There were twelve major cryptocurrency exchange hacks in 2019. This includes 11 hacks that resulted in the theft of cryptocurrency and one involving stolen customer data. Altogether, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen. This was more hacks than in 2018, when only nine cryptocurrency exchanges were hit with security breaches.
You would think that cryptocurrency exchanges would become more secure over time, but the reality is that more hacks on cryptocurrency exchange are taking place every year. Part of the problem appears to be that crypto exchanges remain unregulated, and it is unclear which regulatory agency has jurisdiction over the crypto markets.
There are currently no established rules for how cryptocurrency exchanges should safeguard customer funds, but there are crypto-friendly countries and states. For instance, Canada, Malta and the American state of Wyoming have crypto-friendly legislation that makes it easier for businesses to operate and have guidelines regarding security practices.
A lack of guidelines as to the way cryptocurrency exchanges store and protect their customer’s wealth means that it differs from exchange to exchange. This makes cryptocurrency exchanges vunable for hacks resulting in the theft of cryptocurrency or customer data. Here is the list of cryptocurrency exchanges that were hacked in 2019 and what was stolen:
1. Cryptopia
Date: Jan. 14, 2019
Headquarters: New Zealand
Amount stolen: $16,002,108
Over 20 different cryptocurrencies were taken from the exchange’s hot wallet.
2. LocalBitcoins
Date: Jan. 26, 2019
Headquarters: Finland
Amount stolen: $27,000
Attackers were able to replace the official link to the exchange’s forum with a fraudulent link that led users to a fake page that resembled the discussion board but collected the information of the users who attempted to log in. The attackers used the information they obtained to steal 7.9 Bitcoin from at least six user accounts.
3. Coinmama
Date: Feb. 15, 2019
Headquarters: Israel
Amount stolen: 450,000 account usernames and passwords
An estimated 450,000 user account logins and passwords had been compromised and posted on a darknet registry.
4. DragonEx
Date: March 24, 2019
Headquarters: Singapore
Amount stolen: $7.09 million
DragonEx released an announcement on its website, saying: “On March 24th, DragonEx suffered APT attack, which is the greatest challenge since DragonEx was first launched in the year of 2017. 7.09 million USDT assets are stolen.”
5. CoinBene
Date: March 25, 2019
Headquarters: Singapore
Amount stolen: $105 million
Two days later, Singapore's CoinBene, was hacked. Even though all of the evidence is on the blockchain, CoinBene continues to deny that it was ever hacked.
6. Bithumb
Date: March 30, 2019
Headquarters: South Korea
Amount stolen: $18.7 million
Just a few days after the CoinBene hack, Bithumb was hacked for an estimated $18.7 million. Unlike other exchange hacks, Bithumb believed that the theft was an inside job committed by a former Bithumb employee
7. Binance
Date: May 7, 2019
Headquarters: Malta
Amount stolen: $40 million
A security breach at the world’s biggest cryptocurrency exchange led to 7,000 BTC, equivalent to $40 million at the time, being stolen. Binance said that hackers were also able to obtain user API keys, two-factor authentication codes and possibly more user information. Three months later, it was revealed the hackers were in possession of over 60,000 pieces of Know Your Customer data and the photo IDs of 10,000 Binance users.
8. GateHub
Date: June 1, 2019
Headquarters: United Kingdom
Amount stolen: $10 million
100 of its users’ XRP wallets were compromised. It was discovered that by June 5, 23,200,000 XRP had been stolen from 80–90 of these wallets — the equivalent to about $10 million at the time.
9. Bitrue
Date: June 26, 2019
Headquarters: Singapore
Amount stolen: $4.23 million
Hackers found a vulnerability in Bitrue’s security that gave them access to about 90 user accounts. They then took what they learned from their 90-account takeover Bitrue’s hot wallet. As a result, 9.3 million XRP and 2.5 million ADA were stolen.
10. BITPoint
Date: July 11, 2019
Headquarters: Japan
Amount stolen: $32 million
Bitcoin, XRP, Ether, Bitcoin Cash and Litcoin were moved from the exchange’s hot wallet without authorization. In total, $32 million worth of cryptocurrency was moved out of BITPoint’s hot wallet — $23 million of which belonged to BITPoint users.
11. VinDAX
Date: Nov. 5, 2019
Headquarters: Vietnam
Amount stolen: $500,000
This is a small cryptocurrency exchange that primarily hosts token offerings for unheard of companies. Roughly 23 cryptocurrencies — worth $500,000 in total — had been removed from its hot wallet without authorization.
12. Upbit
Date: Nov. 27, 2019
Headquarters: South Korea
Amount stolen: $49,116,778.00
And finally, an exchange that was hacked for 342,000 ETH. Hackers were able to gain access to Upbit’s hot wallet and move Ether without authorization. In this case, Upbit released a statement shortly afterward telling users that it would be covering all of the losses with the exchange’s assets.
The Bottom Line
An amazing $292,665,886 worth of cryptocurrency and 510,000 pieces of user information were taken from a total of 12 cryptocurrency exchanges. Since there are no global regulations for these exchanges and no deposit insurance for these accounts, you are taking the chance of your money being stolen.
This certainly does not mean all exchanges will be hacked, which means you really need to do your homework when picking where you will buy your cryptocurrency. Hopefully, we will start to see better industry standards, security practices, and legislation put into place to help protect this evolving monetary system.