The main reason as to why you shouldn’t leave your crypto coins stored on an exchange is because the exchanges can be hacked.
I hear people saying ”Oh well that wont happen to me”, have a look below at the list of Exchanges that got hacked in the past and how.
Hacked on: 19 June 2011 & 7 February 2014
Hacked amount: 2609 BTC | 750.00 BTC
Mt.Gox was a Japanese based exchange that had been online since early 2010. They were one of the first Bitcoin exchanges and quickly grew into being one of the biggest at the time.
June 2011, hackers get ahold of the credentials of an auditor working with Mt.Gox. The hackers use this as a way into the ‘’backstage’’ of the exchange, transferring a total of 2609 BTC to an anonymous bitcoin address. There was nothing that Mt.Gox could do to retrieve these stolen BTC, which led to a temporary suspension of operations that lasted a few days.
However, Mt.Gox was able to fix the flaw in their security and managed to regain their clients trust. They survived.
February 2014, Mt.Gox grew exponential over the past few years and was now handling around 70% of BTC transaction in the world. Hackers managed to discover a bug in the Mt.Gox Bitcoin transfer software making it seem like the sending of Bitcoin did not happen. This flaw could be abused by sending BTC again and again. This way of ‘’stealing’’ Bitcoins of Mt.Gox went undetected for years resulting in a total lost amount of 744,408 BTC or around $350 million.
Shortly after the news report was released that stated the stolen Bitcoins, the value of BTC declined by 36%.
Unfortunately, none of the clients got their BTC returned and Mt.Gox declared bankruptcy.
Hacked on: 2 August 2016
Hacked amount: 120.000 BTC
The Bitfinex BTC hack is the second biggest hack in history to date, after Mt. Gox. The total value of the stolen Bitcoins was estimated, at the time, at 72 million USD.
A hacker managed to infiltrate a vulnerability in the architecture of the multi-signature process of Bitfinex’s wallets. Leading to the possibility to transfer the 120.000 BTC from client wallets.
In response to the hack, Bitfinex issued the affected clients ‘’BFX Tokens’’ free of charge, which could be redeemed for USD. They also published a 5% reward of all the stolen BTC to the person who could provide information that would lead to the arrest of the hacker(s).
Concluding, most of the affected clients were refunded in the end by the use of the BFX tokens. Bitfinex was able to re-establish confidence and is currently still in operation while trading one of the largest daily volumes of BTC/USD.
Hacked on: 5 September 2012
Hacked amount: 24.000 BTC
BitFloor, the fourth largest exchange dealing in USD and Bitcoins, announced on the 5th of September 2012 that they had been hacked. The hacker managed to break into the internal servers of the exchange and was able to view the backup files of user’s wallet keys. Unfortunately, these keys were not encrypted making it very easy to gain access the actual wallets/accounts of clients and transfer Bitcoins.
Roman Shtylman, the founder of BitFloor, released the following statement:
‘’Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys are stored in an encrypted area). Using these keys, they were able to transfer a total amount of 24.000 BTC. This attack took the vast majority of the coins BitFloor was holding on hand.’’
BitFloor made a total of 2 major mistakes which led to the loss of such a large amount of BTC.
- A few days before the actual hack, Roman Shtylman created an unencrypted backup of the private keys of users in order to facilitate an upgrade to the BitFloor system. He stored this unencrypted data on his computer making it easy for hackers to find and abuse it.
- The fact that BitFloor left a majority of their BTCs in a ‘’hot wallet’’ was the other severe mistake. Had either of these actions been prevented, the loss would be significant less.
Although BitFloor claimed that they would pay back all their affected clients, the bank that they worked together with decided to forfeit the partnership. Leaving clients without a refund to this day.
BitFloor shut down the following year as they were unable to deal with the aftermath of the hack and loss of trust amongst clients.
Hacked on: 4 March 2014
Hacked amount: Estimated 12.3% of all its BTC | ~97 BTC
March 2014, Poloniex is one of the biggest and busiest Bitcoin & Altcoin exchanges. In the early morning hours, a hacker discovered a weakness in the Poloniex withdrawal code and transferred 12.3% of the total BTC to his own wallet.
Tristan D’Agosta, owner of Poloniex, released the following statement:
‘’The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.’’
After the hack, Poloniex froze all operations for a while until the faulty code was fixed. They also issued a statement saying that all the stolen funds would be refunded. The solution to refunding the affected clients was to decrease all clients’ funds by 12.3%. This ensured that the losses were covered, and the community paid as a whole. The community received this solution with a, mostly, positive response.
Poloniex eventually did pay back all its affected customers with what would have been their profit for the coming month(s) and is still in working operation today.