Bitcoin Scams From the Beginning: Crypto's Biggest Hacks, Historical Timeline and User Security Guide
Bitcoin, in all of its glory over the past decade since its inception in January 2009, still has many red flags and black holes to overcome such as fraudulent scams and malicious hacks, as well as smart custody solutions.
This bitcoin scams guide is formulated into three major sections for easy extraction and consumption:
- the most popular ways scammers, hackers and bad actors steal bitcoin (awareness)
- historical timeline of all the crypto scams and bitcoin hacks (knowledge)
- the best ways to protect your cryptoassets and how to avoid bitcoin scams (education)
These resourceful reference points of raising awareness, giving knowledge and spreading education will benefit all bitcoin investors, traders and ultimately users who want to learn how to properly protect and safely secure your cryptocurrency holdings from the charlatans and malefactors in the industry.
The truth is these crypto-centric cybercriminals have swindled billions of dollars worth of bitcoin utilizing very skillful tactics and promotional gimmicks to lure unassuming users into nefarious investment opportunities, fake exchanges and wallet providers and a whole host of other methods outlined below.
We will review how common cryptocurrency scamming strategies work such as; suspicious email links for phishing personal data, dodgy downloads installing malware and keyloggers, hackers impersonating celebrities, controversial exchange owners and operators, free crypto twitter giveaways, ransomware extoration blackmail demands, smartphone SIM swapping, booby-trapped pump and dumps, ICO exit scams, multi-level network marketing pyramid schemes, brutual black market mischief, free trial business opportunities, fake cloud mining farms, free matrix doublers and guaranteed income multipliers / return on investment profit offers. Unfortunately, all of these bitcoin scam tactics exist and are hard to ignore as they should be considered immediate threats and risks to your livelihood in 2019 and beyond.
Even bitcoin scams are starting to populate on popular social media networks like Instagram, Youtube and Facebook that all prey on attracting unsuspecting individuals based on supplying false pretenses and taking advantage of people's trust and negligence (after reading this not anymore!).
It is not easy to recover scammed bitcoin funds or to foolproof yourself so you must adopt the eagle eyes approach and apply hawk-like tendencies across all airwaves online with sufficient due diligence.
As law enforcement agencies play catch-up in learning the ropes of the emerging cryptocurrency sector and blockchain-based dencentralized finance era, new smart custody options will continue to surface, but in the short term it is in everyone's best interest to learn the tricks of the trade and store your bitcoin wisely.
While most are fixated on the rollercoaster ride of what is the price of bitcoin, neglecting bitcoin's past history of scams and hacks is not optimal as there are many take-home lessons and learning curves to endure if any cryptoasset user wants to actually ‘become your own bank' and avoid being duped by con artists.
Truth be told, there is really a very limited number of reasons or instances in which your private key should ever be disclosed to anyone, even if sending them a payment or doing business with them.
Now that you have a 10,000 foot bird's eye view of what to pay attention to for starters, let's jump right in and review all the necessary bitcoin scam methods, history and safety tips to optimize your bitcoin future.
A Million Ways To Lose Your Bitcoin, Here's the Top 15
Before the list of the top 15 ways bitcoin scammers try to steal your crypto funds, we know it can sometimes feel like every day brings a new bitcoin related hack or scam scandal (and in some ways that is not wrong). But far from being an unsafe, wild-west of money, cryptocurrencies in general are becoming safer and more regulated every day.
However, it is vitally important for the public to be aware not just of the benefits of Bitcoin and cryptos as a whole, but the very real risks associated with putting your money into it. This article aims to highlight the different scams, hacks and frauds within the digital financing world. The bitcoin hacks and scams timeline will serve as a continually updated guide for anyone invested in cryptocurrencies or considering the move in the future. By the end, you should have the knowledge needed to identify potential security risks, pick safe protection measures for your needs and personal risk assessment, and be informed of the latest hazards within the market.
- 1 Bitcoin Scams From the Beginning: Crypto's Biggest Hacks, Historical Timeline and User Security Guide
- 1.1 A Million Ways To Lose Your Bitcoin, Here's the Top 15
- 1.1.1 51% Attacks Against Blockchains
- 1.1.2 DNS And Website Redirection Hacks
- 1.1.3 Fake Exchanges
- 1.1.4 Ponzi Schemes
- 1.1.5 Fake Crypto Projects And ICOs
- 1.1.6 Site Clones And Phishing Attacks
- 1.1.7 Fake Forking Scams
- 1.1.8 Malware
- 1.1.9 Digital Wallets
- 1.1.10 Fake Support Team Scams
- 1.1.11 Pump and Dump Scams
- 1.1.12 Public Wi-Fi Hacks
- 1.1.13 SIM Jacking And Cryptojacking
- 1.1.14 Social Media Giveaway Scams
- 1.1.15 Cloud Mining Scams
- 1.1 A Million Ways To Lose Your Bitcoin, Here's the Top 15
- 2 A List of All of the Bitcoin Scams and Crypto Hacks Since the Start of BTC
- 2.1 Bitcoin Scams History and Crypto Hacks Timeline From 2011 to 2019
- 2.1.1 Allinvain Bitcointalk Hack from User’s Compromised Windows Software
- 2.1.2 Mt. Gox Theft Using Auditor’s Compromised Computer
- 2.1.3 Bitomart Exchange Wallet.dat File Deleted
- 2.1.4 MyBitcoin Exchange Hack
- 2.1.5 Bitcoinica Hot Wallet Hack
- 2.1.6 Bitcoin Savings and Trust Ponzi Scheme
- 2.1.7 Bitfloor Exchange Hack
- 2.1.8 Trojan Wallet Hack
- 2.1.9 Vircurex Exchange Hack
- 2.1.10 BitMarket.eu Exit Scam
- 2.1.11 BTCGuild Mining Pool Hack
- 2.1.12 Just Dice Loss
- 2.1.13 GBL Exchange Exit Scam
- 2.1.14 BIPS Payment Services Hack
- 2.1.15 Picostocks Cold Wallet Hack
- 2.1.16 Mt. Gox Halts Trading After Biggest Hack In Crypto History
- 2.1.17 Flexcoin Hot Wallet Hack
- 2.1.18 Cryptsy Exchange Hack
- 2.1.19 Mintpal Exchange Exit Scam
- 2.1.20 Bitstamp Hot Wallet Hack
- 2.1.21 Evolution Marketplace Exit Scam
- 2.1.22 DAO Hack
- 2.1.23 Bitfinex Security Breach
- 2.1.24 Bitcurex Exchange Hack
- 2.1.25 Asian-European Currency Ponzi Scheme
- 2.1.26 Yapizon Exchange Hack
- 2.1.27 Bithumb Hack and Private Info Leak
- 2.1.28 BTC-e Exit Scam
- 2.1.29 QuadrigaCX Contract Error
- 2.1.30 ClassicEtherWallet DNS Hack
- 2.1.31 Parity Wallet Breach
- 2.1.32 Parity Frozen Wallets Bug
- 2.1.33 Tether Treasury Attack
- 2.1.34 YouBit Exchange Hack
- 2.1.35 Exmo Employee Kidnapping
- 2.1.36 AT&T Customer SIM Jacking
- 2.1.37 Bitconnect Pyramid Scheme Pulls An Enormous Exit Scam
- 2.1.38 Coincheck Exchange Hack
- 2.1.39 BTC Global Ponzi Scheme
- 2.1.40 GainBitcoin India Ponzi Scheme
- 2.1.41 Sailesh Bhatt Extortion
- 2.1.42 iFan Ponzi Scheme
- 2.1.43 Bitcoin Gold Hacked for $18 Million
- 2.1.44 Bancor Hack
- 2.1.45 OneCoin Ponzi Scheme
- 2.1.46 Norwegian Man Murdered After Cash-for-Crypto Exchange
- 2.1.47 MapleChange Exit Scam
- 2.1.48 Pure Bit Exit Scam
- 2.1.49 ETC 51% Gate.io Attack
- 2.1.50 Cryptopia Exchange ERC20 Hack
- 2.1.51 LocalBitcoins Phishing Hack
- 2.1.52 QuadrigaCX Declares Bankruptcy After Mysterious Death of Founder
- 2.1.53 Bithumb Inside Job Hack
- 2.1.54 Binance Loses $41 Million In ‘Large Scale’ Hot Wallet Hack
- 2.1 Bitcoin Scams History and Crypto Hacks Timeline From 2011 to 2019
- 3 Best Ways to Securely Protect Crypto Funds and Avoid Bitcoin Scams
- 3.1 Confirm All Websites
- 3.2 Password Storage
- 3.3 Never Click Social Media Links
- 3.4 Update Everything Regularly
- 3.5 Spread Your Crypto
- 3.6 Heirs and Wills
- 3.7 Avoid Public Wi-Fi
- 3.8 ICO Scams or Untrustworthy ICOs
- 3.9 Scammy and Untrustworthy Crypto Exchanges
- 3.10 The Dark Web, Bitcoin Adoption, And The SEC
- 3.11 The Rise And Fall Of The Silk Road
- 3.12 Rising Bitcoin Adoption
- 3.13 Questions Of Regulation
- 4 Bitcoin Scams and Crypto Hacks Conclusion
51% Attacks Against Blockchains
Understanding a 51% attack is easiest when thinking in terms of stock. If a person, or company, buys 51% of a specific stock, they essentially retain controlling decisions on the board of a company. Now Blockchain is so secure that hacking into a chain itself is nearly impossible. But, if a person or group of people acquires the tools necessary (a lot of GPUs) to take up 51% of the “hash rate,” or mining power, within a chain they essentially retain control over the information in the blocks of the chain going forward until their majority is lost. For those of you who do not know, hash rate is the processing power of a Blockchain that is used to process and verify information in each link. Contributing this mining power towards verifying and processing information earns you more coin and is park of what makes it so impossible to hack directly- because each link could have different users responsible for the information and is dependent on the information that has been confirmed around it.
A person or group with 51% control could rewrite information in the links to steal money by double-spending the same coin, think if you bought a candy bar with a dollar and then used that same dollar to buy a water as well, making previous payments disappear but retaining the benefits of it. Bitcoin is unique in that it is now so big it is feasibly impossible for any one group to get that much control over it. This is a much larger risk with smaller cyptocurrencies.
DNS And Website Redirection Hacks
This type of hacking results in a more sophisticated scam. A DNS hack takes control of a website’s server information then makes it redirect the user to their nearly duplicate website or a nearly duplicate wallet. At this point, you unintentionally become tricked into inputting person login information for the hackers to see, or straight out send funds to the fake wallet for them. By the time the team behind a specific ICO or exchange website has realized what is going on, the hackers could have already collected an enormous amount of funds.
Fake exchanges are most easily reached through a simple search such as “bitcoin exchange.” One of the results on the search page could actually be for a fraudulent exchange website that has been set up in the hopes that people would deposit their funds to the address for the purpose of exchanging with other users. This can result in a kind of exit scam where you immediately notice a problem when you do not see your funds and cannot access them or the creators of the fake website disappear with the funding at a later date.
Ponzi schemes or pyramid schemes have been around for a long time, crypto has just given it a new face by which to trick impressionable people into what is essentially a get rich quick scheme. Some are obvious in that they promise high returns right away and make it seem easier than it probably will be but others are more nefarious, presenting themselves as more legitimate business opportunities or use influencers to convince you they are worth taking part in. They can also delve into the world of bitcoin mining, a very new avenue by which to trick people. You pay with bitcoin into a website for crypto mining hash rate, only you make money solely from referring new people to the scheme itself instead of from mining. Like all pyramid schemes, they eventually collapse. These, too, can end in an exit scam.
Fake Crypto Projects And ICOs
Much like fake exchanges, fake projects are created to entice people to deposit their cash in exchange for a coin or token that they never intend to grow and that does not retain any value. ICOs specifically are also rather flat projects, backed by flat companies that wind up being entirely faked. The creators are there solely to get your money and may or may not be trying to convince you of its legitimacy. These frauds can also go hand-in-hand with Ponzi schemes.
Site Clones And Phishing Attacks
There is a trend of fakes on this list and how faking something can sometimes be adapted to accomplish the same end. Hackers can create a website clone, essentially replacing the real thing. This clone with then be directed towards a group in social media or sent out via email to people already a part of the real website, hence the term phishing. It’s just another way for a hacker to trick a person into relinquishing personal information that gives them access to your funds.
Fake Forking Scams
Hard forks in blockchain are few and far between because they are generally the result of mistakes and/or differences of opinion that results in a coin to suddenly take two different paths, causing people to pick sides as in the case of BTC and BTH or ETH and ETC. These hard forks can cause confusion with consumers seeking to claim the new version of the digital currency- and here is where hackers are known to take advantage. They claim users can retrieve their forked coins under fake instructions online, requiring users to upload private keys to malicious addresses so their coins can be drained.
Malware is not a new concept but it is a major one threatening the individual theft of cryptocurrencies, and getting more sophisticated at that. They are designed to sit in your devices until something flags what it was designed to look for. Currently, there is one on the market called Cryptocurrency Clipboard Hijackers that sits in your computer waiting for you to copy and paste a crypto website. This lets the malware know to activate and it replaces the address with a malicious one designed to steal your private keys as soon as you enter them. There are also apps you can download to your phone that have malware inside designed to scan your phone for crypto-related information like crypto apps or private key use and steal that information.
Bitcoin and other digital wallets are pieces of software and no piece of software is infallible. There are hackers who will spend however much time it takes combing through a specific piece of software to find it’s weakness(es) in the code, then exploit them to steal as much as they can from users wallets and sometimes even exchange wallets. The latter can be particularly devastating if an exchange makes the poor choice of keeping all or most of the funds they are housing in a “hot wallet,” a wallet that is on a device that connects to the internet. To add to the confusion, there are also digital currency wallet programs designed specifically to steal your funds. You download it, thinking it will be a safe place to store your coins and tokens, only to have the software drain itself to another wallet address.
Fake Support Team Scams
There are scammers that advertise themselves as exchange support or help for concerns related to an exchange that are as easy as a google search away, when a user might google for help and happen upon a link directing them to fake help. These occurrences are even more prevalent for exchanges that have limited personnel with frustrated users not getting help fast enough. What it results in is talking to someone through live chat or on mic who claims to be the help you are looking for, only for them to steal your information.
Pump and Dump Scams
Users have figured out how to create their own schemes, where a group of crypto traders decide to band together on a platform, buy up a lot of a specific crypto, then hype up the crypto in the community. This causes the pricing to go up and a flood of people to purchase, at which point they sell off what they purchased and reap the rewards of their efforts.
Public Wi-Fi Hacks
If it’s not already a part of your daily life, you should never be using public Wi-Fi to access any of your personal information whatsoever. Not only does this leave you up for attack but sometimes hackers might substitute a different network that looks like the one you are trying to connect to and use it to easily steal your information.
SIM Jacking And Cryptojacking
There is a new type of theft called SIM jacking. This is when a hacker uses your phone number to convince a phone company to send them a new SIM card under your number and essentially steals your phone identity in the process which can give someone access to everything connected to your SIM, including all of your accounts. As unbelievable as this might sound, it has happened and is often done by claiming a phone was stolen and getting information transferred over to a new sim and a new phone. SIM jacking is essentially a mistake made by the support team of your cell phone company.
Social Media Giveaway Scams
Amazingly, people still fall for giveaway scams. They started out in emails but have since adapted to social media. Fake profiles are made that put out social media ads claiming to people that they have cryptocurrency related giveaways, hoping if you follow their steps that you will send them money or relinquish your personal information so they can steal it. Sometimes, they will even hack into real accounts and post the fake links to a real account to give it more legitimacy.
Cloud Mining Scams
Often related to Ponzi schemes, cloud mining was briefly gone over already via bitcoin mining under that section. Essentially, it’s when a scammers promises profits for a payment or monthly payment that gives you a buy in to hash rate being used in mining. The reality is you will never see that money again and neither will anyone else you bring to the pyramid before it eventually collapses.
A List of All of the Bitcoin Scams and Crypto Hacks Since the Start of BTC
Does it need more explanation than that? An unofficial, official list of some of the biggest, most unique, and/or first of its kind hacks and losses of funds in bitcoin/cryptocurrency history.
Bitcoin Scams History and Crypto Hacks Timeline From 2011 to 2019
Allinvain Bitcointalk Hack from User’s Compromised Windows Software
Date: June 13, 2011
Amount Stolen: $502,750 USD / 25,000 BTC
Type: Hack / Theft
The Allinvain Bitcointalk user hack was the first (alleged) recorded theft of bitcoin, occurring June 13, 2011. A Bitcointalk user with a compromised Windows computer had 25,000 BTC, or approx. $500,000, stolen from him. It was also the largest individual bitcoin theft during the early days of the digital currency, with the price of Bitcoin still very much forming. Needless to say, it would be worth significantly more today.
Mt. Gox Theft Using Auditor’s Compromised Computer
Date: June 19, 2011
Amount Stolen: $35,540 USD / 2,000 BTC
Type: Hack of Vulnerable Third Party / Fraudulently Deflated Pricing
On June 19, 2011, Mt. Gox had a major security breach. The hacker allegedly used credentials from the computer of an auditor to steal coins from the exchange, fraudulently selling bitcoin to his own account which inadvertently brought the price down to $.01 per bitcoin. Mt. Gox originally brought in the auditor to verify that they had sufficient bitcoin and cash reserves to cover their holdings. It’s estimated that the hacker was able to make off with 2,000 bitcoins, with another 650 BTC being lost to those who purchased the coin at a deflated price before the security breach was realized. None of the bitcoins were ever recovered and the incident was known as the first hacking breach of a crypto exchange, responsible for the loss of around $35k.
Bitomart Exchange Wallet.dat File Deleted
Date: August 1, 2011
Amount Stolen: $223,890 USD / 17,000 BTC
Type: Update Glitch / Deleted Funds
The Bitomart Exchange performed an August 1, 2011 update that resulted in one of the costliest mistakes in crypto history. The update was using AWS Elastic Cloud when the wallet.dat file server was accidentally deleted, with funds completely disappearing in one night. The over $220,000 in lost user funds were impossible to recover and Bitomart sold its debt to Mt. Gox later that month.
MyBitcoin Exchange Hack
Date: August 8, 2011
Amount Stolen: $1.2 million USD / 154,406 BTC
Type: Hack / Theft
MyBitcoin was known a user-friendly wallet platform catering to crypto newbies with an interest in Bitcoin. Unfortunately, MyBitcoin suffered one of the worst attacks in early bitcoin history, losing 154,406 BTC to a hack. The Bitcoin Show host Bruce Wagner was one notable crypto personality who lost some of the over $1 million.
Bitcoinica Hot Wallet Hack
Date: May 6, 2012
Amount Stolen: $93,481.92 USD / 18,548 BTC
Type: Possible Hacking Theft / Suspected Exit Scam Theft
Bitcoinica announced that their hot wallet had been hacked on May 6, 2012. The exchange told users that they had “discovered a suspicious bitcoin transaction that doesn’t seem to be initiated by any one of the company owners.” However, the hot wallet hack was initially suspected to be linked to Bitcoinica owner A. Vinnik, leading some to suspect it was actually an exit scam disguised as a hack. Nearly $100k was stolen.
Bitcoin Savings and Trust Ponzi Scheme
Date: July 2, 2012
Amount Stolen: $1.002 million USD / 150,000 BTC
Type: Pyramid Scheme / Exit Scam
The Bitcoin Savings and Trust Ponzi scheme was the first pyramid scheme or Ponzi scheme in the world of bitcoin. Operating like an ordinary high yield investment program (HYIP), it promised users enormous returns for investing a small amount today. The scam was run by pirateat40, who described the investment opportunity as a “virtual hedge fund”. On July 2, 2012, the virtual hedge fund suddenly closed, disappearing with a suspected 150,000 BTC (over $1 million). The actual number of lost funds has never been confirmed.
Bitfloor Exchange Hack
Date: September 4, 2012
Amount Stolen: $247,200 USD / 24,000 BTC
Type: Hack of Unencrypted Wallet Key Backup
Bitfloor, an early cryptocurrency exchange, announced that it had been hacked on September 4, 2012, leading to a loss of over $240,000 or 24,000 BTC. The attacker allegedly “gained access to an unencrypted backup of the wallet keys”, although Bitfloor claimed the actual keys were stored in an encrypted area.
Trojan Wallet Hack
Date: November 16, 2012
Amount Stolen: $39,548 USD / 3,457 BTC
Type: Hack / Theft
In 2012, the realization that hackers could build software to steal digital currencies was first conceived and with it, the 2012 Trojan wallet hack and one of the first recorded instances of an ordinary PC Trojan leading to a loss of bitcoins. The Trojan virus was inadvertently installed on users PCs and began looking for private keys and wallet.dat files, stealing them wherever possible. One user on the Bitcointalk forums reported that he lost 2600 BTC during the attack. A total of 3,457 BTC was sent to an anonymous bitcoin wallet address, amounting to a nearly $40,000 loss.
Vircurex Exchange Hack
Date: January 11, 2013
Amount Stolen: $50 million USD total, $23,490.60 USD in bitcoin / 1,666 BTC
Type: Mystery Hack / Theft
Vircurex was a popular early bitcoin exchange and in January 2013, the exchange revealed it had been hacked. “We sadly need to announce that our wallet has been compromised,” Vircurex on January 11, 2013. The hackers targeted the exchange’s massive cash reserves, and Vircurex reportedly lost $50 million during the attack along with 1,666 BTC (worth some $23k). This same exchange also suffered two other hacks later in 2013 but were not officially revealed to the exchange’s customers until 2014. Many users had already withdrawn their funds after the first hack.
BitMarket.eu Exit Scam
Date: February 14, 2013
Amount Stolen: $477,377.67 USD / 18,787 BTC
Type: Fake Hack / Exit Scam
BitMarket.eu was a popular Polish bitcoin exchange operating for two years before losing all funds in a self-proclaimed hacking incident. It was later revealed that the founders had setup a bitcoin hedge fund through Bitcoinica and had actually pulled off an exit scam when Bitcoinica was hacked in May 2012. The BitMarket insolvency wasn’t revealed until February 14, 2013, with the stolen coin worth over $470k on that day.
BTCGuild Mining Pool Hack
Date: March 10, 2013
Amount Stolen: $60,982.02 USD / 1,254 BTC
Type: Glitch / Theft
BTCGuild upgraded its client March 10, 2013, in what was supposed to be a smooth process. While the blockchain was being re-indexed during the upgrade, however, the mining pool paid out BTC for difficulty-1 shares. A total of 16 pool users emptied their hot wallets after the mistake, leading to losses of 1,254 BTC, worth over $60,000 at the time.
Just Dice Loss
Date: July 15, 2013
Amount Stolen: $125,463 USD / 1,300 BTC
Date: Loss of Funds / Mistake
Just Dice was one of the most popular gambling platforms when on July 15, 2013, they announced that it had lost over 1,300 BTC in what is now considered one of the stupidest mistakes. A user asked to withdraw his 1,300 BTC in gambling winnings from the site but there wasn’t 1,300 BTC in their hot wallets. Normally, that would mean an administrator withdraws the amount from the cold wallet but that step was overlooked. This resulted in the player spending the fake balance on the platform and eventually losing it anyways. The mistake resulted in an over 125k loss for the company.
GBL Exchange Exit Scam
Date: October 26, 2013
Amount Stolen: $1.929 million, $11,970,880 at peak / 9,640 BTC
Type: Theft / Exit Scam
GBL Exchange was a popular early bitcoin exchange based in China that wound up being a fraud. On October 28 2007, the founders suddenly shut down the operation, disappearing with all user funds. The hackers chose an ideal time for the hack, as the price of bitcoin peaked at $1,242 a month later, sky-rocketing their coins worth from almost $2 million to nearly $12 million.
BIPS Payment Services Hack
Date: November 15, 2013
Amount Stolen: $559,038.55 USD, $1,608,390 USD at peak / 1,295 BTC
Type: Hack / Theft
Crypto payment platform BIPS was hacked on November 15, 2013, as part of a massive DDoS attack. The platform announced the hack on November 19, claiming that over $1 million had been stolen “despite several layers of protection.” Hackers targeted multiple vulnerabilities within the system, eventually allowing them to gain access to several user wallets. The price of bitcoin on the day of the hack put their initial loss at about $560k, but with the year’s peak two weeks away their loss became $1.6 million.
Picostocks Cold Wallet Hack
Date: November 29, 2013
Amount Stolen: $6.652 million USD / 5,875 BTC
Type: Suspected Insider Hack / Theft
Picostocks had a mysterious hack in November 2013, leading to the loss of around $6 million worth of bitcoin. Picostocks claimed that there were no signs of an intrusion into their systems, and that both of their wallets had been located on different computers. “We suspect that these [wallets] have been copied by people who had access to the system in the past and decrypted,” announced Picostocks on Reddit.
Mt. Gox Halts Trading After Biggest Hack In Crypto History
Date: February 7, 2014
Amount Stolen: $466.59 million USD / 650,000 BTC
Type: Hack / Theft
The Mt. Gox hack was the single greatest BTC loss and largest hack up to this point. Approximately 650,000 BTC was stolen from the exchange cold wallets in multiple hacks throughout 2013, slowly draining them of their funds. When Mt. Gox finally checked on the cold wallets in 2014, they found their exchange was totally insolvent. On February 7, 2014, Mt. Gox announced that it was halting all BTC withdrawals from the exchange, claiming there was a “transaction malleability bug in the core bitcoin software.” Users became suspicious when withdrawals remained halted for two weeks, although trading on the exchange continued and the prices dropped “05 lower than anywhere else as a result. On February 24, 2014, Mt. Gox announced that it was suspending all trading activity and went offline completely and permanently. Eventually, the exchange’s “crisis strategy draft” was leaked, revealing that Mt. Gox was completely insolvent and had lost 744,408 BTC of customer funds. 100,000 BTC was recovered but the damage was done and the case is still in courts in Japan.
Flexcoin Hot Wallet Hack
Date: March 3, 2014
Amount Stolen: $595,365.12 USD / 896 BTC
Type: Hack / Theft
The Flexcoin hot wallet was hacked in 2014, causing the Canada-based crypto wallet platform to entirely shut down. Flexcoin had dubbed itself “the first bitcoin bank” but quickly lost a majority of customer funds a week after reassuring users they had never stored coins with Mt. Gox during their hack. Some customers were lucky enough to have their funds returned to them from the company’s untouched cold wallets. All in all, Flexcoin lost almost 900 of user’s BTC which was worth nearly $600k at the time.
Cryptsy Exchange Hack
Date: July 2014
Amount Stolen: $9 million USD / 13,000 BTC
Type: Mystery Hack / Theft
Cryptsy was the second largest hack of 2014, after Mt. Gox, but they refused to release further details on the hack itself until 2016. Cryptsy claimed the hack was traced to the developer of an altcoin called Lucky7Coin, who was able to exploit vulnerabilities in Cryptsy servers to steal an enormous amount of user funds. Based on the high and low worth of BTC in July 2014, because we do not have an exact date, it’s safe to assume the exchange lost about $9 million.
Mintpal Exchange Exit Scam
Date: October 8, 2014
Amount Stolen: $1.32 million USD / 3,894 BTC
Type: Theft / Exit Scam
A cryptocurrency exchange called Mintpal completed a successful exit scam in 2014, believed to be perpetrated by Moopay and Moolah executive and founder Alex Green (also known as Ryan kennedy) who is seen by the community as “shady.” Alex Green / Ryan Kennedy fled the crypto scene with nearly 3,900 BTC, worth approximately $1.3 million at the time. As a side note, Alex Green/Ryan Kennedy was convicted of rape in the UK in 2016 and is currently serving an 11 year sentence there. It is unknown where the funds currently are.
Bitstamp Hot Wallet Hack
Date: January 4, 2015
Amount Stolen: $5.226 million / 19,000 BTC
Type: Hack / Theft
Popular bitcoin exchange Bitstamp was hacked in late 2014 / early 2015, with Bitstamp announcing the hack on January 4, 2015. Bitstamp initially suspended withdrawals and trading activity, leading some users to believe the exchange was shutting down the way some other exchanges have had to, but it restored ordinary activity a week later. Although it’s unclear if the two were related, they had received a ransom demand of 75 BTC shortly before with Bitstamp saying “we do not negotiate with terrorists.” On the day they announced that hack, the BTC lost was worth a little over $5.2 million.
Evolution Marketplace Exit Scam
Date: March 18, 2015
Amount Stolen: $11.8 million USD / 43,000 BTC
Type: Theft / Exit Scam
The first signs of trouble appeared on Reddit when a user called NSWGreat published a post called, “EVOLUTION EXIT SCAM” in March 2015, claiming to be a moderator for the site and accusing the admins of “preparing to exit scam with all the funds.” Darknet marketplaces disappearing from the internet overnight is nothing new and Evolution Marketplace was yet another marketplace pulling an exit scam, disappearing with over $11 million worth of crypto funds from users. “I am so sorry, but Verto and Kimble have f***ed us all,” explained the user in the Reddit post.
Date: June 17, 2016
Amount Stolen: $76.6 million USD / 3.6 million ETH
Type: Hack / Frozen Funds
The DAO hack is one of the most notorious hacks in the history of the crypto community, changing the trajectory of the world’s second largest digital currency, Ethereum. The DAO was launched as a crowdsourced hedge fund, where users would make collective decisions about where to invest. A hacker later exploited a vulnerability within the code and accidentally froze 3.6 million ETH. The DAO debacle would eventually lead to the creation of ETH and ETC, as the two sides disagreed on how to handle the hack (one Blockchain path chose to go back in time and branch off, the other chose to stay on the same path). The freeze resulted in the loss of at least $76 million.
Bitfinex Security Breach
Date: August 2, 2016
Amount Stolen: $71.24 Million USD / 119,756 BTC
Type: Hack / Theft
A Bitfinex security breach in 2016 led to one of the largest hacks in crypto history with a loss of 119,756 BTC or approx. $72 million. The exchange temporarily suspended trading, deposits, and withdrawals and by August 4, confirmed that it had been robbed while telling Reuters the amount lost from its users accounts. Bitfinex remains operational to this day.
Bitcurex Exchange Hack
Date: October 13, 2016
Amount Stolen: $1.476 million USD / 2,300 BTC
Type: Hack of Vulnerable Third Party
Poland-based crypto exchange Bitcurex was hacked on February 17, 2017, leading to the loss of nearly $1.5 million. It had previously been one of the largest crypto exchanges in Europe, especially for Polish users, processing over $50 million in assets over the course of 2016. On October 28, 2016, Bitcurex confirmed the loss and announced it was shutting down. The problem was traced back to a vulnerable third party performing an automated data collection.
Asian-European Currency Ponzi Scheme
Date: April 24, 2017
Amount Stolen: $680 million
Type: Pyramid Scheme
The Asian-European Currency Ponzi scheme operated under the guise of a legally registered company advertising as a get rich quick scheme using multi-level marketing. The scam victimized 47,000 people total before being shut down. On August 10, 2017, the Hainan City Police Department announced that a man titled, “Suspect Xu” had been arrested for perpetrating the scam, along with a number of other executive members of the company. Law enforcement officials seized 4.6 billion RMB from the scammers, or approximately $680 million USD, making it one of the biggest seizures (and crypto scams) in industry history.
Yapizon Exchange Hack
Date: April 26, 2017
Amount Stolen: $16.741 million USD / 3,831 BTC
Type: Hack / Theft
April 26, 2017 saw South Korean exchange Yapizon announce the latest hack, claiming 3,800 BTC in customer funds had been stolen, and lost over $16 million or the “equivalent to 37.08% of total assets.” Instead of shutting down like other smaller exchanges after a similar-scale hack, Yapizon decided to give customers a “haircut,” spreading the burden of losses across the userbase. They have since rebranded as Youbit, but by December 2017, the platform had declared bankruptcy from a second attack. Regardless, the company still appears to be active today and in mid-2018, they re-emerged in an attempt to begin normal operations in the future.
Bithumb Hack and Private Info Leak
Date: June 29, 2017
Amount Stolen: $31 million USD
Type: Hack of Employee CPU / Theft of Korean Won and Personal Information
On June 29, 2017, Bithumb revealed that a hacker had stolen $31 million worth of Korean Won along with the personally identifiable information of 31,000 Bithumb website users, including their names, mobile phone numbers, and email addresses. At the time, Bithumb was the world’s fourth largest bitcoin exchange and the largest exchange in South Korea. The hack was traced back to a single employee’s compromised PC with many users reporting millions of Won disappearing from their personal accounts overnight.
BTC-e Exit Scam
Date: July 25, 2017
Amount Stolen: $180.956 million USD / 66,000 BTC
Type: Theft / Exit Scam
BTC-e suddenly shut down July 25, 2017, with over 66,000 BTC moved to a wallet believed to be owned by Alexander Vinnik, known as the mastermind behind BTC-e. He would later face 21 charges from a US grand jury related to money laundering, computer hacking, and drug trafficking. BTC-e was one of the world’s largest and most reputable cryptocurrency exchanges of the day. It was later revealed that BTC-e’s reputability was largely based on illicit activity, and 95% of bitcoin transactions from ransomware transactions were cashed out through BTC-e. The BTC was worth just over $180 million on the day it shut down and the whole unfortunate affair is remembered as one of the largest exit scams in industry history.
QuadrigaCX Contract Error
Date: June 2, 2017
Amount Lost: $13.16 million USD / 60,000 ETH
Type: Glitch / Locked Funds
Prior to a now infamous loss in 2019, QuadrigaCX made headlines for a contract error that led to the loss of 60,000 ETH. “Earlier this week, we noticed an irregularity with regards to the sweeping process of incoming Ether to the exchange,” explained QuadrigaCX in their official statement after the issue. The end result was just over $13.1 million was lost while swapping ETH/ETC, with the ETH frozen in that splinter contract permanently. QuadrigaCX later resolved the issue and customers were not penalized.
ClassicEtherWallet DNS Hack
Date: June 2017
Amount Lost: $216,216 to 382,000 USD / 1,001 ETH
Type: Social Engineering
ClassicEtherWallet was compromised in June 2017 using a vulnerability traced back to social engineering: the hacker convinced support staff at the web hosting provider to concede control over the official domain to a different owner, allowing the hacker to gain access to customer wallet. A total of 1,001 ETH was quietly drained from user wallets as they helplessly watched. Based on the month of the attack, the losses were somewhere between $200,000 and $300,000.
Parity Wallet Breach
Date: July 19, 2017
Amount Stolen: $34.29 million / 153,000 ETH
Type: Hack / Theft
The Parity Wallet was breached in July 2017, causing several major ICOs to lose millions of dollars in raised capital. Parity Wallet was trusted to provide safe, effective cryptocurrency storage and certain ICOs had tens of millions of dollars stored with them. Hackers exploited a vulnerability in the Parity Wallet code, a bug in a specific multi-signature contract know as wallet.sol, stealing more than $30 million, or around 153,000 ETH. The hack was originally reported to be as much as 500,000 ETH, but 377,000 ETH was retrieved from vulnerable wallets by white hat hackers.
Parity Frozen Wallets Bug
Date: November 6, 2017
Amount Lost: $150.9 million USD / 513,774 ETH
Type: Glitch / Locked Funds
Months after the first major Parity wallet hack, the team announced a second vulnerability had been discovered. Parity, which was the second most popular Ethereum client at the time, had a devastating security bug affecting any Parity wallet deployed after July 20, using the platform’s multi-signature functionality. The security vulnerability was identified by a developer named devopps199, who reported it on Github and it led to 513,774 ETH being frozen, worth just over $150 million USD at the time.
Tether Treasury Attack
Date: November 21, 2017
Amount Stolen: $30.95 million USD / 31 million USDT
Type: Hack / Theft
Hackers attacked the Tether (USDT) treasury in November 2017, stealing over $30 million in funds from the Tether Treasury wallet and sending it to an unauthorized bitcoin address. Because Tether was in full control of USDT, the company took steps to prevent the attackers from trading that USDT onto broader markets, and blocked attempts to sell USDT to other cryptocurrencies or fiat currencies. Today, Tether continues to hold approximately 30% of the total supply of USDT in its Treasury wallet, although it’s not totally clear what happened to the 31 million USDT that went missing in the November 2017 hack.
YouBit Exchange Hack
Date: December 19, 2017
Amount Stolen: $72.21 million USD / 3,816 BTC
Type: Hack / Theft
After rebranding to YouBit, the exchange was hacked once again in December 2017. It’s unclear if the two attacks were linked, however some reports indicated that North Korean hackers were behind the YouBit exchange attack as well as similar attacks on Bithumb. An estimated 3,816 BTC or $72 million was lost.
Exmo Employee Kidnapping
Date: December 26, 2017
Amount Stolen: $1 million, bitcoin was worth $14,029.13 per coin
Type: Kidnapping / Extortion
On December 26, 2017, 40-year old Exmo bitcoin exchange employee Pavel Lerner was kidnapped while leaving his office in Kiev, Ukraine. Lerner was reportedly dragged into a black Mercedes vehicle by men wearing balaclavas. The kidnappers proceeded to demand a $1 million ransom in bitcoin which was eventually paid and Lerner was released. Ukrainian and Russian media reports indicate that Lerner paid the ransom himself, although it’s unclear if the funds were connected to the Exmo exchange in any way. To this day, there’s limited information about the Lerner case available online, although Lerner and Exmo are both alive and well.
AT&T Customer SIM Jacking
Date: January 7, 2018
Amount Stolen: $23.8 million
Type: SIM Jacking / Social Engineering
One of the worst SIM jacking attacks in crypto history allegedly took place on January 7, 2018, when an American entrepreneur lost $23.8 million in digital tokens. Terpin, the accuser, is now seeking $23.8 million in compensation from AT&T along with $200 million in punitive damages, although AT&T is disputing the allegations. “What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewellery in the safe from the rightful owner,” according to Terpin’s complaint.
Bitconnect Pyramid Scheme Pulls An Enormous Exit Scam
Date: January 16, 2018
Amount Stolen: Unknown
Type: Ponzi Scheme / Exit Scam
Bitconnect was an infamous pyramid scheme targeting gullible members of the bitcoin community. It was promoted by an army of social media influencers who reaped the rewards of being early investors. By January 2018, Bitconnect reached its inevitable conclusion and the value of a single Bitconnect token (BCC) plummeted from $400 to just pennies. Investors who thought they were holding onto token stashes worth millions suddenly found themselves penniless. It was never revealed who was behind Bitconnect and the amount lost is unknown to this day.
Coincheck Exchange Hack
Date: January 26, 2018
Amount Stolen: $505 million USD / 500 million NEM
Type: Hack / Theft
Coincheck crypto exchange platform revealed details of a hack earlier in January on January 26, 2018, explaining that $400 to $530 million worth of NEM tokens had been stolen, making the Coincheck hack the largest hack in crypto history. A total of 500 million NEM tokens went missing during the attack. At the time, Coincheck was one of Japan’s largest cryptocurrency exchanges and NEM was nearing its all-time value high. Withdrawals and some transactions were temporarily frozen. Coincheck received a cryptocurrency exchange license from Japan’s Financial Services Authority this year, indicating it is moving forward with strict regulatory protocols and security systems in place.
BTC Global Ponzi Scheme
Date: March 1, 2018
Amount Stolen: $50 million USD
Type: Ponzi Scheme / Exit Scam
BTC Global followed in the footsteps of obvious crypto Ponzi schemes like RegalCoin and Bitconnect. The scam mostly targeted users in South Africa, and appeared to be run by a mysterious South African currency trader named ‘Steve Twain’. It ran successfully for a few weeks, with users receiving regular pay-outs from Twain’s team, but after attracting $50 million in investments, the self-described ‘master trader’ Steve Twain disappeared from the internet. As of 2019, South African police are still investigating the BTC Global crypto scam.
GainBitcoin India Ponzi Scheme
Date: April 8, 2018
Amount Stolen: $300 million USD
Type: Exit Scam / Pyramid Scheme
GainBitcoin was a pyramid scheme targeted towards gullible crypto traders in South Asia where the founders successfully disappeared with $300 million, making it one of the most profitable exit scams in industry history. Unfortunately for GainBitcoin and its team, they would eventually be identified and arrested in November 2018. The case continues to make its way through courts in India after the founders were arrested at airports while attempting to travel abroad.
Sailesh Bhatt Extortion
Date: April 10, 2018
Amount Stolen: $1.38 million USD / 200 BTC
Type: Abduction / Extortion
A businessman in India named Sailesh Bhatt was allegedly the victim of extortion by local police on February 9, 2018, according to a report filed with different police on April 10, 2018. He claims 10 officers, including a superintendent of police and an inspector, held him captive until he sent 200 BTC (worth over $1 million at the time) to his former business partner. “They beat me up inside a room and threatened to kill me in a fake encounter if I did not have over my bitcoins,” explained Sailesh Bhatt in his statement. To this day, the course continues to make its way through the system, and it’s unclear what really happened to Sailesh Bhatt.
iFan Ponzi Scheme
Date: April 12, 2018
Amount Stolen: $650 million USD
Type: Pyramid Scheme / Exit Scam
iFan was yet another Ponzi scheme run by a company called Modern Tech which guaranteed pay-outs of 48% per month within a four month period. Investors needed to recruit people to the scheme to get paid but iFan started paying users in a value-less digital currency while requiring larger and larger deposits. It was enormously successful and eventually brought the total loss to VND 15 trillion ($650 million USD), largely from Vietnamese investors. Investors are still seeking retribution against the company.
Bitcoin Gold Hacked for $18 Million
Date: May 24, 2018
Amount Stolen: $18 million USD
Type: Hack / 51% attack
Bitcoin Gold experienced a second major attack in its young history in May 2018, when hackers used an enormous amount of hash power to launch a 51% attack on the network, allowing them to double spend Bitcoin Gold and steal $18 million. The coin is still an active project but major crypto exchanges like Bittrex decided to de-list Bitcoin Gold after this security incident. It’s still in the top 30 cryptocurrencies by market cap as of March 2019.
Date: July 9, 2018
Amount Stolen: $23.5 million USD
Type: Hack / Theft ICO
Israel and Switzerland-based crypto giant Bancor offers a decentralized exchange platform and raised over $150 million in an ICO in 2017. They then admitted on July 10, 2018, that “a wallet used to upgrade some smart contracts was compromised,” allowing hackers to disappear with $12.5 million in Ether, $1 million in Pundi X’s NPXS tokens, and $10 million in Bancor’s BNT tokens. The exchange was taken offline temporarily to investigate the incident but remains active to this day.
OneCoin Ponzi Scheme
Date: September 5, 2018
Amount Stolen: $400 million USD
Type: Theft / Exit Scam
Multilevel marketing company OneCoin lured gullible investors into depositing money into the scheme which the founders then laundered through several shell companies worldwide. An American scam artist named Mark Scott was officially indicted by a grand jury in August 2018, then arrested on September 5. Scott allegedly used some of the more the suspected $400 million stolen to purchase a massive mansion for himself and his family in Massachusetts.
Norwegian Man Murdered After Cash-for-Crypto Exchange
Date: October 18, 2018
Amount Stolen: Unknown
Type: Theft / Murder
On October 18, 2018, police in Oslo announced that a 24-year old Norwegian man had been murdered in his apartment after an apparent cash-for-crypto exchange went wrong. Norwegian police traced the crime to a 20-year old Swedish citizen named Makaveli Lindén, who was on the run from Interpol after the incident. Initial reports were wrong, however, and police later revealed that Lindén climbed into the victim’s bedroom through a window later that same night where the victim was stabbed 20 times after a fight. It’s not clear if the robber even knew about the victim’s bitcoin holdings, but it’s believed that the robber discovered the victim’s crypto holdings while conducting a P2P transaction earlier in the day. Makaveli Lindén was arrested in France a few days later.
MapleChange Exit Scam
Date: October 28, 2018
Amount Stolen: $5.9 million USD / 913 BTC
Type: Theft / Exit Scam
The MapleChange team initially announced they had lost 913 BTC in a hack, closing soon after, claiming they were “in the process of a thorough investigation” and that “until the investigation is over, we cannot refund anything.” Today, it’s all but confirmed that MapleChange was an exit scam. Latest information indicates two Romanian brothers were involved and it may never have had anything to do with Canada. Users who lost money in the exit scam have rallied around a Twitter account called MapleChange’d in an attempt to bring the founders to justice but have received no compensation for their losses.
Pure Bit Exit Scam
Date: November 13, 2018
Amount Stolen: $2.653 million USD / 13,000 ETH
Type: Exit Scam / Refund
On November 4, a crypto start up called Pure Bit launched its ICO but on November 13, Pure Bit suddenly disappeared from the internet with 13,000 in ETH worth just over $2.6 million. Authorities were alerted but Pure Bit remerged a week later, releasing a statement claiming that the CEO was “blinded by money” and made an “unforgivable mistake,” with victims receiving a full refund. It’s unclear if Pure Bit and its CEO had a genuine change of conscience, or if South Korean law enforcement was involved but it is now known that Pure Bit was started by a group of scammers.
ETC 51% Gate.io Attack
Date: January 7, 2019
Amount Stolen: $212,400 USD / 40,000 ETC
Type: Hack / Theft
Gate.io’s censor successfully blocked some transactions from a 51% attack on January 7, 2019 on th Ethereum Classic (ETC) network. Some still got through and ultimately, the hacker disappeared with 40,000 ETC, worth over $200k at the time.
Cryptopia Exchange ERC20 Hack
Date: January 15, 2019
Amount Stolen: $16 million USD
Type: Hack / Theft
Crypto exchange Cryptopia was hacked on January 15, 2019. Based on the nature of the attack, it was assumed that the thieves gained access to 76,000 private keys, using them to extract a total of $16 million in ERC20 tokens from users. The New Zealand-based exchange remained shut down well into March 2019 due to the devastating hack. Cryptopia has since resumed its operation and transitioned 24% of all wallets to new, more secure servers.
LocalBitcoins Phishing Hack
Date: January 26, 2019
Amount Stolen: $28,755.52 USD / 8 BTC
Type: Hack / Phishing
On January 26, 2019, LocalBitcoins lost 8 BTC to a hacker, despite a stellar reputation up until that point. Users claimed they were redirected to a login page where they were asked to enter their credentials, all of which were sent to the hacker. After the breach, LocalBitcoins temporarily disabled access to its forums. It’s possible that more than 8 BTC worth over $28k at the time when a user came forward claiming the loss.
QuadrigaCX Declares Bankruptcy After Mysterious Death of Founder
Date: February 1, 2019
Amount Stolen: $140M ~ $200 million USD
Type: Locked Funds / Lost Private Keys
On February 1, 2019, the Canadian crypto QuadrigaCX exchange filed for creditor protection because it was no longer able to access funds. The death of QuadrigaCX founder Gerry Cotten on December 9th caused the liquidity issue as he was reportedly the only person able to access $145 million in digital assets stored by the exchange, with the only known private keys. QuadrigaCX reportedly owes nearly $200 million to its users, with only $286k left. Cotton’s wife claims no knowledge of the private keys or their location, and cybersecurity experts have been unable to break into Cotton’s computer. This loss has led to conspiracy theorists claiming Cotten actually faked his death on Reddit, but Gerald Cotten officially died from complications related to Crohn’s Disease while traveling in India at just 30 years old. Quadriga’s wallets have not moved funds, making the faked death exit scam theory a little silly. Those funds can be seen but may never be recovered again.
Bithumb Inside Job Hack
Date: March 30, 2019
Amount Stolen: $19 million USD / EOS $13.26 and XRP $6.3
Type: Hack / Theorized Inside Job
In late March 2019, Bithumb announced that it had lost 3.07 million EOS (worth about $13 million), but later announced on April 1st that an additional 20.2 million of XRP (worth $6.2 million) was also stolen. Bithumb claimed their security team had spotted an “abnormal withdrawal” on Friday, March 29th which was followed by a suspension of withdrawals and deposits while an investigation was underway. Luckily, the stolen crypto was “owned by the company” and customer funds were safe in a cold wallet. The authorities were notified as a part of their standards and it is believed the funds were already laundered, making any recovery unlikely. Claims of an “inside job” quickly surfaced, but how a single employee would be able to hack and steal $19 million is unknown.
Binance Loses $41 Million In ‘Large Scale’ Hot Wallet Hack
Date: May 7, 2019
Amount Stolen: $41.27 Million USD / 7,040 BTC
Type: Hack / Vague Details
Hackers withdrew 7,040 BTC from Binance’s hot wallet May 7, 2019. Binance is notoriously non-transparent but claims the hackers “used a variety of techniques, including phishing, viruses and other attacks” to attack the exchange and were “able to obtain a large number of user API keys, 2FA codes, and potentially other info” (according to an official press release). Although the information given has been extremely vague, the lost funds account for only about 2% of the exchange’s current BTC holdings, and all other wallets were left secure and unharmed. Withdrawals and deposits were temporarily suspended and all lost crypto is being covered by Binance emergency funds.
Source for Bitcoin Scams/Hacks History guide owes a special thanks to Crypto Theft Incidents Timeline by Kyle G. and the tremendous amount of aggreagated research and curated effort into connecting the dots in the early days of Bitcoin.
A majority of the numbers on loss amounts were calculated using the following pricing indexes in order to give the most accurate, to date, information available (and always in the U.S. Dollar). This left some to deviate slightly from claimed losses in articles or the source list:
- Bitcoin (BTC)
- Ethereum (ETH)
- Stellar (XLM)
- NEM (XEM)
- Ethereum Classic (ETC)
- Tether (USDT)
Now that we have reviewed the most known methods hackers and scammers use to siphon bitcoin from users, covered the entire history of bitcoin scams and hacks, let's round out this mega-masterpiece in mind with the top ways to add protective practices into securing digital assets and virtual currencies.
Best Ways to Securely Protect Crypto Funds and Avoid Bitcoin Scams
Security is a top priority for any funds, but with normal money there is very little you have to go out of your way for to protect your day-to-day cash – or at least you are so used to what it takes that you don’t even think about most of it anymore. Cryptocurrencies are very new, though, and they require more planning and learning to make something new become habit. So here is a little self-help guide, the means by which to make it happen. Here you can learn how to identify potential threats, choose the right security for your needs, and avoid possibly common missteps in your choice making along the way.
The Right Crypto Service and Exchange
Only use reputable crypto exchanges with strong reputations to store your crypto in. Never long term store any crypto you’re not willing to lose.
Confirm All Websites
Phishing attacks are incredibly sophisticated at times. Hackers can re-imagine entire major exchange websites to convince you they are who they say they are and gain access to your private email to send you the link in an otherwise legitimate looking email. Once you click that link or “sign in” on a fake site, you may have just lost access to all your private cryptocurrency information. This may sound scary and overwhelming but the advice is simple: always check the bottom of a web page for stamps of legitimacy, always make sure you have typed in a website fully and accurately, and never click a link on an email from an unknown address.
There are such a thing as “password managers,” companies that handle the keeping and safety of your password. Cryptocurrency passwords tend to be long, complicated, and difficult to remember. There are many companies that offer the service of password storage, shop around and take your time picking one- but if you are in a bind and need a name, LastPass is a great option. No matter what, do not store your password on your computer.
On the Subject Of Passwords
A good password is always defense number one in cyber security of any kind. So here are some pointers everyone should know on making a good, sound password:
- Avoid personally defining subjects and words. Now this includes, but is not limited to, family names, addresses, birthdays, pet names, favorite books or movies, or personal information of any kind. You are not that big of a mystery and someone can figure it out.
- Common patterns and sequences such as ‘12345’ or capitalizing every other letter, or using something even more mundane like “password” as your password.
- Dictionary words of any kind should not be used. They are too easy for hackers to figure out by running programs written to figure out passwords. Words are too recognizable.
- Special characters like are highly recommended (think £, #, @, etc), as are random capitalization, random numbers, and believe it or not- spaces.
- Always avoid repeated numbers and letters, especially in a pattern.
- Misspelled words (if you use a word at all) and long passwords are the way to go.
- Make sure all passwords are unique for every account you have. If a hacker cracks one and they are all the same, they could potentially have access to everything under your name from bank accounts to email addresses.
Never Click Social Media Links
Social media is the perfect place for hackers to tweet or post links or send direct messages to you with link in it that lead to malicious websites. Pretty much anything claiming to have a special deal or something free can be assumed to be untrustworthy. Very few things in life are free, if it sounds too good to be true then it probably is.
Update Everything Regularly
Most of us avoid updating software on our phones and computers like the plague. However, these updates often contain important code changes or additions that continue to protect your electronics. The updates are important, stop avoiding them.
Spread Your Crypto
In line with picking a good crypto exchange, it’s also a good idea to spread your crypto currency around to different locations, especially if you plan on making investments into digital coins a regular occurrence. If your eggs are in different baskets, and one of them gets stolen- most of your crypto is still safe.
Heirs and Wills
Normally, you stick with the tell no one rule when it comes to your private crypto info. There have been instances of crypto being permanently lost when someone unexpectedly dies, however, so it is a safe bet to include the private keys in your will or to somehow share how to access them with your heir.
Avoid Public Wi-Fi
As has already been stated, public Wi-Fi can easily become a trap where you give access to a third-party – whether by a hack through the public network itself or by creating a fake public network that looks like the real one. A standard rule to live by is to never access anything personal using public Wi-Fi, not even once, not even your email.
ICO Scams or Untrustworthy ICOs
This is one of the big ones. Avoiding scams are an important of investment of any kind, so here are some dos and don’ts of ICOs:
- Open Cap and Hard Cap- the difference is important. A hard cap is when a limit is set on the amount of tokens created in an ICO. You will want to avoid ICOs with an unlimited cap.
- Code Repositories- ICOs with legitimacy will use online platforms like Github to publish the code they already have. If the ICO you are interested in refuses to share their core or repository, it’s a signed that they aren’t developing a real project.
- Development Team- Always research the development team. You’ll want to see people with experience and accomplishments within their profession and a history of bringing projects to fruition. If the team information appears fake, it probably is. If the team is unqualified, or worse, if all of the leadership is unqualified then it’s not a good choice. It is also a massive red flag if they do not share any information about the team at all.
- White Papers- these detail future team goals with specific timelines, features, project goals, and more. If the Whitepaper does not exist, is poorly written, copied, or incomplete, then it’s a sign the project is at least fraudulent and at worst incompetent.
- Roadmap- serving as an explanation on when the ICO plans to meet goals, a lack of a clear roadmap with attainable goals is also a red flag.
- Blockchain Tech- are they actually incorporating any Blockchain at all? Distributing tokens not based on Blockchain and not seeming to have any interest in it at all is a sign of a company that is all hype and no substance.
- Token Distribution- the public receives token distribution in an ICO but if they vary widely between projects, it may be a sign that they plan on keeping 50% or more of the tokens for the team. This is an indication that the team is trying to pull off an exit scam. Verify their distribution plans before investing into any ICO.
- Community Involvement- Blockchain and crypto spaces are built on and known for collaboration. Be on the look-out for ICO projects with community backing and support within the Blockchain world. Those without or lacking in this may have something to hide.
- Reviews and Online Talk- it may seem intuitive to check the reviews of anything that is a big or important purchase but what you may not know is to watch for online talk as well. Even a simple google search can sometimes warn you about what is going on and the experiences of other people with any given ICO project. Never just invest in anything because someone tells you to without doing your own research first.
- Plagiarism- as part of doing your own research, many ICO projects are actually using plagiarized information. For example, you might realize the team photos were copied from another website or that their white paper is a copy of another company’s whitepaper.
If you follow these really basic rules about investing in ICOs, you should be able to avoid almost any risk of scam whatsoever.
Scammy and Untrustworthy Crypto Exchanges
Like with ICOs, it’s important to know how to pick safe crypto exchanges. Below are some tips for just that:
- Transparency- when exchanges are scams, they have very limited transparency in their operations. If they refuse to disclose operations, lack a way to contact them, and you cannot figure out where they are based or came from, it’s the safer bet to avoid them.
- Anonymity- In line with transparency, but important enough to be reiterated as a separate point, if team members or management are anonymous, this is not the exchange you want to be a part of- period.
- Banking Partners- even legitimate crypto exchanges struggle with finding banking partners, resulting in some sleazy bank partnerships. It’s important to look into them but it’s even more important that the exchange you choose has partnerships at all.
- Contact Us- Bad crypto exchanges have limited communication and contacts options, this is a red flag. Watch out for companies only offering a simple form where you fill out information to contact them, this is a sign that they do not want to be contacted or have no intention of reading these forms.
- Plagiarism- just like with ICO’s, you want to make sure the project info on the website and the whitepaper is not just a copy of another exchange’s. It usually takes a simple google search.
- Maintenance Downtime- to prevent users from making a run with their funds, most scam exchanges shut down slowly, in phases. You’ll want to watch out for signs of this when you are in an exchange. Maintenance is a normal part of upgrades and maintaining safety but withdrawals being temporarily suspended or long maintenance down times are a problem. If the exchange you’re looking at has had frequent down times, this is an indication there will be future problems like an exit scam or that they were never that safe from hacking to begin with.
Not all exchanges operate as scams and they can be more difficult to spot then a faulty ICO, but exchanges with one or more of the above problems can pretty much be put on the do not entire list.
The Dark Web, Bitcoin Adoption, And The SEC
Considering the amount that has been written on the subject, it is no secret by now that Bitcoin’s history is rife with illegal activity. Really that’s true of any cryptocurrency- they are being used to pay for illegal things on the dark web or to launder money.
What’s really important to know about its relevance is that cash is still the main source of money for illegal activity worldwide and Bitcoin’s beginnings as a pathway for illegal means is part of why cryptocurrency has gotten to where it is today. Let me explain that latter point.
The Rise And Fall Of The Silk Road
Back in 2011, Bitcoin could be used to pay for very, very few things. It was more a gimmick than anything else and each coin was worth pennies on the American dollar at most. Then came the launch of the Silk Road in February 2011.
The Silk Road operated on something called the darknet as the first modern day darknet market. For those of you who are not already aware, the darknet is an internet access point operating outside of the mainstream, without regulation, and where all sorts of illegal activity takes place. Its initial purpose was as a means of communication between government military and spy factions on channels the rest of us wouldn’t be able to reach. Think a separate internet highway, only darker and scarier. If our internet is the tip of the iceberg, this internet is everything beneath the water.
On this new darkent market, you could buy and sell drugs, illegal porn, or even hire a hitman. Bitcoin offered an enormously secure, fast, and easy way to transfer money that leaves no paper trail, does not involve personal information, has no regulatory interference of any kind, could not be censored or shut down by governments, whose transitions are irreversible once completed, and would not require meeting in person like cash does. You can see the appeal.
In a coup for the FBI, the Silk Road was shut down in February 2013 and its owner and founder, Ross William Ulbricht, had been arrested. The FBI seized the remaining bitcoin in the exchange and proceeded to auction it off in 2014.
Rising Bitcoin Adoption
While it’s obvious that the Silk Road hurt the reputation of bitcoin, it had the simultaneous effect of increasing its adoption across the board. So much illegal activity had been paid for using it that the value began to increase with the use of the darknet market.
The FBI auctioning off the over 26,000 BTC became a crucial turning point, despite it dropping the value even further than the original Silk Road bust, because that is when a Silicon Valley venture capitalist by the name of Tim Draper came into the picture.
Draper bought up a large portion of the auctioned bitcoin, later lending it to a bitcoin start up in the Bay Area. Thus began the realization that a decentralized currency could have uses other than illegality- its main draw being its censorship-resistance within all countries. The tech world is nothing if not tied with ideas of anarchy, anti-censorship, and/or a lack of government control.
In many ways, none of this would have happened if Bitcoin had not first been adopted by the rise of an illegal darknet marketplace.
Questions Of Regulation
A lack of government clarity on regulations is actually a huge issue for cryptocurrencies. It’s confusing for start-ups, worrisome for old-guard venture capitalists, and it scares off some people from buying into cryptocurrency. While its lack of regulation is what originally gave it its appeal, it would only be able to garner mass adoption with regulations.
Regulations do not just give something structure that everyone is required to follow for no reason, it also gives a market or product protections from theft and the people who partake in it protections. This, when done well, can foster mass popular growth, encourage new business, while also preventing future scams like the ones found on this list while holding people to a legal standard more easily when they do scam you.
However, the SEC has been lacklustre on Bitcoin and other cryptocurrencies because it is unclear whether to label them a security or a currency. It’s been a struggle for countries all over the world.
The Securities and Exchange Commission or SEC has been charged with regulating and caring about the exchange of securities. Bitcoin has never been formally declared a security and as they are not formally declared a currency either, they technically fall outside the jurisdiction of any agency handling either.
Better regulation comes down to these 4 considerations:
- Is Bitcoin Money? Sure, it’s designed as a currency but it has properties not fitting with other, more traditional fiat currencies. Currently, regulators continue to say it’s either a money or not a money.
- Cryptos- are they commodities or securities? Some cryptos function as securities but the SEC treats all of them as commodities. For example, XRP is a coin with a value tied to the company it comes from- Ripple. That essentially makes it like a stock or security. This means regulators will have to either put them all into one grouping with a new definition despite their differences or take the time to identify each one separately, by the original definitions of what makes something a security or a commodity.
- In what jurisdiction should its regulation lie? As a continuation of the previous one, until it’s decided if they are commodities, securities, or some in each category, it will remain unclear who is legally able or obligated to regulate them: CFTC for commodities or SEC for securities.
- Who is the responsible party for a crypto? Because many cryptocurrencies are decentralized, they aren’t really controlled by one organization or authority. This translates to many having no single person or power that can be charged or prosecuted in the event of illegal action. For example, Satoshi Nakamoto is the creator of Bitcoin but no one even knows who he is.
When those things can be addressed, only then can there be enough regulation to make it the average safe market. But as we have already gone over, that doesn’t make the market not worth investing in as long as you’re willing to follow some steps to help protect yourself like you would in any other investment case.
Bitcoin Scams and Crypto Hacks Conclusion
Bitcoin now has over 18 million of the 21 total million BTC that will be minted until the last one is issued in 2140, nearly 120 years away and 30 some mining halvings away.
As of April 2019, industry analysts estimated 4-6 million coins having been stolen, lost or forgotten about at some point. This is a startling 20-35% of its total circulating supply. 2018 alone saw a near $1.7 billion worth being stolen as scams were on the rise and these were only the major reported ones in the media. This didn’t deter growth, however, as daily consumers bought into cryptocurrency and tokens at an all-time high, even despite 2017’s massive dive in net value across all coins but especially Bitcoin. When the price of Bitcoin in USD exchange rate value goes up, hackers and schemers are much more prone to seeking all of the vulnerabilities exposed above.
While it is important to remember that even the best cryptocurrency exchanges are not the ideal way to store large amounts of funds all at once, that doesn’t mean everything is inherently unsafe all the time or that you cannot ever use exchanges for their intended purpose. But having a minor dose of paranoia when it comes to opening a bitcoin wallet and storing your cryptocurrency funds safely, it is best to see the history of hacks and scams associated with bitcoin and apply the strategies and awareness mentions above and you will be a smarter, better user moving forward.
With education, knowledge and these tools at your disposal combined with an awareness of what is happening in the current market trends, you can ensure your funds are as a safe as possible at all times – even if the value of Bitcoin goes up and your cryptocurrency investment ROI increases, making it all the more important and significant to safely apply all of the best practices to your storage tactics.
We will regularly be updating this list throughout the year, including adding new malware scripts by name to be concerned about, following up on SIM swapping cases, and any next generation crypto scam tactics used to steal your funds or put your financial wealth in jeopardy.
This chronological list of bitcoin theft and cryptocurrency losses was painstakingly compiled for the end-consumer, you, to be the aware of the threats out there and how to be smart about using bitcoin to store wealth, spend and save. Between the aforementioned hawk and eagle birds flying above, hopefully you can now navigate this bitcoin-dominate blockchain-based financial system with eyes wide open. We encourage you to check back with us at least quarterly for any additions bitcoin scam/hack entries that will serve as a guide going forward.