Sign up to save your podcasts
Or
Share Six of 2021’s Most Massive Crypto-Heists
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Six of 2021’s Most Massive Crypto-Heists
Cryptography, eh? We've all heard digital currency evangelicals sing seductive, utopian platitudes: It is altering the world (or, as one BitConnect employee put it, "The world is no longer as it once was!")! It is reshaping finance (no banks required)! It's going to make you filthy rich, you moron! All of this is excellent. However, here's what it's likely to do: Empty your pockets and abandon you to wander the streets of the nearest city, singing the blues about how a hacker stole your life savings.
It's a well-known fact that cryptocurrency fraud and theft are prevalent in the industry. Numerous reports from various watchdog organisations have demonstrated that the largely unregulated landscape of digital finance is rife with criminal activity, which is to be expected in unregulated industries. Add to that the pervasive cybersecurity flaws in crypto infrastructure, the hordes of money-hungry cybercriminals scouring the internet for an unsecured hot wallet or exchange zero-day vulnerability, and you have the perfect recipe for getting your shit robbed.
Additionally, it is abundantly clear that ripoffs and theft appear to be worsening, not improving. According to a study published in August by Crypto Head, this year was one of the worst on record for cryptocurrency hacks and robberies — with 32 incidents reported and associated losses totalling approximately $US2.99 billion ($4 billion-ish). That appears to be an increase over last year's figures, which were a 40% increase over the reported incidents for 2019. And, since the publication of Crypto Head's report, a smattering of exchange hacks has served to confirm the report's central thesis.
In that vein, here are six of the biggest cryptocurrency scams of 2021.
BadgerDAO
As expected, December has been a busy month for cryptocurrency thieves. Indeed, a few weeks ago, BadgerDAO, a decentralised finance platform, was ripped off. According to the platform's blog post, on Dec. 2, an unknown party gained access to a number of different user accounts. What will be the cost? Stolen funds totalling approximately $US120 million (approximately $166 million). Following that, Badger explained that it appears as though the hacker injected a malicious script into its website, allowing the criminal to intercept active users' transactions and redirect them to the hacker's wallet.
BitMart
Only days after BadgerDAO was robbed, $US150 million (approximately $208 million) vanished in a cloud of digital smoke from the coffers of popular cryptocurrency exchange BitMart. On the day in question, the platform announced that it would be "temporarily suspending withdrawals until further notice" following the discovery of a "large-scale security breach" involving two "hot wallets" — digital cryptocurrency accounts that are connected to the internet. Peckshield, the cybersecurity firm that first brought the incident to light, described the hack as a "fairly straightforward: transfer-out, swap, and wash" operation. Regrettably, BitMart's previous slogan ("The most trusted cryptocurrency trading platform") is unlikely to resonate with current and potential customers.
Poly Network
The story of Poly Network is one of the most massive and bizarre cryptocurrency heists in history. On August 10, the exchange was allegedly hacked, resulting in the loss of approximately $US600 million (approximately $831 million) in investor funds — one of the largest windfall thefts in cryptocurrency history. Poly's leadership scrambled to create an online missive pleading with the hacker to return their money. "Dear Hacker," the letter began amusingly — before pleading with the anonymous token thief for a secure "return of the hacked assets."
On the internet, the letter was largely met with mockery and bemused sympathy, and nobody believed the stolen money would ever be recovered. Poly's tactic, on the other hand, was successful! The hacker, whoever they are, began returning stolen funds — later claiming in blockchain-encrypted memos that they hacked the exchange "for fun" and to expose a critical security flaw in Poly's system. By the end of August, the thief was said to have returned the entire haul.
Liquid Exchange
In August, the Japanese cryptocurrency exchange Liquid reported a loss of $US97 million (approximately $134 million) due to a cyberattack on its systems that targeted its multiparty computation (MPC) system of custody — a supposedly secure cryptographic digital asset mechanism. Blockchain analysts observed as the funds were then funnelled through a series of wallets and mixers, obscuring their trail and ultimately allowing the anonymous bandit (or bandits) to flee with the loot. At least for now.
Vulcan Forged
Vulcan Forged is yet another unlucky casualty. The company operates a variety of cryptocurrency-related services and products, including a DeFi platform, an NFT market, and several play-to-earn token-based video games. Anyway, Vulcan was reportedly robbed of $US140 million (just shy of $200 million) earlier this month, when a hacker obtained the private keys to 96 of the platform's wallets and emptied them of all funds. The hacker stole an average of $US1.46 million (that's $2 million!) per wallet, according to estimates. Unlike many other cryptocurrency platforms, Vulcan actually refunded investors for money they had lost — a very charitable move that likely helped the company regain its reputation.
Thodex
Then there's the unfortunate story of Thodex, a Turkish cryptocurrency exchange whose young, weasel-like CEO allegedly stole approximately $US2.7 billion (approximately $4 billion) in investor funds this spring. After attracting significant investment since its launch in 2017, Thodex abruptly shut down in April, prompting Faruk Fatih Ozer, the platform's 27-year-old founder, to fly to Albania. One of the last known images of the dude shows him hustling through Istanbul's airport before jetting off to who knows where. The collapse of the exchange sparked widespread unrest in Turkey, with authorities arresting and detaining 83 people, including members of Ozer's family. Except for Ozer! Is this guy still around? If you do, approximately 400,000 people are interested in receiving a copy of his current address.
Support us!
View all episodes
By Crypto PiratesCryptography, eh? We've all heard digital currency evangelicals sing seductive, utopian platitudes: It is altering the world (or, as one BitConnect employee put it, "The world is no longer as it once was!")! It is reshaping finance (no banks required)! It's going to make you filthy rich, you moron! All of this is excellent. However, here's what it's likely to do: Empty your pockets and abandon you to wander the streets of the nearest city, singing the blues about how a hacker stole your life savings.
It's a well-known fact that cryptocurrency fraud and theft are prevalent in the industry. Numerous reports from various watchdog organisations have demonstrated that the largely unregulated landscape of digital finance is rife with criminal activity, which is to be expected in unregulated industries. Add to that the pervasive cybersecurity flaws in crypto infrastructure, the hordes of money-hungry cybercriminals scouring the internet for an unsecured hot wallet or exchange zero-day vulnerability, and you have the perfect recipe for getting your shit robbed.
Additionally, it is abundantly clear that ripoffs and theft appear to be worsening, not improving. According to a study published in August by Crypto Head, this year was one of the worst on record for cryptocurrency hacks and robberies — with 32 incidents reported and associated losses totalling approximately $US2.99 billion ($4 billion-ish). That appears to be an increase over last year's figures, which were a 40% increase over the reported incidents for 2019. And, since the publication of Crypto Head's report, a smattering of exchange hacks has served to confirm the report's central thesis.
In that vein, here are six of the biggest cryptocurrency scams of 2021.
BadgerDAO
As expected, December has been a busy month for cryptocurrency thieves. Indeed, a few weeks ago, BadgerDAO, a decentralised finance platform, was ripped off. According to the platform's blog post, on Dec. 2, an unknown party gained access to a number of different user accounts. What will be the cost? Stolen funds totalling approximately $US120 million (approximately $166 million). Following that, Badger explained that it appears as though the hacker injected a malicious script into its website, allowing the criminal to intercept active users' transactions and redirect them to the hacker's wallet.
BitMart
Only days after BadgerDAO was robbed, $US150 million (approximately $208 million) vanished in a cloud of digital smoke from the coffers of popular cryptocurrency exchange BitMart. On the day in question, the platform announced that it would be "temporarily suspending withdrawals until further notice" following the discovery of a "large-scale security breach" involving two "hot wallets" — digital cryptocurrency accounts that are connected to the internet. Peckshield, the cybersecurity firm that first brought the incident to light, described the hack as a "fairly straightforward: transfer-out, swap, and wash" operation. Regrettably, BitMart's previous slogan ("The most trusted cryptocurrency trading platform") is unlikely to resonate with current and potential customers.
Poly Network
The story of Poly Network is one of the most massive and bizarre cryptocurrency heists in history. On August 10, the exchange was allegedly hacked, resulting in the loss of approximately $US600 million (approximately $831 million) in investor funds — one of the largest windfall thefts in cryptocurrency history. Poly's leadership scrambled to create an online missive pleading with the hacker to return their money. "Dear Hacker," the letter began amusingly — before pleading with the anonymous token thief for a secure "return of the hacked assets."
On the internet, the letter was largely met with mockery and bemused sympathy, and nobody believed the stolen money would ever be recovered. Poly's tactic, on the other hand, was successful! The hacker, whoever they are, began returning stolen funds — later claiming in blockchain-encrypted memos that they hacked the exchange "for fun" and to expose a critical security flaw in Poly's system. By the end of August, the thief was said to have returned the entire haul.
Liquid Exchange
In August, the Japanese cryptocurrency exchange Liquid reported a loss of $US97 million (approximately $134 million) due to a cyberattack on its systems that targeted its multiparty computation (MPC) system of custody — a supposedly secure cryptographic digital asset mechanism. Blockchain analysts observed as the funds were then funnelled through a series of wallets and mixers, obscuring their trail and ultimately allowing the anonymous bandit (or bandits) to flee with the loot. At least for now.
Vulcan Forged
Vulcan Forged is yet another unlucky casualty. The company operates a variety of cryptocurrency-related services and products, including a DeFi platform, an NFT market, and several play-to-earn token-based video games. Anyway, Vulcan was reportedly robbed of $US140 million (just shy of $200 million) earlier this month, when a hacker obtained the private keys to 96 of the platform's wallets and emptied them of all funds. The hacker stole an average of $US1.46 million (that's $2 million!) per wallet, according to estimates. Unlike many other cryptocurrency platforms, Vulcan actually refunded investors for money they had lost — a very charitable move that likely helped the company regain its reputation.
Thodex
Then there's the unfortunate story of Thodex, a Turkish cryptocurrency exchange whose young, weasel-like CEO allegedly stole approximately $US2.7 billion (approximately $4 billion) in investor funds this spring. After attracting significant investment since its launch in 2017, Thodex abruptly shut down in April, prompting Faruk Fatih Ozer, the platform's 27-year-old founder, to fly to Albania. One of the last known images of the dude shows him hustling through Istanbul's airport before jetting off to who knows where. The collapse of the exchange sparked widespread unrest in Turkey, with authorities arresting and detaining 83 people, including members of Ozer's family. Except for Ozer! Is this guy still around? If you do, approximately 400,000 people are interested in receiving a copy of his current address.
Support us!