Blockchain is widely considered an advanced technology which can hardly be compromised. But there are lots of stories of hackers stealing millions because of blockchain bugs. How secure is blockchain anyway?
While it might be true that blockchain can’t be easily hacked or compromised, even people who are very far from crypto have surely heard of its security issues.
For example, things like 51% Attack problem. Someone controlling 51% of the validating nodes could in theory break into existing blockchain structure and validate some malicious actions. Wait, that’s not only theory, because some of the popular cryptos have already suffered from this kind of attack.
Surely it will be too expensive for somebody to get the biggest share of the Bitcoin or Ethereum networks.
But knowing such dangers exist, one can hardly say blockchain is perfectly safe.
Some recent news adds cause for concern about how secure blockchain is.
According to the findings by the Atlas VPN team, blockchain hackers stole around $682 million in 72 different attacks only in Q1 2022. Solana and Binance Smart Chain ecosystems hacks provided the most losses.
Interestingly though that NFTs were the top target for cybercriminals, who stole nearly $49 million with collectibles during at least 20 hacks.
“Most blockchain-related hacks happen because cybercriminals exploit flaws in the project code,” the Atlas VPN report says. “A successful hack could cause significant losses to the creators and investors of the crypto platform”.
Taking this data into account, cryptolife.report wants to remind you of some of the biggest blockchain hacks to date. Let’s see how secure blockchain is anyway.
Wormhole, February 2022
The recent DeFi platform hack was more than confusing for the crypto community. And yes, blockchain security flaws were the main reason for this hack.
Wormhole is the cross-chain bridge between Solana and other DeFi-platforms. It allows users to deposit different types of crypto for creating digital assets in other types of crypto. Hackers knew the system well and created a fake transaction on 120 000 wETH ($325 million at the time of the theft) without inputting an equivalent amount of assets.
Fraudsters then exchanged stolen money for around $250 million in Ethereum and sent it to their accounts. Forbes wrote that the attack caused Solana’s crypto price a 10% drop.
Because of the Wormhole’s cross-chain structure, the hack made a huge deficit between the amounts of wETH and regular ETH in the system.
The team said they are about to add stolen funds to fill the gap of $325 collateral assets.
Ronin Network, March 2022
You must’ve heard about the recent Ronin Network hack, which became the second-largest crypto hack in history. This platform is powering the popular mobile game and NFT metaverse Axie Infinity.
Owned by Vietnamese company Sky Mavis, Ronin Network said the hack started in November 2021. And the main reason for the attack is the ‘unsustainable size’ of Axie Infinity users.
“We’ve seen so many hacks and exploits caused by – to be blunt – frank carelessness and lack of concern for the safety of people’s funds,” economist and author Frances Coppola explained.
In general Ronin, Network lost nearly $615 million of its users’ money. That’s how secure blockchain is, if you wondered!
It’s still unclear whether users will have guarantees to return their assets. Some of them lost from a few hundred to a few thousand dollars.
Poly Network, August 2021
Polish DeFi platform hack was considered the biggest crypto fraud in history for quite a long time.
Hackers found flaws in the smart-contract system of the platform and succeeded to steal $267 million in Ethereum, $252 million in Binance coins, $85 million in USDC tokens.
Stolen crypto was sent to the three different wallets. But neither the Poly Network nor Binance exchange couldn’t trace the money.
The platform demanded hackers return assets and claimed that stolen money belongs to ‘tens of thousands of crypto users’. All of it was in vain, of course.
Coincheck, January 2018
This story tells us about the so-called ‘hot wallets’ level of security.
As you know, hot wallets are digital folders for storing assets online, and cold wallets are their hardware analog.
So back in 2018 thieves attacked one of the hot wallets on Tokyo-based exchange Coincheck and withdrew $500 million in digital tokens.
Stolen NEM coins were sent to 11 addresses and Coincheck didn’t disclose how their system was breached. The exchange speakers only said it wasn’t an ‘inside job’.
The fact that at the time of the hack Coincheck lacked some essential safety measures such as multi-signature security tells a lot.
Mt.Gox, February 2014
This is one of the first big crypto hack stories. You should know that in 2013 almost half of all Bitcoin transactions were made on the Mt.Gox platform.
The year later attack led to the loss of over 800 000 BTC and left thousands of creditors with empty pockets.
At that time one BTC was trading for around $320.
“A bug in the bitcoin software makes it possible for someone to use the bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur,” the company issued.
Recently the exchange’s former CEO Mark Karpeles said Mt.Gox users will likely receive some of their lost Bitcoins. According to him, the Japanese trustee in charge of the BTC will begin the distribution of the remaining assets to creditors.
Karpeles also announced NFTs that will give former Mt. Gox users lifetime access to his new company service for free. This company – UNGOX – is to become a rating agency for exchanges worldwide.