Topic: Let us discuss on hacked exchanges (Read 779 times)

Keeping your funds on the exchange is always a risk. But sometimes this is a compulsory measure, because otherwise we may lose an opportunity to buy or sell at the right time.

In general, I am very surprised why large insurance companies have not yet developed sufficiently transparent and simple service packages for users of cryptocurrency exchanges.

Surely everyone would be much calmer if we could officially insure own deposit, which is on the exchange. This would solve a huge number of problems at once.

You could put the ETH hack the resulted in the ETH-ETC separation as a hack as those coins were more or less centralized to the DAO exchange. Also BTCe was seized by government agencies and those coins were not returned to their owners I believe, so I would call that a government sponsored hack

Then there was good old Trendon Shavers Bitcoin Savings and Trust ponzi - not an exchange per say but it was most certainly centralized.

On the protocol level, it is not possible afaik. But some services (usually centralized/third-party services) can develop such tools. Exchanges will then use this database and block the account related to that address when they detect a deposit coming from them. It is not new, most exchanges already do this.

Of course we always have to keep the exchange account secure. But if the exchange is hacked then I think the hacker will drain the asset there without having to hack our account. What good is it if we can properly maintain and practice account security if the security system on the exchange can be breached by hacker.
In my opinion, beside being user, the exchange must also improve a good security system so that trader are always safe in carrying out trading activities there.

---

I have a question, can hacked bitcoin be frozen and the wallet marked as hacking ?

Hackers are always targeting big exchanges. Reason why it's risky to leave keep funds on exchanges. Even email and password getting exposed is bad just like the coinmama exchange hack that happened. Do not use same password for your email and exchange account. Always use different password. Enable extra layers of security on your email and keep your exchange secured too.

They are almost have the same list so I don't think we need another thread for this one , unless the link you given is not updated which I think is not.


Other hacking incident is inside job or the owner run it and then told to users that they are hacked which is not. Other is real hacking that's why exchange always taking a move how to have it back or by tracing the address of hackers.

Good point. Because, having hacked an exchange, of what use will it be going through tons of individual wallets instead of just transferring the available individual coin balance on the exchange. It would be less work and less time consuming but then, these hackers are really a pain in the a** .


Having the periodicity in mind, two questions comes to my mind.
1. Isn't this some insider job?
2. Could it really be that these hackers are distinct individuals or within the corporation if any that is supposed to ensure the security of exchanges, should it be that exchanges are registered?
3. Would you still conduct business or stock some amount of coin on an exchange with a previously hacked history despite the modifications done on the exchange?

There are two more exchange hacked in 2020.
1. KuCoin exchange.
2. Eterbase exchange. Here is the official news from Eterbase https://t.me/eterbasenews/639
You can add this to the OP.

Also i found a similar topic in Alternate cryptocurrencies section.
You can check this topic [Updated] List of cryptocurrency exchange hacks by CryptoYar.

Sorry for your lost seems they're on the list of hacked account and I doubt they are still functional. I just wonder why we patronize anyhow exchanges, I have never heard of this exchanges until now. Currently the decentralized swap-liked exchange are those picking the interest of the community and many are existing scam with Investors funds and also getting expioted for bug. Funny as new ones are popping up daily and still getting volumes even without proper audit haven't been done.

OP seems you missed the Kucoin hack that the hacker went away with about $150million although there're reports of the hacker stealing more than the reported stolen funds.

edit: Oops, just noticed you haven't updated this thread in a long time. Hope you don't mind keeping us updated.

Hacking exchanges are almost normal these days
and yes this might be an inside job, but we can't deny how good these hackers
they can scan the web and look for vulnerabilities, they can send file or email
to someone with an attachment or virus that can take down a firewall, and then
pretend to be someone in the network, but the most interesting thing to me is
of all the hacking from the years in the past why are they not improving security
measures, making daily or weekly maintenance, they may lessen the probability
of being hack.

This entry can be deleted, as NiceHash is not an exchange, but a market for hash power. If you list other entities besides exchanges, you can also add hacked wallets. For example Parity Wallet lost in November 2017 210M USD from users' funds, 180M being rescued and returned by some white hat hackers.

Besides, you can add this to your list:
- 2014 July – Cryptsy – 13,000 BTC & 300,000 LTC
- 2018 February – Coinbin – Unknown amount of stolen money.

The number of scams is increasing due to the increase in the price of Bitcoin They are using various strategies to scam That is why we have to do a good analysis before exchanging. KYC's sites are hacked more when exchanging. But binance is much better You don't have to kyc here No hacker will be able to hack easily if you have to keep the keys well before exchanging them on other sites except trusted sites The number of scams this year is higher than in other years.

only have of the year, crypto fraudsters score $1.3 billion in illicit funds in 2020 alone
If the criminals don’t let up, 2020 is set to be the second-highest year for crypto-crime on record
This fraudsters are using this pandemic as an avenue of defrauding people of ventilators

I do not think this is the case, although some exchanges could have been hacked due to low cost set up but if you take a look at the hacked exchanges, binance, upbit, polonix, shapeshift, bitfinex and many other popular and strong exchanges that are even highly rated have been hacked before. So, some were set up with high cost but still vulnerable to hackers. Normally these exchanges are online, and nothing about them is stored offline, including the coins and the kyc, are all stored online, that is why they are vulnerable to hackers. And it is advisable to just trade on them and move back your coin to offline wallet securely irrespective of the exchange you are using.

This is what happens when the creators of some exchanges are the same users asking on a forum how much it costs to have the cheapest one set up. It's a shame that so many non-popular exchanges out there never care about even the most essential security advices.

There are backdoors out there because too many exchanges are focusing on adding as many shitcoins as possible to take every little penny of profit they can instead of leaving the new coins for later while creating a strong security layer for both their own safety so they can't be liable for such events and the customers' as their funds would be stored safely.

Like damn it, at least spend a few grand to protect the exchange wallet if not the website overall.

There are many exchanges that have been hacked before, starting from 2011, if you check it well the above article very well, the exchanges that were hacked increased in number and their were more hacked exchanges in 2018/2019.  But this year as been different because only one exchange which is Altsbit has been hacked. And not only binance that has been hacked before, exchanges are for trading while wallets should be a place to store your cryptocurrencies.

The problem is when you trade you have to leave some coins on the exchange for sell orders. So it is not practical to constantly withdraw coins from the exchange when you are not trading. It is advisable not to use an exchange as a wallet or to store large amounts of coins at any point of time in these exchanges.

Also Exchanges are the honeypot for hackers and they are pulled to it like flies are drawn to sh1t. Hackers are always looking for the big score and the brag rights when they were able to hack a large exchange. 

Well, it's not recommended to leave your investment in a exchange for the long term since I've seen a lot of exchanger closing because of the movement of the price market.

For exchanges having a lot of funds in their wallet at least, they should make sure they getting secured for their own and their users. For sure it would be easy hiring some people to do this since they might earn a big profit in their exchange.

Exchange hacks will keep happening, dont leave your coin on any exchange, once you make a trade withdraw your coins, both centralized or decentralized exchanges can get hacked by smart hackers nowadays, dex aren't safe like many thoughts, the safest place for your coins and funds is your wallet that you own the private key, find way to keep your keys safe and your coins won't leave your wallet ever

Hardware wallet is just one option, and newbies can still make mistakes with it, like buying a wallet with pre-generated seed. The key difference here is that hardware wallet allows user and only user control their keys, while exchanges are custodians. You can also use a software wallet to control your own keys, like a desktop or a mobile wallet, and you can even make your own cold storage by having a dedicated non-connected device for running wallet software.

A lot of threads already published regrading all crypto exchange hacking. And I see another this one with the same topic.And many high ranked users already did important discussion.

Here I am providing the links so that all can take a look at previous discussions:

• [Information] Altsbit Exchange hacked
• List of cryptocurrency exchange hacks
• Hacked Exchanges since 2011

Here all the threads have been updated

They don't need to be the best. All they need to do is find a hole.

Coincheck kept $500 million worth of XEM in one hot wallet. XEM has multi sig actually baked into it but they couldn't be arsed with that. They could have saved $500 million by spending $100 on a Trezor but that was clearly an unacceptable expense.

We think all these exchanges are fortresses of glass and steel when the reality is many of them are floppy-haired asshole tweenies lounging around their loft, that they've probably skanked the landlord on for the rent. 

Nice list you got here but i would say this is perfectly normal.
When you will think about it, hackers in past hacked to show their skills, later to steal some data/email databases which could earn them money.
But now? They can hack one exchange and get insane amount of money. This is golden era for hackers.
What conclusion are there? That exchanges attract most and for sure best of hackers from all over the world.
Think about it, best of bests, one of them will succeed sooner or later because in computer world all defenses are created by humans so they can be breached by smarter humans

I did not write login details are used to steal, I only wrote that login details are also stolen at some point which we called data breaches. A good example is the coinmama which was hacked in 2019, only data was stolen as no coin was recorded stolen. 450,000 login details were leaked.

They say all the time, "Not your key, not your coin."
Exchanges are kind of custodial wallet and they can never be used for storing your coins, not even for a single day unless you are a day trader. For your info, couple of months ago, Binance was hacked to and around 7000 BTC was stolen if I am not mistaken. So, not a matter which exchange you are using. It's possible to get hacked and ruined your party. Use wallet which you can control, which you have private key. Otherwise, someday you will be left zero balance 

This whole exchanges getting hacked of a thing is a big headache, maybe in future we will have good benefits access like trading in your very own wallet without having to send your coins to exchanges, I'm not talking about instaswap services like changelly or shapeshift

I tend to agree, I remember this when Cryptopia was hacked and everyone thinks that was extremely inside jobs but as far as I know until now the scammers didn't trace with them even though they had done investigating internally and externally.

However, a good thing to know Binance didn't experience hacking again. So, in this case, we shouldn't leave our money on the centralized exchange especially if we heard a shitty complaint against them.

Anyway, on the outside forum list, I also found on IDEX blog compiling scammed exchange.
A Complete List of Cryptocurrency Exchange Hacks [Updated]

I'm sure plenty of exchange hacks are inside jobs so security measures don't mean anything in those circumstances.

Bter is now gate.io. they came up with some rubbish about hosting problems, said they'd pay everyone back from earnings and then lost interest and relaunched.

Those are not the actions of a blue chip operation and most exchanges are run by people who may find the temptation too much to resist.

It is good that you have come to that conclusion, because the vast majority still do not understand that one of the key things in crypto is for everyone to be their own bank. The fact that millions of BTC (only Coinbase is holding almost 1 million BTC), is under full control of crypto exchanges is really worrying given that Bitcoin should be decentralized in terms of ownership, and that there should be no Bitcoin banks.

On the other hand, we know that many people trade on a daily basis, and we know that withdrawal fees are not low which certainly prevents many from storing their coins in relative safety of desktop/hardware wallets. But even though online wallets are insecure due to the constant possibility of hacking, phishing and privacy violations (KYC data stolen/shared with third parties) the fact that someone is using a hardware wallet does not mean absolute security.

However, I am of the opinion that security measures have significantly improved in the last few years on crypto exchanges (at least as far as those big players are concerned), and that most of the funds are stored in cold storage wallets. So most funds are relatively secure, but as I mentioned before, everyone should be in control of their private keys, because that’s the only thing that makes sense when it comes to BTC.

If the users' login details were used to stole coins then it's not the platform that has been hacked it's just the user account (and his/her coins) and that makes a big difference. Hackers don't use users' accounts to then hack the platform's system.


It has always been, nothing changed...


It happens every six month period, we're used to it...

 
Congratz for your conclusion but it's something we repeat over and over in discussions here, you only figured it now?

There’s a pretty good running thread on the matter in Trading Discussion: Hacked Exchanges since 2011. @VB1001 keeps it up-to-date, and the format is pretty seamless to follow. The last update is from February 2020.

All in all, this recap type of information gives us a clear idea why people need to be wary of the crypto they store on an Exchange, and even though some (few) hacks have been covered by the Exchange itself, these situations remain uncovered for the most, and have often lead to the end of the Exchange (with all that that entails). Keeping the amounts on the Exchanges to the bare minimum (0 or some quick (small) trading capacity) is recommended, assuming one can be his own bank without messing up.

Yes, that's why you shouldn't leaving your coin on an exchange (third parties) and just store on your wallet, because not your keys, it's not your coin. Even you have using 2FA authenticator, completing all KYC, and other thing to make your account is secure. If your exchange are got hacked, you will lost all your coin.

This is also related with Online/web wallet (custodial wallet). So you shouldn't leave your coin on both exchange and web wallet.

I just found out about the altsbit exchange, this exchange was launched in 2018 but the status listing on coinmarketcap as a list of projects cannot be traced. Altsbit cannot be accessed now and there are other indications that the team may be responsible behind the hacking case.

There are many exchanges that has been hacked in the past, even a new exchange called Altsbit has been hacked this year and many cryptocurrencies  were stolen. During most hack, cryptocurrencies were stolen while few stole users login details. This makes exchanges even more vulnerable to hackers as they are now the primary aims of hackers. Even from the list, I was so surprised to see some of the giant exchanges to be there.



2020
   
        Date                   Exchange                    Amount stolen

September 26            KuCoin                      Bitcoin assets, ERC-20-based tokens, along with other types of tokens worth of $250 million
                                                                        and other tokens

September 08           Eterbase                    $3.9 million ether, $5.4 million in total

February                      Altsbit                       6,929 BTC, 23,210 ETH, 3,924,082 ARRR, 414,154 VRSC & 1,066 KMD


2019

November                    Upbit                         342,000 ETH

November                   VinDAX                      $500,000 Worth of Cryptocurrency

July                              Bitpoint                      1,225 BTC, 11,169 ETH, 1,985 BCH, 5,108 LTC & over 28 million XRP

June                              Bitrue                        9.3 Million XRP & 2.5 Million ADA

June                            GateHub                    23,200,000 XRP

May                              Binance                     7,000 BTC

March                         DragonEx                   $7 Million Worth of Cryptocurrency

March                          Bithumb                    3 Million EOS & 20 Million XRP

March                         CoinBene                   Unknown

February                    Coinmama                 450,000 User Emails & Passwords

January                      Cryptopia                  1,675 ETH

January.                     Cryptopia                  Min. 19,390 ETH



2018

December                QuadrigaCX                 26,350 BTC

October                   MapleChange               913 BTC

September                      Zaif                        5,966 BTC

June                             Coinrail                     1,927 ETH, 2.6 Billion NPXS, 93 Million ATX, 831 Million DENT Coins & large amounts of 6
                                                                         other tokens

June                            Bithumb                    $31 Million Worth of XRP

May                           Bitcoin Gold                $18 Million Worth of BTG (not an exchnges but Bitcoin Gold blockchian 51% attack)

May                                Taylor                      2,578 ETH

April                          CoinSecure                  438 BTC

February                       Bitgrail                      17,000,000 NANO

January                      Coincheck                  523,000,000 NEM



2017

December                     NiceHash                   4,736 BTC

December                        Youbit                    Unknown

July                                  Bithumb                  $7 Million Worth of BTC & ETH

April                                 Yapizon                   3,800 BTC




2016

August                             Bitfinex                   120,000 BTC

May                                GateCoin                  250 BTC & 185,000 ETH

April                               ShapeShift                $230,000 Worth of Cryptocurrency



2015

February                            BTER                     7,170 BTC

February                          KipCoin                   3,000 BTC

January                          Bitstamp                  9,000 BTC

January                       LocalBitcoins            17 BTC

January                               796                      1,000 BTC



2014

October                            MintPal                   3,700 BTC

July                                   MintPal                   8 Million VRC

March                               Mt.Gox                    850,000 BTC

March                              Poloniex                  97 BTC



2013

November                        BitCash                  484 BTC

May                                   Vicurex                  1,454 BTC



2012

September                      BitFloor                   24,000 BTC

May                                Bitcoinica                 18,457 BTC

March                              Linode                     43,000 BTC from Bitcoinica & 3,000 BTC from Slush




2011

June                                 Mt.Gox                    2,643 BTC

October                           Bitcoin7                  11,000 BTC



https://selfkey.org/list-of-cryptocurrency-exchange-hacks/

When I read about this hack on https://selfkey.org/list-of-cryptocurrency-exchange-hacks/ it comes to my mind that any exchange can be hacked, because the ones that have been hacked are many in number. So, I come to the conclusion that it is better to store cryptocurrencies  on hardware wallets, and that exchanges are only for trading, not for long holding of cryptocurrencies.