Anyone holding any amount of cryptocurrency should be well aware of the threat of hacking. Unfortunately, a variety of different types of hacks are attempted on a daily basis.
Hacking – especially with individuals as targets – is so commonplace that you’ll never hear about most of the hacks that happen in the cryptocurrency world. A few times a year, however, colossal hacks are executed against the biggest targets. With exchanges and networks in their sights, hackers periodically try for the big heists.
In this article, we’ll present the three biggest cryptocurrency hacks of all time. First, though, we’ll start with a comprehensive overview of hacking in cryptocurrency. We’ll explain what hacking is before telling the stories of the three biggest hacks in the history of the space.
What is Hacking in Cryptocurrency?
For many, the term “hacking” will conjure images of criminals in dark rooms typing long strings of code into computers. In fact, the definition of hacking is not universally agreed upon and may be much broader. For example, simply using someone’s computer without asking qualifies as hacking if we accept its most inclusive definitions.
To achieve the goal of illuminating hacking in cryptocurrency, specifically, we’ll go forward with a simple and relatively broad definition of hacking, which is that hacking occurs whenever devices or online accounts are accessed without the permission of their owners’.
Hacking may be done for a number of purposes. Outside of cryptocurrency, hackers often access people’s personal devices to obtain private information to facilitate blackmail, for example. When we think of hacking in cryptocurrency, however, it is almost exclusively engaged in for the purpose of stealing funds.
A Caveat: Black Hat vs. White Hat
Entire articles could be – and have been – written about the differences between black hat and white hat hackers. The simplest and most important distinction, however, is the intent and purpose of both types of hackers. Generally speaking, white hat hacking is done “ethically” while black hat hacking is done “maliciously.”
One of the stricter definitions of hacking dictates that it is done to identify and exploit vulnerability in computer systems. Accordingly, businesses, organizations, and projects that aim to have iron-clad cybersecurity often hire white hat hackers who search for weak spots in their employers’ networks and systems so that they can be bolstered against attacks from black hat hackers.
The Biggest Hacks in the History of Crypto
With the concept of hacking firmly established, we can proceed to discussing three of the most shocking and scandalous events in all of cryptocurrency: the biggest hacks.
It should be noted that the hacks selected for this section are not included for any one particular aspect. The descriptor “biggest,” in this case, does not refer to the amounts of funds stolen, exclusively. Instead, these three biggest hacks are the most notable due to a variety of factors, including – but not limited to – funds stolen, number of people affected, and consequences for the cryptocurrency community.
Mt. Gox: The 2014 Hack Still Making Headlines
Although it’s not technically the largest hack that’s ever occurred in terms of the amount of funds stolen, the Mt. Gox hack is most likely cryptocurrency’s most notorious hack.
Founded in 2010, Mt. Gox was one of the first cryptocurrency exchanges. Mt. Gox enjoyed a large market share and even handled approximately 70% of all Bitcoin transactions worldwide for a period in 2013. Mt. Gox’s success had apparently made it a target for hackers, though; in 2014, it was revealed that roughly 840,000 Bitcoin was stolen during an attack on the exchange. At the time of the theft, those 840,000 BTC were worth nearly $500 million.
The specific details of the hacking of Mt. Gox are still quite unclear. While many sources seem to report it as a single tremendous attack, others speculate that the Bitcoin may have been stolen over a much longer period – possibly even beginning in 2011.
Another detail of the Mt. Gox attack that is still cloudy is how the hacking was carried out. A number of possibilities appear likely, including the exploitation of a bug in the software as well as assistance from a nefarious Mt. Gox insider. Regardless of how long the hack took and how it was executed, the results were catastrophic for the exchange. Mt. Gox declared bankruptcy in 2014 and its team has faced lawsuits ever since.
Eight years later, Mt. Gox still appears in cryptocurrency news headlines – but recently, it’s been good news. Of the total 840,000 BTC stolen, approximately 200,000 BTC were recovered. Since their recovery, the ~200,000 BTC have been held by Mt. Gox’s trustee, Nobuaki Kobayashi, who has plans to release the funds to the rightful owners. Of course, those owners anxiously await the release of their funds; Bitcoin’s value has skyrocketed in the years since the hack!
The Enormous – and Bizarre! – Attack on Poly Network
Recall the distinction between black hat and white hat hackers made earlier in this article: black hats operate maliciously while white hats’ intent is ethical in nature. In August of 2021, a single anonymous hacker rocked the cryptocurrency space by straddling the line between black and white.
Poly Network describes itself as “a global cross-chain protocol for implementing blockchain interoperability and building Web3.0 infrastructure.” In simpler terms, Poly Network facilitates the transfer of crypto to and from a variety of different blockchains and has reportedly enabled transfers totalling over $16 billion.
On August 10, 2021, it became public that a hacker had exploited a vulnerability in Poly Network’s code, allowing the theft of over $600 million in various cryptocurrency tokens. The hack itself is fairly intricate, but it has been described succinctly as an attack enabled by “a mismanagement of the access rights between two important Poly smart contract[s].”
The truly incredible twist in the story began the day after the attack was made public. On August 11, the hacker began returning the stolen funds! In the days and weeks following the hack, the anonymous individual responsible kept up a dialogue with Poly Network’s team. Within two weeks, the entire sum of stolen cryptocurrency had been sent back.
To this day, the true intent behind Poly Network’s hacker remains a mystery to most. Before the funds were returned, Poly Network publicly stated that it was taking steps to make it impossible for the hacker to launder and keep the stolen cryptocurrency, and that it knew the identity of the hacker. Many who believe these claims find it likely that the hacker was essentially forced to return the funds as failing to do so would have resulted in legal consequences. This theory decries the individual as a black hat hacker.
The competing theory is that the hacker’s identity was never known. It appears that as the hacker began cooperating with Poly Network, Poly’s team changed their narrative and began seeing him as an ethical hacker. They even began referring to the hacker as “Mr. White Hat.”
In the end, Mr. White Hat was offered a “bounty” of $500,000 for his cooperation. Publicly, Mr. White Hat stated, “The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back.”
While there are certainly individuals that know the full story – most notably “Mr. White Hat” and key insiders at Poly – the rest of us are left to make our best guesses at what, exactly, occurred. Was Mr. White Hat really just pointing out a flaw in Poly Network’s code, always with the intent to return the funds? Or was Mr. White Hat actually a black hat hacker who was scared into removing his black hat?
Ronin Network’s Monumental Hack
It must be acknowledged that when huge hacks are reported, the total sums of money stolen are estimated. As a result, it’s impossible to be certain which hack has been the absolute largest in funds stolen. That said, many believe that the hack of the Ronin Network in March of 2022 was the biggest hack in cryptocurrency’s history; all estimates put the total of the funds stolen over $600 million with some reports claiming $650 million.
Other than being the target of crypto’s largest ever hack, Ronin Network is best known as the platform that facilitates transfers of funds with one of the most popular games in the cryptocurrency space: Axie Infinity. In Axie Infinity, players collect and create NFTs, which can be used to battle other players’ NFTs.
The hack on the Ronin Network occurred in March 2022 and resulted in the theft of at least 173,600 ETH and 25.5 million USDC. According to at least once source, hackers enticed a senior engineer of Ronin with a fake job offer PDF file. Accessing the malicious file granted the hackers access to the engineer’s computer, which allowed them to take control of validator nodes and then transfer funds.
As of the writing of this article, the Ronin Network hack is quite recent. At this time, it’s unknown whether the perpetrators of the hack will be brought to justice and it’s also unclear if any of the funds will be reclaimed. Ronin Network has made its intentions clear, however, stating that efforts are being made to ensure that everyone gets their crypto back. Only time will tell.