A Review of the Top 10 Centralized Exchange Hacking Incidents in History

Author: Beosin

In recent years, centralized exchanges (CEX) like Mt. Gox and WazirX have suffered significant losses due to external hacking attacks, while other exchanges like FTX have collapsed due to internal fund mismanagement. Even industry giants like Binance and Coinbase face existential threats from the world's most powerful financial regulators.

Decentralized exchanges (DEX) can effectively defend against these three major threats—hacking, fraud, and regulatory overreach—that have long plagued CEX. Of course, aside from "hacking," there are other threats. For instance, FTX's collapse involved poor management by its executives and misuse of customer funds, a situation that is less feasible on DEX due to their inherent structure promoting transparency and user control.

This article explores the largest vulnerabilities in the history of major centralized exchange hacking incidents, from notorious breaches to systemic flaws, as the cryptocurrency world has experienced turmoil. Here, we review the top 10 most severe hacking events involving centralized exchanges.

10. Bithumb Hacking: Repeated Strikes

Founded in 2014, Bithumb quickly became a cornerstone of the South Korean cryptocurrency market, boasting over 8 million registered users and a trading volume exceeding $1 trillion. Despite its prominence, Bithumb has been repeatedly attacked.

Starting in 2017, Bithumb suffered multiple breaches:

• February 2017: Hackers stole $7 million.
• June 2018: Employee personal data was exploited to steal nearly $32 million in cryptocurrency.
• March 2019: Bithumb announced another breach, pausing deposits and withdrawals after losing about $20 million in EOS and XRP.
• June 2019: Bithumb was attacked again, with hackers stealing $30 million worth of digital tokens.

Assets reported stolen during the June 2018 Bithumb hacking incident

In response to the repeated violations, South Korea's Ministry of Science and ICT (MIC) launched a thorough investigation, primarily uncovering:

• Insufficient network isolation.
• Poor monitoring systems that could not distinguish between normal and suspicious activities.
• Inadequate management of cryptographic keys and passwords.

9. WazirX Cryptocurrency Hacking Incident

In 2024, 108 incidents resulted in losses of over $473 million in cryptocurrency due to hacking and fraud. WazirX alone accounted for 86.4% of the total cryptocurrency losses in July due to hacking.

Indian CEX WazirX announced plans to freeze withdrawals on July 18, 2024, after a significant wallet vulnerability attack led to over $230 million in cryptocurrency being transferred without authorization. This attack targeted WazirX's multi-signature wallet on Ethereum.

Over $100 million in Shiba Inu (SHIB), 20 million MATIC tokens ($11 million), 64 billion PEPE tokens ($7.5 million), 5.7 million USDT, and 135 million GALA tokens ($3.5 million) were stolen.

Despite employing advanced security measures like hardware wallets and address whitelisting, WazirX fell victim to a complex attack. This necessitated a comprehensive security audit and continuous improvement of digital asset protection measures. The risks of centralized control of private keys were evident.

8. Binance Hacking Incident: A Stark Reminder of Cryptocurrency Vulnerabilities

In 2019, the world’s leading cryptocurrency exchange Binance experienced a major centralized exchange hacking incident. On May 7, malicious attackers exploited phishing and virus attacks on Binance's security system, stealing users' two-factor authentication codes and API keys.

This breach allowed them to steal 7,074 bitcoins from the exchange's hot wallet in a single transaction, worth over $40 million at the time.

Following the incident, Binance CEO Changpeng Zhao announced the establishment of a Secure Asset Fund for Users (SAFU) to protect users' funds in extreme situations. Despite these measures, Binance faced another significant security challenge in October 2022. Hackers exploited the cross-chain bridge BSC Token Hub to illegally generate and steal 2 million BNB tokens, amounting to approximately $570 million.

7. KuCoin: A Hollywood-style Heist

In September 2020, KuCoin experienced a Hollywood-style heist, ranking among the top centralized exchange hacking incidents. Hackers initiated a cunning attack, siphoning Bitcoin and Ethereum into a mysterious wallet. As the digital thieves accessed KuCoin's hot wallet private keys, the plot thickened.

The next day, as KuCoin CEO Johnny Lyu addressed the world in a live broadcast, the crypto community was already on edge. The KuCoin team reacted swiftly, transferring remaining funds to a new hot wallet, shutting down the compromised wallet, and temporarily freezing all customer transactions to mitigate further risk.

Further investigation revealed that the stolen funds included various cryptocurrencies such as BTC, ETH, LTC, and XRP, totaling approximately $281 million. Despite the heavy losses, proactive measures taken by KuCoin recovered about $204 million of the stolen funds within weeks.

Interestingly, KuCoin collaborated with international law enforcement to attribute the cyber attack to a suspected North Korean hacker group.

6. BitGrail: An Inside Job

Italian cryptocurrency exchange BitGrail became embroiled in controversy after the platform was hacked for €120 million ($146.55 million). Italian police accused Firano (also known as "FF") of possibly being involved in the hacking or neglecting to strengthen security measures after initially discovering the vulnerability.

This series of events led to the loss of funds for approximately 230,000 users, with Firano facing charges of computer fraud, fraudulent bankruptcy, and money laundering, marking one of the largest financial violations in Italian history.

In the aftermath, the Italian bankruptcy court took decisive action, declaring Firano and BitGrail bankrupt. The court also ordered Firano to return as much of the stolen assets to customers as possible.

Additionally, the court approved the seizure of Firano's assets, including over $1 million in personal items and millions of cryptocurrencies in the BitGrail account. The court found that software defects in the BitGrail platform led to multiple improper withdrawal requests.

In centralized exchanges like BitGrail, control over all assets and security measures is centralized, making them enticing targets for hackers.

5. Poloniex: The Tale of Two Hacks

Poloniex has suffered two significant security breach attacks.

In March 2014, hackers exploited a software vulnerability to steal 97 bitcoins, accounting for 12.3% of the exchange's bitcoin holdings at the time. Despite the setback, Poloniex successfully rebounded and fully compensated affected users.

Fast forward to November 2023, the exchange was attacked again, this time more severely. The attackers were suspected to be linked to the Lazarus group from North Korea, who stole private keys and took approximately $126 million from Poloniex's hot wallet.

The modus operandi included using social engineering and malware to obtain critical private keys. After the breach, complex strategies were employed, including sending different tokens to specific addresses and laundering through decentralized exchanges, making tracking and recovery difficult.

4. Bitstamp Theft Incident

Cybercriminals targeted Bitstamp's system administrator Luka Kodric, who unknowingly downloaded a malicious file that compromised the exchange's security. The malware was hidden in a harmless document, activating a script that infected Bitstamp's servers, allowing hackers access to critical wallet.dat files and passwords.

Upon realizing the vulnerability, Bitstamp quickly took action, forming an emergency team and alerting the entire company. Despite these measures, hackers successfully stole 18,866 bitcoins from the hot wallet, resulting in a loss of approximately $5 million at the time of the breach.

Afterward, Bitstamp undertook a massive overhaul of its trading platform, opting for a complete rebuild rather than patching. They migrated their infrastructure to Amazon's secure cloud servers in Europe, implemented multi-signature wallet access, and hired Xapo for cold wallet management.

3. Bitfinex Theft Incident

In August 2016, Bitfinex experienced a cyber attack. Hackers exploited vulnerabilities in the multi-signature security system supported by BitGo. They manipulated the security protocol to illegally withdraw 120,000 bitcoins from Bitfinex's hot wallet.

Following the hacking incident, Bitfinex maintained transparency regarding financial losses. The losses were distributed across user accounts, with each account losing 36%. To mitigate the losses, Bitfinex issued BFX tokens to affected users, which could be redeemed for dollars or shares in iFinex Inc., facilitating gradual recovery.

2. Coincheck Theft Incident

At the end of January 2018, the renowned Japanese cryptocurrency exchange Coincheck suffered one of the most severe centralized exchange hacking incidents in history. Hackers breached the exchange's hot wallet, stealing 523 million NEM tokens, worth approximately $534 million at the time.

Despite previous lessons from other hacking incidents, Coincheck still stored a large amount of assets in hot wallets and lacked sufficient multi-signature protection. After the attack, the exchange immediately halted all deposits and withdrawals to prevent the flow of stolen funds.

The cryptocurrency community quickly rallied to prevent the stolen assets from being liquidated. Exchanges like ShapeShift prohibited trading of the stolen NEM coins and flagged related addresses to prevent further transactions. Despite these efforts, a full recovery of the funds remained unfeasible.

1. Mt. Gox: An Unforgettable Hacking Incident

The Mt. Gox hacking incident remains arguably the most notorious and high-profile cryptocurrency theft, primarily due to its scale and timing. This major event is a classic case of top centralized exchange hacking incidents.

In 2011, Mt. Gox, then the world's largest bitcoin exchange, first encountered a significant security breach, resulting in the loss of 25,000 bitcoins. The situation worsened in 2014, culminating in a catastrophic theft of approximately 850,000 bitcoins.

The impact of this hacking attack was immense, affecting bitcoin prices and the trust of the global cryptocurrency community. "I almost lost everything. It forever changed my view on the security of digital currencies," shared a forum user, emphasizing the profound effects of this hacking incident on individuals and finances.

Preventive Measures for Exchange Security

The security issues of exchanges have become a focal point for the entire cryptocurrency industry in recent years, especially after several significant security incidents and internal problems led to the collapse of exchanges or loss of funds. To enhance security, exchanges can adopt various measures.

For instance, keeping the majority of assets in offline cold wallets, with only a small amount of funds stored in online hot wallets for daily trading needs, can significantly reduce the risk of hackers successfully stealing large amounts of funds. On the other hand, requiring multiple key holders to sign transactions can prevent the loss of funds due to the compromise of a single key.

By hiring professional blockchain security companies, exchanges can conduct comprehensive security audits of their systems to identify and patch potential vulnerabilities. For example, auditing smart contracts can prevent fund losses due to vulnerabilities.

Real-time monitoring and threat detection: Implementing real-time network monitoring can quickly identify abnormal activities and take appropriate measures to prevent attacks. Through strict KYC and KYT measures, exchanges can prevent illegal funds from entering the platform, reducing the risk of money laundering. Additionally, collaborating with professional security companies for regular systematic security assessments and penetration testing can help exchanges prevent and respond to potential cyber threats.