More crypto is being stolen from exchanges and trading platforms than ever before, according to a new report by CipherTrace.
In the first three quarters of 2018, global crypto thefts have soared to US$927m, up 248% on 2017 figures.
It’s estimated the trend will bring the total reported crypto thefts to well over US$1 billion by the end of the year.
The most notable crypto heist of 2018 has been the hacking of Japanese exchange, Coincheck, in January.
Around US$530m worth of NEM was stolen, making it the world’s largest crypto theft – surpassing the Mt. Gox hack.
CipherTrace has however noted a trend towards a growing number of smaller crypto thefts, in the $20-$60 million dollar range.
South Korea based Bithumb—the world’s sixth-largest cryptocurrency exchange reported a loss of $30 million in crypto due to a cyber intrusion. According to Bithumb, the theft was caused by “unauthorized access to its online wallets.”
At the beginning of July 2018, hackers stole $23.5 million in crypto from the ‘decentralized’ crypto exchange Bancor.
The loss included $12.5 million in Ethereum along with BNT and NPXS tokens totaling $11 million. This massive security breach forced the firm to shut down operations.
Security experts revealed that hackers had stolen more than $20 million in Ethereum by using insecurely configured Geth clients. Geth is one of the most popular clients for running the Ethereum node. Its JSON-RPC interface allows users – and thieves – to remotely access the Ethereum blockchain and node functionalities, including the ability to send transactions from any account which has been unlocked before sending a transaction.
Once unlocked, however, the port stays opened for the entire session. The unwitting victims had opened their JSON-RPC port 8545 to the outside world, allowing hackers to breach their Ethereum wallets.
Korea-based coin exchange Coinrail lost more than $40 million in altcoins in an apparent weekend cyber heist. Most notably, the hackers got away with $19.5 million worth of NPXS tokens that were issued by payment project Pundi X’s ICO.
On top of that crypto loot, they stole a further $13.8 million from ICO project ‘Aston X’, $5.8 million in tokens for mobile data ICO ‘Dent’ and over $1.1 million Tron.
BitCoin Gold was compromised by a “51 percent attack” in which the hackers apparently employed rented computers to achieve this previously theoretical type of cyberattack.
These attacks occur when one entity gains control over more than 51% of the network hash-rate. Then, the successful attacker can not only prevent valid transactions from occurring but also reverse previously completed transactions on the blockchain.
This degree of control even enables a single coin to be spent twice from the same origin—a so-called double-spend attack like the thefts that occurred on Bitcoin Gold.
This attack netted thieves in excess of $18 million.
On September 14, 2018, Japan-based crypto exchange Zaif, which is operated by Tech Bureau, was hacked.
The perpetrator made off with ¥6.7 billion (about US$60 million) worth of cryptocurrency, including 5,966 bitcoins.
ICO project, Taylor, suffered a robbery where the hacker stole all of the 2,579.98 ETH (US$1.35 million) raised by the project during its recently conducted ICO along with native TAY tokens. The Taylor team also suspected the hacker attempted to launder the stolen funds by dumping the tokens on the IDEX platform.
Consequently, they instructed IDEX to temporarily delist TAY tokens.