5 Biggest Bitcoin Exchange Hacks

SUBMITTED BY: pheezyflex

DATE: Dec. 20, 2016, 7:53 p.m.

FORMAT: Text only

SIZE: 10.9 kB

Raw Download

HITS: 250

Report
  1. Home
  2. About
  3. Why Digital Currency?
  4. Glossary
  5. Best of Bitcoin
  7. Cryptorials
  8. Cryptorials
  10. Decentralized Technology Tutorials
  12. Alternative Blockchains
  13. Bitcoin
  14. Business
  15. DApps & DAOs
  16. Editor's Choice
  17. Internet & Deep Web
  18. Privacy
  19. Reviews
  20. Trading & Investment
  22. 5 Biggest Bitcoin Exchange Hacks
  23. DavidBalaban September 19, 2016 5 Biggest Bitcoin Exchange Hacks2016-09-19T17:12:51+00:00 Bitcoin, Business No Comment
  24. DavidBalaban
  25. David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.
  27. Bitcoin Exchange Hack
  29. There are two ways in which cryptocurrency can make a cybercrook’s day. One facet of this symbiosis revolves around the anonymity attributes inherent to digital cash. Tracking down a threat actor by a cipher-backed Bitcoin may often be a futile undertaking. Present-day ransomware extortion schemes have made this currency their core financial component.
  31. On the other hand, the decentralized essence of Bitcoin makes it a tasty morsel for cybercriminals as an enticing object of hacking. Bitcoin exchange services pose the weakest link in this Internet-based economy. Many of them are run by programmers rather than experts in the domain of finance and security. The damage to customers tends to be high. There is typically no bank insurance that would reimburse possible losses in case things get out of hand.
  33. Furthermore, as the incidents below will demonstrate, the security of cryptocurrency exchange ecosystem isn’t some operators’ first priority. A rough estimate of the losses incurred by this industry over the past four years is on the order of 1.3 million Bitcoins, or hundreds of millions of U.S. dollars.
  34. Mt. Gox
  36. It took Mt. Gox as little as three years to become the leading player in the niche. It processed about 70% of all Bitcoin exchange transactions at its peak in 2013. The website mtgox.com stands for “Magic: The Gathering Online eXchange.” Jed McCaleb originally launched Mt. Gox in 2007. Jed McCaleb is a programmer who was planning on using it to trade cards for said video game. Later on, the author switched to cryptocurrency exchange services. Jed McCaleb ended up selling the site in 2011. He finally realized he couldn’t cope with the huge ledger of transactions.
  38. Mark Karpeles, a coder and cryptocurrency enthusiast based in Japan, acquired Mt. Gox. Mr. Karpeles revamped the back-end software of the website. He shortly succeeded in becoming the CEO of the world’s biggest Bitcoin exchange firm.
  40. The company, however, underwent a series of attacks ever since. The first one took place in June 2011 and caused the service to go offline for several days. The threat actor had purportedly compromised Mt. Gox auditor’s machine. Then he used the stolen credentials to transfer thousands of Bitcoins to another wallet.
  42. The second hack as of February 2014 caused the company to go bankrupt. With 744,408 BTC missing for an unknown reason, Mt. Gox halted all withdrawals and closed its service. This was reportedly a latent hack that had lasted for years without being detected by the company’s security team.
  43. Bitfinex
  45. The most recent incident involves Bitfinex, one of the world’s biggest Bitcoin exchange providers. The company lost 119,756 Bitcoins, which is currently the equivalent of more than $72 million, as a result of a breach that took place in early August 2016.
  47. The attacker reportedly took advantage of a vulnerability in Bitfinex’ multi-signature system for signing Bitcoin withdrawal transactions. The idea of the multi-signature system is to engage several parties to authorize transactions. Bitfinex owns two secret keys, and its partnering BTC wallet provider BitGo owns one key.
  49. At the time of writing, it’s unclear which of the parties got compromised and how. To their credit, the company has offered equity to the affected customers as a reimbursement for their losses.
  50. Bitcoinica
  52. Bitcoinica, another popular Bitcoin trading platform developed and owned by Zhou Tong, suffered two breaches in 2012. The first one resulted in the loss of 46,703 Bitcoins. The attacker compromised Bitcoinica customer service portal and leveraged the obtained access to drain Bitcoin wallets of eight customers.
  54. In the second breach that took place several months later, the attacker was able to hack the company’s production servers and stole 18,547 BTC. The aftermath of these heists is as follows: four Bitcoinica customers filed a lawsuit, demanding a compensation of $460,457.
  56. One of the mistakes that allowed these hacks to get through, experts argue, was that Bitcoinica stored large amounts of digital cash online rather than keep the bulk of it offline in an encrypted format.
  57. BitFloor
  59. The entry point for hacking BitFloor was a mix of human error and technical imperfections of handling cryptocurrency. This breach occurred in 2012, resulting in the loss of 24,000 BTC, which was worth $250,000 at that point. The perpetrator was able to compromise the company’s servers and obtain keys for multiple customers’ wallets.
  61. The intruder got access to an unencrypted backup of keys that was made during manual maintenance. Whereas keeping such sensitive data in a format other than encrypted is an extremely bad idea, there was another serious mistake that allowed the malefactor to do so much damage. It’s an equally poor strategy to keep such a big amount of Bitcoins in a so-called online “hot wallet” rather than offline “cold storage” that cannot be accessed from the Internet.
  62. Bitstamp
  64. The Bitstamp heist as of January 2015 demonstrated how intricate the hackers’ modus operandi could get. Cybercrooks had been bombarding Bitstamp employees with phishing emails (a very popular technic) in a bid to execute malicious code on their computers. Unfortunately, this social engineering strategy resulted in compromising one of the machines on the exchange service network. By finally duping a staff member into opening a virus-tainted .doc attachment with an obfuscated VBA script in it, the perpetrators accessed two servers that contained hot wallet data.
  66. The losses amounted to 19,000 BTC or roughly $5.2 million at the time of the breach. Having recovered from the attack, Bitstamp management decided to rebuild their whole trading platform from scratch in order to ensure better defenses and more efficient damage mitigation further on.
  67. Security Recommendations
  69. To stay on the safe side, Bitcoin exchange services should follow a number of important guidelines. First of all, the volume of cryptocurrency in an online-accessible hot storage should never exceed the amount that will make the company go bankrupt if lost. Keeping the bulk of it in an offline cold storage is a much more reasonable strategy. Furthermore, it’s a good idea to configure deposits to go directly to cold storage.
  71. Adopting manual validation of transfers from cold storage to hot wallets is a worthwhile technique as well. In the case of large withdrawals, delaying the transaction for some time is the lesser of two evils – this will allow for scrupulous insight and validation.
  73. As far as customer security goes, it generally boils down to the use of strong passwords and multi-factor authentication. Also, be sure to scrutinize the reputation of the exchange service of choice. However, some of the incidents above prove that immaculate background doesn’t fully guarantee a trouble-free experience.
  74. Related
  75. Top 5 cryptocurrency APIs for developers
  76. Top 5 cryptocurrency APIs for developers
  78. In "Bitcoin"
  79. What is the most secure bitcoin exchange?
  80. What is the most secure bitcoin exchange?
  82. In "Bitcoin"
  83. Bitcoin Security: How To Keep Your Bitcoins Safe
  84. Bitcoin Security: How To Keep Your Bitcoins Safe
  86. In "Bitcoin"
  87. Bitcoin Exchange Hack, Bitcoin Hack, exchanges, security
  88. No Comments Yet
  89. Subscribe to comments feed
  90. Leave a Reply
  91. « New Machine Economy Powered by the Blockchain Architecture
  92. Bitpark ICO: P2P Insurance & Mutual Aid Could Transform Finance »
  93. Advertise with Anonymous Ads
  95. Article Search
  96. Subscribe to Blog via Email
  98. Enter your email address to subscribe to this blog and receive notifications of new posts by email.
  100. Join 206 other subscribers
  102. Email Address
  104. Tags
  105. anonymous beginner's guide Bitshares block size blogging bounties Counterparty crowdfunding dark markets DECENT decentralized apps decentralized exchange decentralized markets decentralized media deep web earn bitcoin earn cryptocurrency ecommerce email Ethereum exchanges FoldingCoin gambling games hardware how to buy bitcoins ICO investment jobs maidsafe margin trading mining NXT publishing ripple security shopping smart contracts social networking Syscoin TOR trading VPN wallets website publishing
  106. Partners
  108. Advertise with Anonymous Ads
  109. Latest Posts
  111. MoneyBadger: send Bitcoin to an email address or cell phone number
  112. The best cryptocurrency investments for 2017
  113. Avalanche Botnet Shut Down
  114. Blockchain-Based Government Services: Electronic Government as a Service (eGaaS) [ICO]
  115. Download torrents faster & anonymously with a SOCKS5 proxy
  116. How to buy and sell bitcoins using Paypal
  117. How to Make Money from Decentralized Blogging
  119. Top Posts
  121. How To Access The Deep Web or DarkNet - A Beginner's Guide
  122. How To Access The Deep Web or DarkNet - A Beginner's Guide
  123. Dark Markets: How to Buy Things from the Deep Web's Black Markets
  124. Dark Markets: How to Buy Things from the Deep Web's Black Markets
  125. The best cryptocurrency investments for 2017
  126. The best cryptocurrency investments for 2017
  127. How To Earn Bitcoin Playing Fun Games (No Deposit Needed)
  128. How To Earn Bitcoin Playing Fun Games (No Deposit Needed)
  129. How To Earn Bitcoin: 10 Ways & 101 Websites
  130. How To Earn Bitcoin: 10 Ways & 101 Websites
  131. How To Send Encrypted Messages with PGP (The Easy Way)
  132. How To Send Encrypted Messages with PGP (The Easy Way)
  133. How To Use Bitcoin Anonymously
  134. How To Use Bitcoin Anonymously
  135. How Anyone Can Make Their Own Digital Currency
  136. How Anyone Can Make Their Own Digital Currency
  139. All Content is Available as Creative Commons - Atrribution Required.
  140. Mesocolumn Theme by Dezzain
comments powered by Disqus