Mt. Gox, Coincheck, Binance and More: How Exchanges Are Learning to Deal With Cyberattacks

Cryptocurrency exchanges are going to great lengths to bounce back from cyberattacks and thefts, learning from the disaster that was the Mt. Gox debacle.
Cryptocurrency exchanges are going to great lengths to bounce back from cyberattacks and thefts, learning from the disaster that was the Mt. Gox debacle.

While Bitcoin may have revolutionized the way we look at transactions and banking, the brief nine-year existence of cryptocurrencies has been checkered with some monumental hackings and thefts.

In a constantly evolving space, Blockchain technology is pushing the envelope while battling against attacks from all sides. Unfortunately, criminality is a reality, but there has been some drastic changes in the way cryptocurrency exchanges are reacting to cyber attacks.

The crypto world had witnessed some monumental heists. Almost all of them are completely different but what is more important is how the teams in charge of these exchanges have gone about addressing these attacks.

Let’s take a look at a number of instances involving some of the biggest exchange operators over the past nine years.

Famous Crypto Cyberattacks

Mt. Gox

Mt. Gox stands out as the most notorious incident since Bitcoin’s inception and it set the bar pretty high in terms of the effect it had on the cryptocurrency world, Bitcoin’s value and sentiments towards virtual currencies.

The theft of over 850,000 Bitcoin has made headlines over the past four years and has been a major talking point in March. At the height of its power in 2013, Mt. Gox was the biggest exchange in the world responsible for around 80 percent of all Bitcoin transactions.

As Cointelegraph sets out in this short memoir, the series of events that led to the so-called hack amounted to $473 mln worth of Bitcoin going missing. The circumstances surrounding the hack are still not crystal clear, but a number of people were arrested for their involvement in the embezzlement of funds stolen.

Once again, it’s hard to refer to Mt. Gox as a hack, as then CEO Mark Karpelès was charged with embezzlement and fraud for his involvement in the movement of some of the ‘lost funds,’ not to mention various associates that were implicitly involved in the debacle.

Coincheck

Fast forward to 2018, this modern-day hack has the unfortunate title of the biggest cryptocurrency hack in history if we’re talking about the value of the virtual currency that was stolen.

While it’s not clear how it happened, a hacker gained access to the private key of the Coincheck online wallet and moved 523 mln NEM coins roughly worth $500 mln.

The exchange was crucified for its poor security standards and the fact that such a large amount of cryptocurrency tokens were kept in a single address.

Nevertheless, unlike Mt. Gox, the exchange worked swiftly to reduce the damage done by canceling transactions, ruled out a hard fork to undo the damage and actually managed to create a tagging system that allowed them to track all of the stolen NEM coins.

Having flagged the stolen cryptocurrency, hackers were unable to sell or convert their loot on different exchanges. Furthermore, Coincheck vowed to begin repaying users for lost funds, which they’ve already started doing.

Binance

Renowned as the largest cryptocurrency exchange by volume, Binance is the most recent big player to hit by a cyber attack.

Unlike the insider job at Mt. Gox and the stolen private key at Coincheck, Binance were somewhat perplexed by a far more sophisticated modus operandi. However, miraculously or not, the exchange’s security systems picked up the suspicious activity and the hackers were unable to make off with any stolen coin.

On March 7 numerous users started complaining on Reddit and social media platforms that unauthorized transactions were being made on their accounts.

According to the Binance team, the hackers used phishing websites to hijack users’ login information. Once they’d acquired enough accounts, they created trading API keys with the user accounts.

Then on March 7, the hackers used the keys and placed buy orders on the VIA/BTC market which pushed the price up. VIA tokens had been moved to 31 specific accounts, sold at the highest price, which would have moved BTC from compromised accounts to the 31 accounts.

Bitgrail

Bitgrail is another exchange that suffered one of the most recent cyber attacks. The Italian exchange lost 17 mln Nano tokens, estimated at around $187 mln in value, in suspicious circumstances.

Bitgrail founder Francesco Firano maintains the fault lies with the Nano development team and its Blockchain, while the Nano team has refuted those claims in exclusive interviews with Cointelegraph.

They’ve since announced that refunds will be made to users, but Bitgrail users have to sign an agreement that effectively rules out any future legal action against the Italian exchange.

Mining service Nicehash

Another instance that made big headlines was the hacking of mining service Nicehash. Over 4,000 Bitcoin, worth around $63 mln at the time, was stolen by hackers from the Nicehash wallet.

The popular service did well to consolidate after the attack. A change of CEO saw them resume their services after a few weeks and they pledged to refund all users affected by the cybertheft, which started in February 2018.

The community has evolved

What is abundantly clear is that we’ve come a long way from the Mt. Gox debacle.

In the wake of that incident, users were effectively left in the lurch, with no hope of any restitution or reimbursement. After the hack, Mt. Gox applied for bankruptcy, in an effort to save themselves without any consideration for the thousands of users who lost funds in the infamous heist.

We’re still dealing with the after-effects of Mt. Gox to this day. Last week, news broke that Mt. Gox trustees had been selling large amounts of Bitcoin to reimburse creditors as the markets spiraled after lofty December all-time highs.

If that wasn’t bad enough, the sell-off went in excess of $400 mln and is being blamed for the market lows experienced by Bitcoin in 2018.

All the while the FBI continues it’s investigation - focusing on a UK based shell company that is believed to have laundered 650,000 BTC.

It’s a complete shambles.

Luckily, those responsible for Coincheck and Binance have been far more proactive.

Coincheck admittedly dropped the ball but the steps they took, and the speed in which they took them stopped the cyberthieves from successfully selling stolen NEM coins.

They didn’t opt for bankruptcy and worked tirelessly to come to a solution that avoided a hard fork. Furthermore, they’ve started reimbursing users affected by the hack out of their funds.

Binance managed to stop hackers from getting away with stolen tokens, but they’ve also raised the bar in the wake of the cyberattack.

The exchange has promised to award anyone with information that would lead to the arrest of the hackers responsible for the attack. The equivalent of $250,000 in Binance Coin is the bounty on offer.

The latter two exchanges have shown that there has been a massive change in the attitude of exchanges towards their users and the cryptocurrency community as a whole. They’ve gone to great lengths to ensure that those affected have been reimbursed as quickly as possible.

Bitgrail has come under heavy pressure from the cryptocurrency community. The Italian exchange was loathed to admit full responsibility for the theft, but like Binance and Coincheck they’ve announced plans to refund customers in the near future.

As reported by Cointelegraph, Bitgail users seeking reimbursements will have to agree to settlement terms which prevent them from taking future legal action against Bitgrail. It’s a cheeky move, but if you get your money back is it really worth following that up with a lawsuit?

All in all, Bitgrail’s latest move doesn’t leave a good taste in the mouth.

One can only hope we are not witnessing another Mt Gox in the making, as the exchange seems to be putting itself first and its users very much second.

Taking all these different examples into account, it seems the way cryptocurrency service providers react to cyberattacks is almost entirely dependent on the ethics and credibility of respective management teams.