Infographic: An Overview of Compromised Bitcoin Exchange Events - Winter 2020

This infographic visualizes some of the most significant bitcoin exchange hacks, mismanagements and other compromises ever.
This infographic visualizes some of the most significant bitcoin exchange hacks, mismanagements and other compromises ever.
Privacy & security - Infographic: An Overview of Compromised Bitcoin Exchange Events

This article was originally published in Bitcoin Magazine's2019print issue. It is periodically updated as exchange compromises occur.

This infographic visualizes some of the most significant bitcoin exchange compromises (occurring through hacks, mismanagement, etc.) as if they all happened with a standard bitcoin price, to provide a better understanding of their relative magnitude.

The x-axis plots the price of bitcoin at the time of each compromise, while the y-axis plots the amount of BTC lost in each compromise. The size of each compromise circle also represents the amount of BTC lost without adjusting for the specific price at the time.

Below, we’ve included brief summaries of each compromise event pictured.

Astronomical object - Astronomy

Mt. Gox

Date: June 2011 (then continuously until February 2014)

Amount Lost: 790,000+ BTC

In March 2014, Mt. Gox declared bankruptcy due to a series of hacks and thefts that went unreported for over three years, which were later documented by blockchain analyst Kim Nilsson. The final collapse resulted in a crash of bitcoin in 2014. Below is a summary of all meaningful hacks that occured:

On March 1, 2011, 80,000 BTC were stolen from Mt. Gox’s hot wallet, as thieves were able to make a copy of the wallet.dat file. In May 2011, hackers stole 300,000 BTC temporarily stored in an off-site wallet, which was on an unsecured, publicly accessible network drive. However, shortly after, the thieves got nervous and returned the stolen funds with a 1 percent (3,000 BTC) “keeper’s fee.” In June 2011, a hacker was able to get into Jed McCaleb’s administrator account and manipulate prices, temporarily crashing the market. After the ordeal was over, the hacker managed to steal 2,000 BTC.

In September 2011, a hacker was able to get read-write access to Mt. Gox’s database. The hacker created new accounts on the exchange, inflated user balances and was able to withdraw 77,500 BTC, after which they deleted most of the logs containing evidence of such transactions. In October 2011, a bug in Mark Karpelès’s new wallet software caused 2,609 BTC to be sent to an unspendable null key. The largest hack occurred by 2013, when a hacker was able to obtain a copy of Mt. Gox’s wallet.dat file and stole 630,000 BTC.

Bitomat.pl

Date: July 27, 2011

Amount Lost: Approximately 17,000 BTC

During a server restart, the remote Amazon service that housed Bitomat.pl’s wallet was wiped. No backups were kept and Mt. Gox later bailed out Bitomat.pl. Ultimately, neither the exchange’s customers nor the original owners suffered any loss from the incident.

Bitcoin7

Date: October 2011

Amount Lost: 1,000 BTC

Eastern European hackers penetrated Bitcoin7’s servers, giving them direct access to Bitcoin7’s primary hot wallets. 

Bitcoinica

Date: March 1, 2012

Amount Lost: 43,000 BTC (and then another 18,457 BTC)

Web hosting provider Linode’s servers were hacked, granting access to the bitcoin stored on pioneering exchange Bitcoinica. The incidents ultimately led to the demise of Bitcoinica.

BitFloor

Date: September 2012

Amount Lost: 24,000 BTC

BitFloor was compromised when a hacker was able to access unencrypted backups of the exchange’s wallets and transfer out the funds.

Vircurex

Date: May 2013

Amount Lost: 1,454 BTC

The jury’s still out on Vircurex — literally. Former users of the exchange are currently suing its operators after they mysteriously shuttered the company in 2013. Citing that they had been hacked and lost most of their funds, the exchange froze all accounts, filed for bankruptcy and closed down.

BitCash

Date: November 2013

Amount Lost: 484 BTC

No, not Bcash; BitCash was an exchange located in the Czech Republic back in the day. This relatively small compromise was orchestrated via a phishing attack that gave the attackers access to individual accounts. 

Poloniex

Date: March 4, 2014

Amount Lost: 97 BTC

In March 2014, Poloniex announced that it had been the victim of an attack due to a previously unknown vulnerability in its code. As a result, the exchange told all of its customers that it would have their account balances reduced by 12.3 percent.

Cryptsy

Date: July 2014

Amount Lost: 13,000 BTC

In early 2016, Cryptsy collapsed following the July 2014 theft of 13,000 BTC (and 30,000 LTC) from customers’ wallets.

MintPal

Date: October 2014

Amount Lost: 3,700 BTC

MintPal’s case has an air of true crime to it. The exchange announced that it had been hacked in October 2014 and was purchased soon after by upstart Moolah, which subsequently folded. MintPal accounts were locked, and one of Moolah’s operators, Ryan Kennedy, allegedly drained these accounts before being arrested by U.K. authorities on charges of rape. He is currently facing prosecution for the MintPal debacle, as well.

796 Exchange

Date: January 2015

Amount Lost: 1,000 BTC

In the first month of 2015, hackers wormed their way into 796 Exchange’s servers. Thankfully, the exchange covered the losses.

Bitstamp

Date: January 2015

Amount Lost: 19,000 BTC

Hackers were able to access Bitstamp’s hot wallet. As a result of the theft, Bitstamp began to keep 98 percent of its bitcoin in cold storage.

BTER

Date: February 2015

Amount Lost: 7,170 BTC

BTER supposedly had its cold wallet compromised in this hack, though community members were skeptical that this was the case, given the relative robustness of cold storage (which, it should be noted, is not impenetrable). 

KipCoin

Date: February 2015

Amount Lost: 3,000 BTC

KipCoin was compromised after its server provider, Linode, was hacked. The result would be a month-long tussle to regain control over the exchange.

Gatecoin

Date: May 2016

Amount Lost: 250 BTC

Hackers breached Gatecoin’s hot wallets to steal some $2 million in bitcoin and ether. 

Bitfinex

Date: August 2016

Amount Lost: 120,000 BTC

Attackers were able to exploit a vulnerability in the multisig wallet architecture of Bitfinex and blockchain security company BitGo.

Yapizon

Date: April 2017

Amount Lost: 3,800 BTC

Yapizon had its servers compromised and its hot wallets drained. Shortly after this episode, the exchange would rebrand to Youbit (only to be compromised two more times).

Coinsecure

Date: April 2018

Amount Lost: 438 BTC

The details are murky surrounding this case, but this “hack” is believed to be an inside job orchestrated by the exchange’s chief security officer, who was arrested after the fact.

Zaif

Date: September 2018

Amount Lost: 5,966 BTC

Zaif filed a case with Japanese police to solve this $60 million hack, but it has not disclosed to the public details of how the hack occurred.

MapleChange

Date: October 2018

Amount Lost: 913 BTC

This Canadian exchange announced that it had been hacked and that it was closing its doors at the tail end of 2018, but some believe that the whole thing looks, feels and smells like an exit scam.

QuadrigaCX

Date: December 2018

Amount Lost: 26,350 BTC

The co-founder of QuadrigaCX died on December 9, 2018, allegedly as the only person with access to the exchange’s keys. Courtroom proceedings have revealed fund mismanagement and potential fraud on the part of the exchange.

Binance

Date: May 7, 2019

Amount Lost: 7,000 BTC

Through phishing, viruses and other techniques, hackers obtained a large number of Binance user API keys and 2FA codes, allowing them to withdraw 7,000 BTC in one transaction.

Bitpoint

Date: July 12, 2019

Amount Lost: 1,225 BTC

Hackers compromised Bitpoint without its operators noticing until funds were already on the move. The exchange managed to corral some $2 million of these when they ended up on other exchanges and have promised to reimburse users.