Bitcoin has security as one of its greatest features. Among its fundamental aspects is protecting the privacy of users, avoiding theft of assets and avoiding harmful practices such as double spending. That Bitcoin implements important security measures does not mean that it is inviolable or in other words, that there can be no cases of theft of Bitcoin or other cryptocurrencies.
For decades banks have been expanding and improving security mechanisms to prevent robberies and even so, they continue happening. Bitcoin is not even ten years old and there is still a lot of work to do in making the system much more secure.
There are many methods by which a third party can be done with our funds. The most common are behind Ponzi-type pyramid schemes and fraudulent pages asking for our private key. Although these actions are of high importance that deserves to be monitored, attacks on exchanges that steal users' money and exploit security holes in wallets are even more serious.
We will see some of the biggest thefts of Bitcoin and also of other cryptocurrencies, because all the cryptocurrencies on the market have value and all are liable to be stolen.
In this post we will deal with the largest thefts, and therefore the most notorious, but in the following button you have access to an external resource with an extensive complete list:
The biggest robberies of bitcoins of history
Gox (Between 640.000 BTC and 850.000 BTC)
Exchange that was based in Shibuya, Tokyo, Japan and that began to operate on July 18, 2010. The problems began in late 2013, when the exchange office reported an insolvency and ended closing on February 25, 2015 disappearing along the way between 640.000 BTC and 850.000 BTC (there is a big dance of figures about it)
We can divide the story into two parts:
Gox Robo 1 (25.000 BTC)
The first places us in 2011, when an unidentified attacker took 25.000 Bitcoin. Although there is no data, it has been speculated that the robbery could have been internal, specifically they could have been stolen by Jed McCaleb, although there is no evidence.
After the looting, in what appeared to be a not very clean attempt to erase his trail, the thief sold the bitcoins and bought them again and then exchanged them for dollars again, for this reason some Mt. Gox users followed in his footsteps and even reached a Hong Kong IP address.
Gox Robo 2 (744.408 BTC)
The second robbery was some time later and after the exchange changed hands. We jump to 2014, where the theft or loss of 744.408 BTC was reported. An audit carried out indicated that the robbery had been taking place "silently" for years. Assets were never returned.
If we can get anything positive about it, it is that the security of the money exchange offices was improved and that safer alternatives in the bitcoin purchase process.
'Pony' Botnet
Although this attack is not great in the amount of money stolen, it is in the number of machines affected.
For 5 months (September 2013 - January 2014), criminals used a zombie computer network called Pony with millions of infected computers.
They stole $ 220.000 in bitcoins and other cryptocurrencies. They only had to run a line of code to get all the private keys of users with Bitcoin wallets installed.
Later, criminals used them to move bitcoins to their own purses.
Silk Road (173.655 BTC)
It is one of the most controversial cases, as some label it as robbery, while others have called it an act of justice.
Silk Road was a well-known Dark Web store where you could trade weapons, drugs, tasteless digital content and a host of illegal items. The FBI, after an arduous investigation, managed to close this illegal market.
During the arrest and closure work, 29.655 bitcoins owned by this digital store and another 144.000 bitcoin from the site's founder, Ross Ulbricht, were seized.
The story would take one more turn, when agents Shaun Bridges and Carl Force, agents of the Division of Fight against Drugs, made between $ 700.000 and $ 1 million in Bitcoin during the investigation and infiltration work, counting them almost seven years of jail to each one.
Bitfinex (121.256 BTC)
One of the largest exchanges in history is Bitfinex, founded in 2012 and based in Hong Kong. He has been the victim of two robberies, the first of lesser depth in May 2015 where some 1.500 BTC were stolen and the second and most important on August 2, 2016 through a security breach that allowed the theft of 119.756 BTC.
The exchange is still operational today and according to information, all users recovered their bitcoins.
BitFloor (24.000 BTC)
Exchange that was based in New York State, United States, was quite popular at the time, because it allowed the device of cash in American dollars through LocalTill that was backed by Bank of America.
BitFloor on September 4, 2012 reported on a security breach and reporting that a group of attackers had managed to steal 24.000 BTC from the exchange's wallet. In the statement, the closure and the refusal of clients to access their funds were reported, since they hardly had any funds after the theft.
Supposedly the exchange would return the lost funds to customers, but on March 8, 2013, three months after the last return (December 2012) of funds, it stopped responding. Alarms went off when the web was down for a time on April 3, 2012.
The last word from the exchange was on April 17, 2013, when operations finally ceased, after their bank announced that they were going to close the exchange's account. No data was provided in this regard, but there was talk of a closure due to money laundering operations.
YouBit (4.000 BTC & 17% of BTC)
South Korea is one of the most 'crypto-friendly' countries in existence today, allowing the development of regulated cryptocurrency exchange houses. Among them was YouBit, a fairly important exchange that after suffering two computer attacks has closed its doors.
The first attack was in April 2017, when around 4.000 BTC were stolen and the second one took place on December 19, 2017, when approximately 17% of the assets were stolen (it is not clear what the amount stolen is).
After this second attack, the company reported that the activity would cease. They promised to return 75% of the funds, the remaining 25% will come from the liquidation of the company's assets and assets.
NiceHash (4.700 BTC)
The cryptocurrency cloud mining service has been one of the most recent victims of theft. The Slovenian-based company offers cloud mining solutions and enables users to mine with their equipment easily.
Mark Kobal, CEO of the company, announced in a live on Facebook that 4.700 BTC had indeed been stolen. It also announced an interest in returning the funds to their rightful owners, for which a repayment plan was created.
The biggest robberies of altcoins of history
Some of the biggest robberies in history, as we have seen in the first installment, have to do with the theft of Bitcoin from different exchange houses (or illegal markets) but there are cases of theft of other cryptocurrencies. And is that the altcoin have not been spared from thefts.
It tops the Bitcoin list, of course, in stolen amounts and in fiat equivalent but other cryptocurrencies, most notably Ethereum, have suffered major thefts that have ended up destroying projects due to code errors or the theft of NEM from a Japanese exchange, such as some of the most famous cases, which we will see below.
Coincheck (NEM 523 million)
The Japanese exchange Coincheck began operating in 2014 and I'm sure I always hope to be recognized for its large volume, work and reliability, not for what happened on January 26, 2018, which is when it was revealed that the exchange office had been the victim of the robbery. of NEM 523 million, which at the same time had an equivalent of 534 million dollars, being the largest robbery in history to date.
The problem has its origin in the storage of cryptocurrencies. Coincheck made use of a simple hot wallet to store the coins, not even made use of a multi-signature wallet, which made the task easier due to the fact that the attackers took control of the private key that unlocks the accurate one.
Despite the significant robbery, the exchange continues to operate normally and established a plan to return the stolen assets that began on March 12, 2018. The Japanese authorities are working on the resolution of the case and have their eyes on the exchange office. , to verify that security is adequate and that stolen capital is returned.
The DAO (3.6 million Ether)
Ethereum is a platform that allows many things, including the creation of Smart Contracts that allow you to develop Decentralized Autonomous Organizations (DAO), which are named after The DAO, the first of its kind that was a crowdfunding project.
The idea, despite being good, had a problem: the developed code. It appears that the code that gives rise to the DAO contained a bug or a programming error that allows a third party to transfer the 3.6 million Ether worth about $ 50 million back then.
It should be noted that the attacker assured that the transfer of the funds was completely legal and should not be considered theft. He even threatened those who tried to recover the lost funds with legal action.
Parity Wallet (Stolen: 153.000 ETH; Frozen: 513.774 ETH)
One of the most bizarre stories in the world of cryptocurrencies has to do with Gavin Woods, Founder of Parity and former lead developer on Ethereum. The story is divided into two parts.
The first incident occurs on July 19, 2017, when a total of 153.000 ETH is stolen anonymously, equivalent to about $ 32 million from the Aeternity, Edgeless and Swarm City wallets. The origin of the theft is in a failure in the Parity 1.5 utility itself.
The second incident takes place on November 8, 2017. To get to the bottom of the matter we must go to January 2017 when a significant vulnerability is detected in the multi-signature wallets, but the developers considered that despite being a potential problem, they would solve it sometime in the future.
Going back to November, the user 'devopps199' created what was initially thought to be a corrupt wallet by mistake that ended up freezing the funds of the multi-signature wallets in time. Later it was detected that it had its origin in an attempt to fraudulently load wallets in Parity.
Initially there was talk of a $ 280 million blockade on Ethereum, the figure was later reduced to a total of 513.774,16 ETH, which is equivalent to about $ 169 million.
CoinDash (43.400 ETH)
CoinDash (488 ETH stolen / 43.400 ETH returned)
Possibly one of the most curious cases to date, is that on July 17, 2017, the sale through ICO of the CoinDash tokens began, an Israeli project that was forced to close after a computer attack.
The attacker managed to gain access through a security hole to the direction of the wallet, taking control and leaving 488 ETH. But what happened after is the first time it is seen and that is that the attacker has not only returned the stolen, but has given more
On September 12, 2017, the attacker, maintaining his anonymity, sent the stolen 488 ETH to the CoinDash ShapeShift account. On September 19, 2017, he made another income of 10.000 ETH. Subsequently, another transaction of 20.000 ETH and the one carried out by this attacker converted into a Good Samaritan was 13.000 ETH.
The identity of this or these people is unknown, but some comment that it could have been a strategy developed by the creators of the ICO to give themselves free publicity. Who knows.