All 2019 crypto exchange hacks so far

The cryptocurrencies represent in general terms the decentralization of the economy, which also means that each individual is responsible for their money. When depositing to any exchange, we must evaluate two fundamental criteria; The credibility/reputation of the platform and its security features, these are the factors that will determine how secure our digital assets are in that wallet. So far this year, six significant hacks have been seen in recognized sites, alerting all users, crypto holders, and traders in the world. Those affected have been quick to optimize their security systems, although that does not erase the fact that they lost significant sums of money and tokens.

As the market perceives bullish trends, the possibilities of possible hacks are increased and the most abundant places to do this are the crypto exchange. Precisely because they have a decentralized nature, many of these sites do not offer compensation for losses in users’ money in case of a security breach, so investors are considering depositing their funds in centralized exchanges that can give guarantees.

Cryptopia hack

Cryptopia is a set of platforms, among which is a cryptocurrency exchanger, a market that allows órum in cryptocurrency, and a house of órumo  for users of New Zealand (country órumo f the site) so they can trade their currency, also has its own órum on various topics, but it does not have much activity.


Data analysis platform, Elementus, was the first to make a full report regarding the hacking of this exchange, which occurred on January 15, where it is estimated that about 16 million in ETH and tokens ERC20 were stolen.

At the end of January, a report on the hacking was published by the firm on its corporate blog, in which it explains that the lost funds included about USD 3.6 million in ETH, while the rest corresponds to other tokens such as Dentacoin. , Oyster Pearl, Lisk ML, and Centrality. Although the New Zealand police took charge of the case, they could not recover the lost amounts, nor the exchange to reintegrate these assets to their users.

In this regard, they mention that, in general, hacking corresponds to two profiles: the exploit and the use of unauthorized access credentials. In the first case, the cybercriminals discover a vulnerability in the smart contract code of a portfolio, being able to empty their funds. This can involve many portfolios, only if the same vulnerability is present in all of them. While in the second type of hacking someone manages to obtain a private key from a portfolio and withdraw funds in their own purse. Although these cases are the most successful in most of the security breaches, experts do not believe that they are such options, since hackers managed to access thousands of private keys.

Security breach on Coinmama

Coinmama stands as one of the most popular bitcoin markets (or at least it did), having over 300.000 people in its platform and selling both bitcoin and Ethereum to verified users. On February 15 of this year, the site issued an official statement revealing that around 450,000 email addresses and passwords corresponding to users of the exchange had been leaked in a hacking attempt.

Cryptocurrencies such as Bitcoin, Ethereum and Ripple were not stolen from users’ portfolios and the Coinmama security team assigned several sectors of security to analyze the details of the attack. Luckily, users were alerted on time and were able to change their passwords before suffering damage to investors’ funds. If the Coinmama database in the dark network had been acquired by a buyer with malicious intent, it could have led to unauthorized withdrawals in the platform’s portfolios that would not have allowed the authorization of two factors (2FA).

DragonEX platform hack

The exchange based in Singapore suffered a hacker attack and this was communicated to users through an official announcement on March 25.

In its Telegram channel, DragonEX communicated to the users the incident, which was detected on the 24th, a hacker attack in which platform and users’ cryptocurrencies were stolen. One of the administrators of the platform informed the users quickly. According to the statement, part of the assets were recovered and they took the opportunity to declare that they would try to do everything possible to recover the other assets transferred and stolen.

At that time they informed different judicial administrations about this cybercrime and they are helping the police as much as possible with the investigation of the event.

After the attack, the services of the platform were temporarily closed in order to redouble security efforts and solve the problem. Despite the losses, it is important to recognize that the management of DragonEX took charge and complied with replenishing the losses of its users, thus demonstrating a commitment to their services and generating confidence despite the attacks.

Among the assets stolen from the DragonEX exchange, the following cryptocurrencies were identified: Bitcoin (BTC), Ethereum (ETH), Ethereum Classic (ETC), Bitcoin Cash (BCH), Litecoin (LTC), Monero (XMR), Stellar (XLM), EOS, NEM, Cardan (ADA), Ontology (ONT), Bytom (BTM), Tether (USDT), Icon (ICX), ABBC, Asch (XAS), NEO, XRP and TRON (TRX).

Bithumb episode

South Korea’s largest exchange, Bithumb, was subjected to a series of investigations after a cyber attack to the platform which claimed that users had leaked information through the personal computer of one of its employees, said a statement. In addition, another institution that participates in this investigation is the Communications Commission of Korea.

The exchange office would have declared that the information of 30,000 of its users has been compromised, being close to 3% of the total number of users; although the house did confirm that the passwords of its users are not in the power of the unknown attacker. Even so, it is pointed out that some of the users have filed claims for monetary losses, which, they clarify, will be compensated.

Bithumb detected that the attacker infiltrated a cell phone or personal computer of one of the employees through techniques such as fraudulent email and phishing, clarifying that it is a situation that is far from Bithumb’s internal system, servers and cryptocurrency portfolios, which did not suffer damages. Despite having successfully protected users’ funds, they were advised to change their phone numbers and/or emails, since this was the main source for information leak.

“Large scale” attack on Binance

The security of Binance, the world-renowned exchange, was mocked a month ago, resulting in the theft of 7,000 BTC, the equivalent of approximately USD 68,600,000 of the reserve belonging to the website’s hot wallet, which is connected to the net.

In the statement, Binance explained that the hackers accessed a large number of API keys, two security factor codes (2FA) and possibly other data. The attackers used multiple attack methods including phishing, viruses, and others that remain to be confirmed. He mentions that several accounts may be affected, which have not yet been identified.

The hackers managed to withdraw from Binance the 7,000 BTC in a single transaction, which activated all the alarms of its security system. They then proceeded to stop all withdrawals. These bitcoins were quoted at $ 40 million at the time of the theft and currently, the figure is valued at more than $ 25 million above. The crypto exchange stood out that only 2% of all its BTC funds were affected, which were in a wallet connected to the network.

In view of what happened, the Binance team carried out a security audit of its entire system and its data, which lasted just over a week. During that time, all deposits and withdrawals were totally suspended.

The exchange fulfilled its word of safeguarding the funds invested by its users, taking responsibility for the loss. Binance’s CEO, Changpeng Zhao stated that there was no need to panic since the loss would only mean 2% of his total reserves in BTC, which would allow him to get up easily after the attack.

Ripple theft on Gatehub

More than 100 Ripple wallets (XRP) were intercepted and hacked on the GateHub platform, which serves as a crypto exchange wallet and service such as Bitcoin (BTC), Ethereum (ETH), Ripple (XRP), Ethereum Classic (ETC) and Augur (REP). In addition, it is estimated that some 10 million American dollars valued in XRP were extracted from GateHub by cybercriminals.

The user and enthusiast of XRP, Thomas Silkjær, who noticed the suspicious activity, estimates that the hackers stole 10 million dollars in XRP (23,200,000XRP) and of them, 5 and a half million dollars (13,100,000XRP) have already been washed by the medium of exchanges and mixed platforms.

The intruders used a series of exchange for which they transferred the money in order to cover said funds. These sites were Binance, Changelly, KuCoin, Huobi, and HitBTC

Recently GateHub claimed to have sent an email to those users who have been affected in this attack, with the necessary information and recommendations to keep their funds safe and avoid being a victim of this problem in future occasions.

GateHub added that “If you have not received an email from us, we have no reason to believe that your account has been compromised.”

This new attack adds to the major hacks reported this year and practically surpassed the number of millions stolen last year after the report of the first quarter of 2018 of CipherTrace.

How to avoid these intrusions?

Any site on the network can be vulnerable to computer attacks, in this case, any exchange could be the victim of an intrusion if the hacker is sufficiently prepared to start, which is why it is recommended not only to always maintain the defensive at the level of the platform, but also educate users activate the 2FA factor of their accounts to validate access attempts, create complicated passwords, combining letters, numbers, and symbols, in order to maintain a high level of security and avoid opening links belonging to emails that suspicious and/or unknown sources.

Communication between the exchanges is also key to coordinating a defense alliance against attackers. Because the main security breaches are concentrated in the hot wallets, it is recommended that the platforms set up a communication network by which they can keep up to date and track all the funds, in order to freeze any asset that contains suspicious activity. prompt verification and avoid large losses.

If one of the platforms used to hide the funds was part of this network, it would proceed to the recovery of the tokens and avoid both the loss of the user and decapitalization of the exchange, if the latter was committed to replenishing the assets. Transactions in public blockchains such as Bitcoin and Ethereum can be traced by their decentralized nature, which could be an important indicator in the handling of transactions by exchanges to initiate investigations, if necessary.