Review of Centralized Exchange Hacker Attacks: Historical Lessons and Security Insights

In recent years, several well-known centralized exchanges have suffered significant losses, some due to external hacker intrusions and others due to poor internal management leading to collapse. Even industry giants face immense pressure from regulatory agencies. In contrast, decentralized exchanges have a natural advantage in dealing with threats such as hacker attacks, fraud, and excessive regulation.

This article will review the top ten most severe hacking incidents at centralized exchanges in the cryptocurrency space, exploring the lessons and insights from them.

1. Bithumb: The South Korean exchange frequently targeted by hackers

Bithumb has quickly become a leader in the South Korean cryptocurrency market since its establishment in 2014, boasting over 8 million users and a trading volume exceeding 1 trillion USD. However, behind its glory lies frequent security vulnerabilities.

Since 2017, Bithumb has faced multiple Hacker attacks:

• February 2017: Lost 7 million USD
• June 2018: Employee information was exploited, nearly 32 million dollars worth of cryptocurrency was stolen.
• March 2019: Approximately $20 million worth of EOS and XRP were stolen.
• June 2019: Lost another $30 million in digital tokens

In response to these frequent security incidents, the South Korean Ministry of Science and Technology conducted a comprehensive investigation and discovered multiple security vulnerabilities, including insufficient network isolation, flaws in monitoring systems, and improper management of encryption keys.

2. WazirX: Indian exchange hit hard

In July 2024, the Indian exchange WazirX experienced a serious wallet vulnerability attack, resulting in over $230 million worth of crypto assets being illegally transferred. This attack primarily targeted WazirX's multi-signature wallet on Ethereum.

The stolen assets include over $100 million worth of Shiba Inu (SHIB), 20 million MATIC tokens ( worth about $11 million ), 640 billion PEPE tokens ( worth $7.5 million ), 5.7 million USDT, and 135 million GALA tokens ( worth $3.5 million ).

Despite WazirX adopting advanced security measures such as hardware wallets and address whitelists, it still could not withstand this complex attack. This incident highlights the potential risks of centralized management of private keys and reminds the industry of the need to continuously improve the protection mechanisms for digital assets.

3. A well-known exchange: A global leading exchange遭遇Hacker入侵

In May 2019, a global leading cryptocurrency exchange experienced a major security incident. Hackers successfully stole users' two-factor authentication codes and API keys through phishing and virus attacks, stealing 7,074 bitcoins in one go from the exchange's hot wallet, worth over 40 million dollars at the time.

To respond to this incident, the exchange announced the establishment of a user security asset fund (SAFU) to protect user funds in extreme cases. However, despite these measures, the platform still faced another significant security challenge in October 2022. Hackers illegally generated and stole tokens worth approximately $570 million by exploiting vulnerabilities in the cross-chain bridge.

4. KuCoin: Hollywood-style Digital Heist

In September 2020, KuCoin experienced a hacker attack comparable to a Hollywood blockbuster. The attackers first transferred Bitcoin and Ethereum to a mysterious wallet, and then expanded the scope of the attack by stealing the private keys of KuCoin's hot wallet.

This attack involved multiple cryptocurrencies, including BTC, ETH, LTC, and XRP, with total losses amounting to approximately $281 million. KuCoin quickly took action, transferring the remaining funds to a new hot wallet and temporarily freezing all customer transactions.

By collaborating with international law enforcement agencies, KuCoin recovered approximately $204 million of stolen funds within weeks. There are indications that this attack may be related to a certain country's Hacker organization.

5. BitGrail: Possibility of Internal Involvement

The Italian cryptocurrency exchange BitGrail is embroiled in controversy due to the theft of 120 million euros (approximately 146.55 million USD). Italian police suspect that the exchange's head, Firano, may have been involved in the hacking or failed to strengthen security measures in a timely manner after discovering the vulnerability.

This incident resulted in approximately 230,000 users suffering losses. Firano faces multiple charges, including computer fraud, fraudulent bankruptcy, and money laundering, making it one of the largest financial violations in Italian history.

The Italian bankruptcy court took decisive action, declaring Firano and BitGrail bankrupt and requesting the return of as many stolen assets to customers as possible. The court also approved the seizure of Firano's personal assets and the cryptocurrency in BitGrail's accounts. Investigations revealed that software defects on the BitGrail platform led to multiple improper withdrawal requests.

6. Poloniex: Two Major Security Vulnerabilities

Poloniex has experienced two serious security incidents.

In March 2014, a hacker exploited a software vulnerability to steal 97 Bitcoins, accounting for 12.3% of the exchange's Bitcoin holdings at the time. Despite the setback, Poloniex successfully recovered and fully compensated the affected users.

In November 2023, Poloniex was attacked again, this time more severely. A suspected hacker group from a certain country stole private keys and took approximately $126 million in crypto assets from Poloniex's hot wallet.

The attacker used methods such as social engineering and malware to obtain critical private keys. After the hacker intrusion, complex strategies were employed, including sending different tokens to specific addresses and using decentralized exchanges for money laundering, which increased the difficulty of tracking and recovery.

7. Bitstamp: The System Administrator Becomes the Breakthrough

Cybercriminals targeted Bitstamp's system administrator Luka Kodric. Kodric unknowingly downloaded a malicious file hidden in a regular document, which activated a script that infected Bitstamp's servers, allowing hackers to access the critical wallet.dat file and passwords.

Despite Bitstamp's swift action in forming an emergency team and issuing a company-wide alert, the Hacker still successfully stole 18,866 bitcoins from the hot wallet, resulting in a loss of approximately 5 million dollars.

Afterwards, Bitstamp carried out a comprehensive overhaul of the trading platform. They migrated the infrastructure to Amazon's secure cloud servers located in Europe, implemented multi-signature wallet access, and hired professional institutions for cold wallet management.

8. A Large Exchange: Vulnerabilities in Multi-Signature Systems

In August 2016, a well-known exchange suffered a cyber attack. Hackers exploited a vulnerability in the platform's third-party supported multi-signature security system and successfully illegally withdrew 120,000 Bitcoins from the hot wallet.

After the attack, the platform remained transparent about the financial losses. The losses were distributed across user accounts, with each account losing 36%. To mitigate the losses, the platform issued tokens to affected users that can be redeemed for dollars or company stock, to facilitate a gradual recovery.

9. Coincheck: The largest cryptocurrency theft case in Japan

At the end of January 2018, the well-known Japanese cryptocurrency exchange Coincheck suffered one of the most severe hacker attacks in history. The hacker infiltrated the exchange's hot wallet and stole 523 million NEM tokens, worth approximately 534 million dollars at the time.

Despite previous lessons from other hacker attacks, Coincheck still stored a large amount of assets in hot wallets and lacked sufficient multi-signature protection. After the attack occurred, the exchange immediately suspended all deposit and withdrawal services to prevent the flow of stolen funds.

The cryptocurrency community has quickly taken action to try to prevent the stolen assets from being liquidated. Multiple exchanges have banned trading of the stolen NEM coins and have flagged related addresses to prevent further transactions. Despite these efforts, a full recovery of the funds has not yet been achieved.

10. Mt. Gox: The Most Notorious Hacker Incident in Cryptocurrency History

The Mt. Gox incident is undoubtedly the most notorious theft in the history of cryptocurrency, mainly due to its large scale and the early time it occurred.

In 2011, Mt. Gox, the largest Bitcoin exchange at the time, encountered a significant security vulnerability, resulting in the loss of 25,000 Bitcoins. In 2014, the situation worsened further, culminating in a catastrophic theft where approximately 850,000 Bitcoins were stolen.

This hacker attack has far-reaching effects, not only causing significant fluctuations in Bitcoin prices but also severely undermining the confidence of the global cryptocurrency community. A user shared in the forum: "I have almost lost everything. This incident has forever changed my view on the security of digital currencies." This clearly illustrates the profound impact of the Mt. Gox incident on individuals and the entire industry.

Key Measures to Strengthen Exchange Security

In recent years, the security issues of exchanges have become the focus of the cryptocurrency industry, especially after several major security incidents and internal problems led to the closure of exchanges or loss of funds. To enhance security, exchanges can take various measures:

1. Cold and hot wallet separation: Keeping most assets in an offline cold wallet and only retaining a small amount of funds in a hot wallet for daily transactions can significantly reduce the risk of large-scale theft of funds.

2. Multi-signature mechanism: Requires multiple key holders to jointly sign transactions, effectively preventing fund loss due to the leakage of a single key.

3. Regular security audits: Hire a professional security team to conduct comprehensive security assessments and penetration testing regularly.

4. Employee Training: Strengthen security awareness training for employees, especially in preventing social engineering attacks.

5. Real-time monitoring system: Establish an advanced real-time trading monitoring system to promptly detect and prevent abnormal transactions.

6. Insurance Protection: Purchase professional cryptocurrency insurance for user funds, providing an additional layer of financial security.

7. Enhanced Transparency: Regularly publish proof of fund reserves to increase user trust.

8. Strict KYC and AML policies: Implement strict customer identification and anti-money laundering policies to reduce the risk of the platform being used for illegal activities.

By taking these measures, the exchange can significantly improve its security, providing users with a safer and more reliable trading environment. However, security is an ongoing process that requires the exchange to constantly update and refine its security policies to address the evolving threats.