2019 Bitcoin and Altcoin Hacks [Part 11]

This article is part of our complete guide to Bitcoin and altcoin hacks. Here we cover Bitcoin and altcoin security incidents from the year 2019.

Binance

Binance’s impressive growth and dominance did not come without hurdles.

In 2019 the exchange faced some of its biggest challenges yet with alleged KYC leaks, blackmail and finally a hack that shook the cryptocurrency world.

For once, the funds were not SAFU. Or were they?

In May 2019, hackers used the Binance API to move U$ 40 million. The company did not publicize how many customers were affected. Binance CEO Changpeng Zhao (CZ) mentioned that the hackers were “very patient” and that they had gone to extreme care not to trip the system’s alarms, indicating that the hackers had high technical skill and knew the innards of the system.

Bitcoin Reorg Controversy

This particular hack generated an enormous controversy when CZ implied that he could convince certain large players in Bitcoin to reverse the transactions.

It’s been long speculated that this is possible, since over 51% of the hashrate is concentrated in China. CZ allegedly made a few phone calls and was able to convince over 51% of Bitcoin hashrate to reorganize the Bitcoin blockchain.

After immense backlash….


…..CZ came out and said he’d “decided” not to “pursue” the idea.

For anyone who can put 2 and 2 together it became obvious that the > 51% hashrate concentration in China remains a major problem.

But most of the Bitcoin community was happy with the convincing apologies that followed.

The point is….Bitcoin can be reorganized if enough of the hashrate colludes. This isn’t new, it’s right there on Satoshi’s original whitepaper from 2008.

Satoshi Nakamoto assumed that the high cost for performing a 51% attack would be an incentive to mine BTC and earn honest coins instead of hacking the chain.

But the reorg can be done – and with the Binance hack now we know it’s been considered as recently as May 2019.

Bithumb

Just months after the 2018 hack, Bithumb falls again.

3 million EOS and 20 million Ripple (XRP) got stolen by Bithumb insiders.

According to a post on the Bithumb blog, the main cold wallets containing customer funds were safe. The hacked wallets were from Bithumb’s operational sector.

As of August 2019, Bithumb continues in normal operation.

Cryptopia

Just two weeks into 2019 Cryptobia was hacked and over 20,000 ETH were reportedly stolen. The exchange kept a low profile about the hack several hours into the incident, having given users a brief notice of technical issues:


There were initial suspicions that the EtherDelta hacker could’ve been behind the Cryptopia attack, but this was later denied by several experts.

CoinBene

CoinBene customers woke up to a surprise in March 2019. The system was “under maintenance” and would be inaccessible for a while.

There was a problem, though: tons of funds were being illegally siphoned out of CoinBene’s wallet just as customers stared at a regular downtime notice.

The stolen tokens were quickly exchanged for the more valuable Ethereum using decentralized exchanges such as EtherDelta.

Estimates of the total worth of stolen cryptoassets range from U$ 100 to over 200 million.

Some strange transactions involving tokens hosted in the platform led some users to suspect foul play.

As of September 2019, Coinbene is operating normally.

DragonEx

Singapore crypto enthusiasts faced an unexpected maintenance notice on DragonEx’s interface early March 24, 2019.

The seven year old exchange had a good track record and users didn’t suspect anything beyond the system upgrade notice. But there was more to it in this case.

A Telegram message posted by Joanne of the DragonEx staff publicized all addresses involved in the hack.

Investigations into the theft are still ongoing.

Bitpoint

Tokyo based Bitpoint was hacked in July 2019. U$ 32 million are reported lost.

Large sums of Bitcoin, XRP and ETH were stolen in yet another Japanese cryptocurrency exchange heist.

The hack involved old school wallet theft. The private keys were obtained by hackers who simply signed transactions, emptying the compromised hot wallets.

Bitpoint is fully licensed in Japan and abides by the Japanese Financial Services Agency’s stringent compliance requirements for financial institutions.

Per the Japanese regulations the exchange must refund its customers, which it did soon after the hack was detected.

Unfortunately decentralized cryptocurrencies completely ignore regulations and only obey the laws of security and cryptography.

Some of the funds have been recovered, but investigations are still ongoing.

Return to the main article: The complete guide to Bitcoin and altcoin hacks

Meta