2011 Bitcoin and Altcoin Hacks [Part 3]

This article is part of our complete guide to Bitcoin and altcoin hacks. Here we cover Bitcoin and altcoin security incidents from the year 2011.


MyBitcoin was one of the earliest Bitcoin wallet services available.

Users could take their BTC with them anywhere by accessing the online wallet instead of a heavy full node that needed to sync everytime you moved.

This doesn’t sound like much of an innovative idea today, but in 2011 Bitcoin was still considered the stuff of mad geniuses who blew stuff up in their basement.

The idea behind MyBitcoin was great and it had the potential to become one of the major cryptocurrency services just a few years later, unless….

In mid August of 2011 a cold shower hit all MyBitcoin customers. A letter from the admins said the service was suddenly bankrupt.

Users were mystified about this notice and could not believe they’d lost all their BTC.

There was ample skepticism about it, in fact, and questions began to be asked.

What happened at MyBitcoin was a quite clever hack.

Deposits were acknowledged before multiple confirmations. So hackers would broadcast a deposit that would bounce due to lack of funds and make withdrawals before the first confirmation.

When MyBitcoin took notice, their withdrawal wallets had already been drained.


Shortly after the MyBitcoin hack, 2 months later in fact in October of 2011, Bitcoin7 customers received an announcement from the admins that wallets had been stolen and user ID’s compromised.

The website went down with no public notice on its pages. Users simply could not access the exchange.

With a tiny office in Sofia, Bulgaria, Bitcoin7 didn’t execute a large volume of trades per day. It was a small exchange that came and went.

Back in 2011 there were very few exchanges and wallet services, so the Bitcoin7 hack ended up causing a stirr in the online forums.

Their domain is still registered, though as expected it has privacy enabled so we don’t know who’s behind it today.

Domain Name: BITCOIN7.COM
Registry Domain ID: 1660517880_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2019-06-09T05:53:18Z
Creation Date: 2011-06-08T13:27:40Z


MtGox was hacked twice in 2011.

In June, someone hacked into the exchange’s order book and set all of MtGox’s cold wallet Bitcoins for sale. There was a flash crash and the thief ran off with millions of U$ (billions in today’s price).

Later in October someone hacked into MtGox and sent thousands of BTC to invalid addresses. Those BTC are lost forever because no one can ever generate those addresses from private keys.

allinvain Individual Hack

In June 2011, Bitcointalk.org user allinvain announced that he’d been hacked out of 25,000 BTC.

Not only is this hack considered one of the very first Bitcoin thefts, it’s also one of the most dramatic due to the way the user reported it. Initially, he’d said that he wanted to kill himself, which caused the community to look after him and offer support.

It’s not clear how the bitcoins were stolen.

allinvain claimed he made backups of his wallet.dat on several cloud based storage services. There was speculation that an employee of such services could be monitoring upload of files named wallet.dat.

Another possibility, reaised by allinvain himself, is that he later found a program called bitcoin-miner.exe that was detected as a trojan horse by his anti-virus software.

At the time of the heist the 25,000 BTC were worth U$ 500,000. Today they’d be worth U$ 240 million.

Return to the main article: The complete guide to Bitcoin and altcoin hacks