The major cryptocurrency hacks, thefts, insider thefts, frauds and scams that have taken place in the last decade are compiled herein. What can we learn from the ongoing thefts of cryptocurrencies? By aggregating the attacks we can find some interesting findings that lead to sound advice in order to safeguard ourselves.
The list shows the date, target, attack type, cryptocurrency taken and the amount (in USD) stolen from January 2011 to December 2019.
Phew, it’s a long list of security breaches, inside jobs, thefts, hacks and stolen cryptocurrencies!
Looking at the list of thefts it is clear that when millions of dollars are stored in exchange hot wallets that some cyber thieves and employees working at exchanges (insiders) are tempted to steal the money.
The pie chart shows that Cryptocurrency Exchanges appear to be a nexus where hackers and thieves attack most often (65% of all thefts). Wallets at 18% and ICO scams at 7% are the second and third most reported theft types.
The most common are security breaches (internal and external hacks) and inside jobs. Of the 46 recorded thefts, 23 were security breaches, 18 were inside jobs and the remaining attacks were reported only once each.
The truth is that insiders with access to user accounts, wallets and passwords are nearly impossible to stop.
Exchanges are targets because they are the most lucrative with a single or a few hot wallets storing large amounts of cryptocurrency. Again, the highest amount of funds stolen occur from exchanges. Since 2011 the total taken is reported at 1.5 billion dollars USD (total for all thefts is 1.84 billion dollars USD).
Based on the compiled cryptocurrency thefts we can distill some advice.
1. Don’t leave your cryptocurrency on exchange wallets.
Many cryptocurrencies have been subject to hacks, inside jobs, theft, scams, and frauds, due to the nature of cryptocurrencies. Lack of regulation only adds to the problem. While thieves can’t hack the bitcoin algorithm or blockchains (which are immutable) they can hack the digital holdings (personal and company wallets) and exchanges. Exchanges are a favourite target for remote hackers or onsite insiders. Leaving your coins on an exchange wallet along with thousands of others becomes a tempting target for a hacker who can gain access to the hot wallets or insiders (employees) who can access both hot and cold wallets. Holding your own keys avoids enterprise risk as well, if an exchange goes bankrupt and out of business your cryptocurrencies if they are on the exchange at the time of the bankruptcy declaration are likely to be given to creditors as part of their business (akin to bank bail ins using their depositors' funds).
2. Use 2 factor authentication wherever possible.
Use 2FA and use multiple layers of security including strong passwords. It won’t stop insider theft of personal data or cryptocurrencies but it will stop outside hacks from gaining entry to your account.
3. Conduct extra due diligence.
If considering buying coins during an initial coin offering capital raise determine if the CEO, team, and backers have any red flags. What is the CEO and team's history (do they have a social media web presence)? Are they transparent, open, interactive, professional with reputable partners and small investors?
4. Hold your own private keys.
Store your coins and keys on a hack resistant, reputable wallet. Use encrypted offline wallets like Ledger or Trezor.
5. Manage your mobile wallets carefully, choose a reputable wallet for offline storage.
Do not store wallet passwords and recovery phrases on your mobile phones, if your phone is hacked your wallet information can be stolen along with access to your cryptocurrencies.
As small retail investors we work too hard to buy our favourite cryptocurrencies only to watch them disappear if stolen by opportunistic thieves!
Don't be a victim like the others who have lost close to 2 billion dollars. Make sure you safeguard your investment going forward.