The Bigger They Are The Harder They Fall; Biggest Crypto Currencies Exchange Failures
A look at the fragile environment that is centralised exchanges and the fall out left when they fail due to hacks, fraud or theft.
There is a common saying 'live and learn' meaning that experiences of the past are the best teachers for adapting behaviour in the future; it is the experiences that we live through first hand that will allow us to adjust our course in the future.
It is an important saying that has profound meaning in the world of crypto currencies although even with the amount of exchanges we have seen go under in the past it is still a hard pill to swallow; Traders gotta trades, enthusiasts need to means of getting hold of the latest shiny coin or share. Exchanges no doubt preform a valuable service; a service which is slowly being replaced by models that require less trust; models that allow you to retain ownership of your assets such as Bitshares or instant exchange services like Blocktrades and Shapeshift which do not retain your funds.
Which ever method you prefer, be it Centralized, Decentralized or instant my favorite saying in the whole crypto currencies space is "If you don't own the private keys, you don't own the bitcoins." and if your not considering the implications of that statement already its time to check your behaviour and think about how much counter party risk you are exposed too.
I will admit, i do use centralized exchanges.. if i did not i would have 20+ wallets installed on my computer which consumes a lot of space but would also expose me to a lot of risk in relation to malicious wallet (Lucky7coin for instance). While i try to diversify my holding of digital currencies i also attempt to diversify risk on platforms used to hold these assets, for example i hold assets in local wallets installed on different computers, web wallets, centralized exchanges, decentralized exchanges, hardware wallets and paper.
I have been lucky enough to only be scammed twice and only for small amounts of BTC, my first experience with a scammer was BTCARBS.com (no defunct); BTCARBS was a web service that you would deposit funds and which they would apparently use to arb trade exchanges and provide a nice daily profit to you account, i nearly made it out with my profits but after a few days of contacting support asking about my pending withdrawal it became apparent that something was a miss.
My other scam was completely my fault when i mistyped a URL for a popular bitcoin mixing service and sent my value to a very good clone website. needless to say i'm not getting that back anytime soon... live and learn :)
Top 5 Hack's, Theft's and Collapses of Crypto currency exchanges.
#1 Mt. Gox Collapse
| Metric | Value |
|---|---|
| Date | Feb 2014 |
| Estimate Amount Lost | 850,000 BTC |
| Estimate Amount Lost USD | $700 Million |
| Estimate Amount Lost USD Today | $493 Million |
Mt. Gox was one of the initial players in the bitcoin space and was previously an exchange for Magic: The Gathering; from which it got its name "Magic The Gathering Online Exchange".
Mt.Gox was a pivotal point in purchasing bitcoins for many years and in Feburary of 2014 announced that they had lost 850,000 BTC of customer funds. as far as i am aware the exact nature of how this went missing is still being investigated.
The Collapse of Mt.Gox also induced the collapse of Cyprus-based Neo & Bee which suffered losses and subsequently shutdown.
#2 BitFinex
| Metric | Value |
|---|---|
| Date | 2nd Aug 2016 |
| Estimate Amount Lost | 119,756 BTC |
| Estimate Amount Lost USD | $68 Million |
| Estimate Amount Lost USD Today | $68 Million |
Bitfinex a major Bitcoin exchange suffered a devastating blow which seen nearly 120,000 BTC wiped off their books with an estimated value of $60 Million USD, the loss is being attributed to hacker/s. The impact of the news caused Bitcoin short term price to drop 20% in the hours following the announcement.
Bitfinex is an interesting case as they have socialised the losses between their customers by reducing their customers balances by 36.067% and issuing them with debt token "BFX". BFX is to represent the losses consumed by customers and to be bought back by Bitfinex in the future to make the customers 'whole'.
Ironically Bitfinex's effort to be transparent with their holdings of customer funds and elimination of cold storage in lieu of multisig protection via BitGo; it is this lack of cold storage that allowed the hacker to bank such a hefty amount of coins.
#3 Bitcoinica
| Metric | Value |
|---|---|
| Date | May and July 2012 |
| Estimate Amount Lost | 58,000 BTC |
| Estimate Amount Lost USD | $406,000 |
| Estimate Amount Lost USD Today | $33.5 Million |
Bitcoinica was an exchange allowing Contract For Difference (CFD) trading between BTC-USD; founded in 2011, in 2012 it received multiple hacks the first occurring in March where some of the holdings on Bitcoinica were stolen from a web hosting provider 'Linode', 2 months later in May; Bitcoinica itself was hacked with funds stolen amounting to 18,000 BTC and then hacked again a few of months later in July amounting to 40,000 BTC stolen. The exchange was shutdown and founder pledged to payback customer 50% of their holding in the future, these customers are still waiting.. Interestingly advancements in blockchain analysis has recently posed the question as to if this was a hack at all.
#4 BitStamp
| Metric | Value |
|---|---|
| Date | 4th Jan 2015 |
| Estimate Amount Lost | 18,866 BTC |
| Estimate Amount Lost USD | 5 Million USD |
| Estimate Amount Lost USD Today | 10.9 Million USD |
In early January 2015 Bitstamp had its hot wallet compromised and slightly less than 19,000 BTC stolen with a value of about 5 Million USD; this amounted to roughly 12% of the BTC that they had on their books; while the remaining 88% was protected in cold storage inaccessible to the attacker. Bitstamp absorbed the losses and setup a partnership with Bitgo allowing for multisig protection on their hot wallet while still retaining the cold storage model the had protected them during the attack.
#5 Cryptsy - 2016
| Metric | Value |
|---|---|
| Date | July 2014 - Announced Jan 2015 |
| Estimate Amount Lost | 13,000 BTC and 300,000 LTC |
| Estimate Amount Lost USD: BTC | $8.1 Million, LTC: 2.4 Million |
| Estimate Amount Lost USD Today | BTC: $7.5 Million, LTC: 1.1 Million |
In Jan 2015 Cryptsy announced that they suffered a large hack roughly 6 month's before the announcement and in that time were attempting to repay lost funds with trading revenue. This has been the source of a large investigation as the hack was being 'swept under the carpet' and in the months that followed customers funds had been held ransom with reports of denied withdraws. The attack was said to be caused by a Trojan implanted in malicious wallet software released by Lucky7Coin.
A few more larger thefts, scams or hacks
The list above were only the top 5 exchange based hacks that i could find; although history of bitcoin is littered with similar attacks on centralised exchanges, web services and outright scams. The interesting thing with Bitcoin is a transfer from a hacker looks exactly the same as a transfer from a founder or malicious employee. so when services comes forth with claims of being hacked it is almost always met with a health level of uncertainty and scepticism.
A few more majors hacks, scams and thefts are listed below
| Event | Date | Amount (USD) | Bitcoins lost |
|---|---|---|---|
| Evolution | 03/18/2015 | $12,000,000.00 | 130,000.00 |
| Sheep Marketplace Incident | 12/02/2013 | $4,070,923.00 | 5,400.00 |
| GBL Scam | 8/01/2013 | $3,437,446.00 | 22,000.00 |
| MintPal | 07/14/2014 | $3,208,412.00 | 3,894.49 |
| PicoStocks Hack | 11/29/2013 | $3,009,397.00 | 5,896.23 |
| Bitcoin Savings and Trust | 1/05/2012 | $2,983,473.00 | 263,024.00 |
| BitPay | 12/11/2014 | $1,800,000.00 | 5,000.00 |
| BTER | 02/14/2015 | $1,750,000.00 | 7,170.00 |
| Moolah | 10/23/2014 | $1,500,000.00 | 4,087.19 |
| MyBitcoin Theft | 7/01/2011 | $1,072,570.00 | 78,739.58 |
| Scrypt.CC | 06/22/2015 | $858,865.00 | 3,500.00 |
| CryptoRush Theft | 3/11/2014 | $782,641.00 | 950 |
| Flexcoin Theft | 3/02/2014 | $738,240.00 | 896.1 |
| BIPS Hack | 11/17/2013 | $660,959.00 | 1,295.00 |
| Inputs.io Hack | 10/26/2013 | $640,615.00 | 4,100.00 |
| James Howells Loss | 7/01/2013 | $627,659.00 | 7,500.00 |
| Bitfinex | 05/22/2015 | $350,679.34 | 1,474.00 |
| Linode Hacks | 3/01/2012 | $223,278.00 | 43,554.02 |
TL;DR
Theft of Bitcoins and other digital currencies is not uncommon and it is a very lucrative business model for the people inclined to preform such attacks or setup dodgy businesses in an effort to deceive people of the digital currencies.
It is always good practise not to leave all your eggs in one basket and ensure a failure of your favorite exchange or service does not leave you completely wiped out.
With Decentralized exchanges such as Bitshares and instant exchanges like Shapeshift and Blocktrades gaining more support from the crypto community hopefully one day we can look back at events like the ones mentioned above in disbelief that we had decentralized trust-less currencies but were trading them with centralized 'trusted' 3rd parties.
The space is constantly evolving and we are in the early days still; with costly lessons like the ones outlined above we can be sure that we are being forced in the right direction..
Live and Learn
You guys may want to read the
Exchange Issues Log
.. maintained by the bitsharestalk.org forum members!
Oh, and i was thinking all of the stories about hacked sites are real, i've found a link on that forum about a company that claimed they were hacked, but they weren't...
There is only 1 rule no matter where you invest. "don't invest more then you can afford to loose." I personally always use this no matter how tempted i am.
EXACTLY!
That is right off course, but the above is about fraud/failure not about invetsment.
Every asset has a downside. Money in the bank isn't exactly guaranteed either. I know that in the future when I have enough to be concerned about loss protection that there will be a couple of gold bullion coins stashed away somewhere as well as coins in a secure offline wallet that I also have offline signing set up for.
Something else that is important, I think, is that even if you were not personally directly affected by the fall of Bitfinex and others, if you held the tokens they lost, the failure of the exchanges had an effect on the value of the currency anyway. This is also why I look forward to the day when there is no more centralised exchanges.
Even the big professional stock exchanges have had this kind of issue in the past, long before cryptos even existed.
Here does this mean you should let your savings errode away through inflation by leaving it in fiat or lost throigh haircuts or similar?
This is also very wise. I also live by this rule.
I admit I do use exchanges like Poloniex to serve as a sort of multiwallet for a ton of altcoins. Does anyone know of any other solution besides downloading all those different altcoin clients and trying to sync up? I'm thinking of an online decentralized wallet like openledger. It would be great if Poloniex let you have access to your own private keys and make a backup. In case the site is down or gone, you will still have access to your funds.
I know there are webhosted multiwallet services but im not sure about the protection in place when generating and storing keys.
If there was one that did the generation and storage client side and was open source and well vetted this would be a good option.
I do hope things are different on the 'decentralized' exchanges in the future. However, this is very sobering news and I will definately take a more pragmatic approach to all cryptocurrency investments going forward.
Things are already different on the decentralized exchanges and are available now. Check out Bitshares for trading at full speed (pretty much real time.. faster thanpolo ;) ) with no trust required and no counterparty risk on smartcoins USD,BTC,GOLD.. based on a Graphene blockchain (same as Steem, developed by one of the co-founders of Steem too; Dan)
It is cool, but somewhat unwieldy. Yesterday I opened a wallet at OpenLedger, and tried to get some BitShares for SBD (it is an exchange, right?) any how, it was quite an adventure and I am still stuck. The whole thing is in my latest blog post, if you want you can go and check it out.
Thing is, nope, not very friendly. Especially if you are an edge case like me. (Ipad, SBD, etc).
It is actualy time for peaple to understand, they should not store this kind of value online.
I lost 93 BTC on MTGox back in the days. and after that i newer gonna store, my value on anny place. It is safer to keep it on your own wallet, then a trading site.
With Mintpal and Cryptsy, it wasn't just bitcoins that went, all the alts were lost too, and they were worth something (i.e. their value wasn't zero).
I know exactly what you mean in regards to Cryptsy but it is commonly reported the BTC & LTC stolen in July 2014, but i remember having issues getting my alts out of the exchange too at the start of 2015; not sure if this was due to them being hacked or dodgy dealing after the fact trying to recoup losses.
I remember fighting with support because both my account had been archived due to 6 months of inactivity; but it had only been 5 months; and then when i got back on half the wallets were in maintenance and could not do withdraw; eventually some of them opened up etc. only had a tiny bit on there not sure why but i think i had heard rumors leading up to it and cleared out my accounts. Still it was a pain.
In regards to Mintpal i'm not sure if that figure includes alt balances but they defiantly just shutdown and took the lot.. i had been waiting for months for the public API to come online; and then 1 weeks out and bang; its gone
Good post, man.
I wish more people, especially all the new users who got some exposure to crypto-currency through steem, would realize the inherent dangers of leaving crypto parked in an exchange.
Unless you are a trader, there are few reasons to leave your crypto outside of your control.
Use #bitshares and #bitsquare, both are excellent software, one or the other will be better suited depending on what your goal is.
For anyone reading concerned about this: check my posting history/blog, you will see invaluable information about this subject in many of my posts.
And unless you really know what you are doing, do not store large amounts of crypto in your computer.
Use something like the Ledger Nano S to store your bitcoin instead.
I have one, and can personally recommend.
Electrum with 2FA is also pretty decent, provided you do not store the seed on your computer. And as usual with anything crypto, use a strong, randomly-generated password.
I recommend you mix the two: your long-term savings in a hardware wallet like the ledger nano s mentioned above, and a 2fa-protected electrum wallet for amounts up to 4 BTC or so.
And remember -- do not store the seed on your computer, and preferably be offline while you are generating the wallet.
And finally, because it never gets old....
"The Bigger They Are The Harder They Fall" is the same as "The Taller They Stand The Harder They Fall" ? It sounds to me like a quote from the music of dishonored, great game!
I myself ws a victim of the Bitfinex one, now I have their worthless BFX tokens!
If you don't own your keys, you don't own bitcoin. Thank you for clarifying that.