s Silk Road accounts, causing the USD/BTC exchange rate to plummet. The FBI later sold all 29,657 BTC at auction over a series of 10 blocks, causing the USD/BTC exchange rate to sink even further.

The Silk Road BTC auction was a crucial turning point for bitcoin. Silicon Valley venture capitalist Tim Draper purchased a large portion of the seized Silk Road bitcoins, later lending them to a bitcoin startup in the Bay Area.

Over time, people realized that there were other uses for a decentralized, censorship-resistant currency not tied to any specific country.

After the death of Silk Road and Silk Road 2.0, bitcoin gradually lost its reputation as a seedy online currency used for illegal activities. Although there’s still plenty of illicit crypto volume today, there are also more legitimate use cases than ever before.

In many ways, we can thank Silk Road for getting bitcoin to where it is today.

SEC Notices and Alerts: What Does America’s Top Regulator Think About Crypto?

Clearer Crypto Regulations Could Prevent Future Scams

Crypto isn’t the only industry that has scammers. There are pharmaceutical scammers. Legal scammers. Video game scammers.

One thing that makes crypto unique, however, is the lack of regulatory clarity. In many countries, bitcoin has an uncertain regulatory status. We don’t even know if bitcoin is a currency or a security, for example.

That’s why the SEC doesn’t care as much about bitcoin scams as it does about, say, fraudulent activity within a publicly traded company. The Securities and Exchange Commission (SEC) is concerned about the exchange of securities. Bitcoin and other cryptos haven’t been declared securities. They also haven’t been declared currencies, so they lie outside the jurisdiction of regulatory agencies that would typically handle currencies.

If regulators can answer the following questions, then we may be able to reduce future crypto scams:

Is Bitcoin Actually Money? Bitcoin is designed as a currency. But it also has properties that are unlike traditional fiat currencies. Some regulators have indicated that bitcoin is money, while others claim it’s not money.

Are Cryptos Commodities or Securities? Some regulatory agencies – including the SEC – treat cryptocurrencies as commodities instead of securities. However, some cryptos function just like securities. The value of XRP, for example, is closely tied to the value of Ripple. As the value of Ripple (the company) increases, the value of XRP (the currency) also increase – just like a stock or security. Regulators need to clarify which cryptocurrencies are commodities and which are securities – or if there should be another new definition.

Who Should Regulate Crypto? The SEC can’t regulate crypto because cryptos aren’t securities. The CFTC can’t regulate cryptos because they’re not technically commodities either. Today, it’s unclear who should regulate crypto – but we need to answer that question moving forward.

Who is Responsible for Bitcoin? Many cryptocurrencies are decentralized. They’re not run by a single organization or authority. There’s no single person to be charged or prosecuted when illegal actions are performed. We still don’t know who bitcoin creator Satoshi Nakamoto is. For all of these reasons, it can be difficult to know who should face penalties from crypto scams.

Bitcoin Scams and Crypto Hacks Conclusion:

bitcoin-crypto-asset-hack-theft-lossesWhew-wee, oh me oh my wowwee – by now your cryptocurrency security guidance should be slightly improved since you first visited this valuable bitcoin market research on all of the crypto hacks made available.

These unfortunate ‘crypto crimes of the century cases' are said to have been responsible for an estimated 6 million bitcoins being stolen. This is an astoshining 30-35% of the totoal circulating supply of BTC coins out of the 17.62 million that have been issued as of April 2019. Last year, in 2018, it was reported as stolen crypto funds were near $1.7 Billion, being up 400%. Also not this is seeing a bitcoin price curve of going from $19,000+ to $3,000 range.

While even the best cryptocurrency exchanges are never ideal to keep large amounts of funds stored there, stock markets on the flip side have was shown to have $950M in 2018, $266M 2017, $152M 2016. The recognized bitcoin scams were responsible for generating in the neighborhood of $725 million worth in 2018 as well. Also expect us to be highlighting all of the new crypto mining malware scripts and cryptojacking of web browsers for cpu power.

We will also have be tracking all the SIM swapping, crypto dusting, shadow money service businesses (MSBs) and next-generation crypto mixers tactics being used to dupe users of bitcoin holdings mismangement. The shift of crypto asset use is shifting into developed countries all around the world and high-profile hacks will likely keep happening until people, protocols and policies start to mesh and integrate with one another for a cleaner crypto ecosystem.

Ongoing Updates: Organizing Unique Crypto Hacks List

We compiled this historical list of chronological order of bitcoin scams and crypto asset losses to help the today's user of bitcoin's financial system use case as ‘programmable money' because these hacks are often systematic and strategic efforts by professionals and likely will only accelerate as bitcoin's value returns.  We hope this two-part guide was beneficial to everyone who managed to read, apply and learn these bitcoin user tips and protection education.