In 2020, five major digital currency exchange hacks took place. Four hacks resulted in the theft of digital currency while one involved stolen customer data. In total, $286,933,760 worth of digital currency and 200 pieces of customer data were stolen from digital currency exchanges in 2020.
The amount of exchange hacks that took place in 2020 (5) is 58% lower than the number of hacks that took place in 2019 (12), and the amount of money stolen in 2020 ($286,933,760) is roughly 2% less than the total amount of money stolen from digital currency exchanges in 2019 ($292,665,886).
So why did fewer digital currency exchange hacks take place in 2020? For a combination of reasons; for starters, digital currency exchanges are no longer a prime target for attackers. These days, most digital currency exchanges have strict policies, better security, and relationships with law enforcement officials and blockchain analytic firms that allow them to track funds that illicitly leave, or enter, the exchange. That being said, there is a much higher probability that a digital currency exchange attacker will be caught than there was in the past.
This brings us to the second reason why there were fewer digital currency exchange hacks in 2020—because there were more DeFi platform hacks, and that is because DeFi platforms have become the prime target for attackers.
Many of these platforms require little to no KYC, are still in their infancy, and do not have very secure technical infrastructure which makes it much easier for an attacker to steal funds while going undetected.
Let’s take a closer look at the digital currency exchange hacks of 2020, and how much digital currency, fiat, and customer data was stolen in each incident.
Date: February 5, 2020
Amount stolen: roughly $70,000 at the time of the attack
On February 5th, the Italian digital currency exchange Altsbit was hacked when an unauthorized party gained access to Altsbit hot wallets and stole coins and tokens. The attack resulted in the loss of 6.929 BTC, 23.21 ETH, 3,924,082 ARRR, 414,154 VRSC, and 1066 KMD. Although those amounts seem insignificant, they were a major part of Albit’s treasury, so much so that Altsbit shut down their platform after the attack took place. At the time of the attack, the funds were worth roughly 70,000.
Date: June 2, 2020
Amount stolen: customer data from 200 users
On June 2nd, Coincheck announced that a third party gained access to the platform’s domain registry service and was able to obtain Coincheck user’s email addresses and personal data. Coincheck said that the personal data that could be in the possession of the attacker includes the user’s name, registered address, date of birth, phone number, ID Selfie, as well as the contents of any email they sent to Coincheck between May 31st to June 1st, 2020.
Date: July 10, 2020
Amount stolen: 336 BTC
On July 10th, The United Kingdom-based OTC exchange Cashaa was hacked for 336 BTC. The hack occurred when an OTC transaction manager claimed that the systems Cashaa provided him with were not working and requested to perform his work duties off of his personal computer. Shortly afterward, hackers got control of the Cashaa employee’s computer and moved 336 BTC out of the Cashaa exchange’s hot wallet into their own personal wallet.
Date: September 8, 2020
Amount stolen: $5,323,517
In early September, the Slovakia-based digital currency exchange, Eterbase experienced a hot wallet breached that resulted in six digital currencies—BTC, ETH/ERC-20, XRP, TRON (TRX), Tezos (XTZ), and Algorand (ALGO)—being stolen
Some $3,945,664 was stolen from the ETH/ERC-20 wallet, $471,559 was stolen from the XTZ wallet, $406,620 was stolen from the ALGO wallet, $339,573 was stolen from the XRP wallet, $114,954 was stolen from the BTC wallet, and $45,148 was stolen from the exchange’s TRX hot wallet.
Date: September 25, 2020
Amount stolen: $275 million
Just two weeks after Eterbase was hacked, the digital currency exchange KuCoin experienced a hot wallet breach that resulted in the theft of $275 million. The attacker was able to steal 14,713 BSV, 26,733 LTC, 18,495,798 XRP, 999,160 USDT, 1,008 BTC, 9,588,383 XLM, and 199,038,936 TRX, along with ETH and several ERC-20 tokens out of the KuCoin hot wallet. Although it has not been verified, KuCoin co-founder and CEO Johnny Lyu says 84% of the funds stolen have been recovered.
Better luck next year
Unless KuCoin really has recovered a majority of the funds stolen from them, the amount of money stolen from digital currency exchanges in 2020 rivals the amount stolen in 2019 even though far fewer hacks took place.
Hopefully, even fewer digital currency exchange hacks take place in 2021 and even less money is stolen—but only time will tell if that is the case.
See also: CoinGeek Live panel on The Future of Digital Asset Security & Custody
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.