June 25, 2024

What lessons did the largest hacks of bitcoin exchanges teach the crypto community

When crypto exchanges are hacked and large sums are stolen, news travels quite quickly.However, the main message of this news is usually extremely negative and the emphasis is often placed only on the stolen amount of funds. However, the deeper consequences of such shocks are rarely investigated.

ForkLog Magazine Offers Readerstranslation of an article by Antoine Le Calves from CoinMetrics, which considers not only the negative, but also the positive consequences of the most high-profile attacks on bitcoin exchanges.


Unknown to many, hacking Bitcoinica entailed significant consequences for the industry. The trading platform was launched in September 2011 by Zhou Tong, who was then a teenager.

The platform quickly gained popularity andattracted deposits of many prominent market participants. At the end of 2011, Tong sold Bitcoinica to Intersango, but remained its CEO and lead developer.

From May to July 2012, a number of catastrophic incidents occurred on Bitcoinica:

What lessons did the largest hacks of bitcoin exchanges teach the crypto community


Hack Linode

In March 2012, Bitcoinica servers were hosted on Linode. This service was clearly compromised by someone who was hunting users who showed any signs of bitcoin activity.

Very quickly, Zhou Tong told the community about the theft of funds and even published hacker transactions. The abduction became possible due to the use of an unencrypted wallet.

Emptying a hot wallet

A few weeks after the hack was stolenanother 18,500 BTC. Zhou Tong immediately revealed theft by posting transaction hashes. The official reason was the exploit of the mail server, which jeopardized the hot wallet of the exchange.

Tong hurried to take control of the situation,in order to avoid theft from the platform of the Mt API key. Gox, which could lead to the loss of another 15,000 BTC (Bitcoinica stored bitcoins on Mt. Gox and executed orders on this exchange).

Mt. API Key Vulnerability Gox

After the source code leak, Bitcoinica wasreleased her old Mt. API key Gox API. Unfortunately, it was also used as the password for the account in LastPass, where the new key was stored. Someone took advantage of this and stole 40 thousand BTC, as well as $ 40 000 from a Bitcoinica account on Mt. Gox. This was the maximum daily limit for withdrawing funds.


In total, 102 101 BTC and $ 40,000 were stolen from Bitcoinica. Probably one of its largest creditors was Roger Ver, who had 24,841 BTC stored on Bitcoinica until July 2012.

A series of attacks did not negatively affect the price of the first cryptocurrency, which even started the rally after the theft of the API key.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community

Bitcoin price reaction to the theft of funds with Bitcoinica. Data: CoinMetrics

The positive moment was the publication of the originalplatform code that has inspired many entrepreneurs. In particular, the early Bitfinex code base was created based on Bitcoinica. The disappearance of a very successful exchanger at one time also freed up space for competitors.

Unfortunately lenders, along with the collapse of Mt. Gox were absorbed by 64,673 BTC Bitcoinica platforms. Bankruptcy proceedings continue to this day.

Mt. Gox

Of course, when it comes to hacksBitcoin exchanges, there is an association with Mt. Gox. This was one of the first platforms with fiat support, the influx of which entered the bitcoin ecosystem from 2010 to 2013. The site, created by Jed McCaleb (he then participated in the creation of Ripple and Stellar), was acquired by Marc Carpeles.

From the very beginning of its work, Mt. Gox went through a series of hacker attacks that eventually crashed the platform. After a catastrophic collapse in early 2014, the public finally found out how ineffective the management of the exchange was. The analysis of Kim Nilsson describes in detail the process of pumping bitcoins from Mt. Gox.

The following is an excerpt from McCaleb’s correspondence with Carpeles during the transition:

What lessons did the largest hacks of bitcoin exchanges teach the crypto community


- Hi.
- Something happened.
- What?
- All bitcoins have left the server.

Then, in March 2011, the first seriousattack Mt. Gox. 79 957 BTC worth about $ 70,000 were removed from the exchange wallet after hacking the corresponding server. None of these bitcoins has since moved, so it is not known whether the attacker still has a private key.

In September 2011, someone got access to hotwallet Mt. Gox. The latter contained bitcoins, as well as unused keys, which later became deposit addresses. The robber gradually and imperceptibly withdrew funds - the monitoring system for purses simply did not exist.

By 2013, when there was practically no morebitcoins for their theft, Mt. Gox became completely insolvent (except for 200 thousand BTC in cold storage, which are now the central element of the bankruptcy procedure).

The public knew almost nothing about the attacks until February 2014, while Mt. Gox did not close the withdrawal. The price of bitcoin subsequently fell rapidly.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community

BTC price reaction to the withdrawal of funds with Mt. Gox


The collapse of Mt. Gox had a significant impact on bitcoin. At the end of 2013, suspicious trading activity took place on this exchange. The incredible increase in the price of BTC taking place against its background was perceived by some as a completely natural process.

After the rapid rise of 2013, the collapse of the platform was putting pressure on the price for a long time - it took Bitcoin more than three years to renew its historic high.

For many, Mt. Gox was a kind of introduction to bitcoin. The negative stereotype associated with cryptocurrency is still strong. One can only imagine what the public image of Bitcoin would be if not for this story.

A few years on Mt. Gox has concentrated the main trading activity. The disappearance of the platform has cleared space for many competitors. Since then, no exchange has had such a huge market share.

Mt. Gox pointed out to exchanges the need for constant monitoring of bitcoin reserves, which, however, even Bitcoinica was involved in at one time.


Emerging from the ashes of Bitcoinica &#8212; stock exchangeBitfinex &#8212; gradually grew, adding more currencies and features to become one of the largest and most influential exchanges today. We estimate that Bitfinex held at least 225,000 BTC shortly before its largest hack.

On August 2, 2016, 119,756 BTC were stolen. They were stored on multisig addresses on BitGo and Bitfinex. The first platform had one key, while Bitfinex had the other two.

Although all the details are still unclear, it is known that the Bitfinex API key on the BitGo service was compromised. As a result, significant amounts in bitcoins were withdrawn.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community


At the time of the first news release about the vulnerability, there was still significant uncertainty regarding the amount of withdrawal. However, using on-chain analysis, a very accurate assessment could be made.

BitGo uses special addresses knownlike P2SH (Pay to script hash), which enable complex multi-signature settings and are well suited for storing large amounts of BTC. The attacker decided to withdraw funds to non-supporting P2SH addresses.

Specialized website p2sh.info (now txstats.com, supported by BitMEX and Coin Metrics), tracked the number of BTC stored on P2SH addresses and reflected this large movement a few blocks after what happened.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community


Against the backdrop of the hack, the price of bitcoin fell by more than $ 200, but it recovered relatively quickly - in just three months.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community

Source: CoinMetrics


Bitfinex hacking is unique in its own way becausethe exchange survived despite the loss of 36% of reserves (as measured in US dollars). Subsequently, Bitfinex even managed to succeed, making a profit of $ 730 million during 2017-2018.

Instead of initiating a very longand a complex bankruptcy process, Bitfinex executives decided to tap into financial engineering opportunities to get out of the financial hole created by the vulnerability.

The balance of each account decreased by 36.067%, but BFX tokens were credited to users for the corresponding amount. Then Bitfinex either bought back tokens in the ratio of 1 BFX for every dollar lost, or converted these coins into shares of iFinex Inc, registered in the British Virgin Islands.

Lenders Deciding to Convert BFX to SharesiFinex Inc also received RRT tokens. These coins allowed access to the recovered funds immediately after all BFXs were bought back and converted into shares. Each RRT entitled one recovered dollar.

In addition, the open market made it possible to trade BFX and RRT tokens. Bitfinex lenders were able to sell their BFX and thus provided a market value for each token.

At first, BFX traded at 0.38 cents, and RRT - at0.20. BFX trading ended in April 2017 at a price close to face value. By that time, all tokens were either bought out or converted into iFinex shares. RRT is still being traded, its price is just over two cents.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community


All BFX tokens have been purchased or converted.in iFinex stock. Using the BFX token allowed Bitfinex to survive the incident. The deal even turned out to be profitable for lenders who converted BFX into shares: the company distributed over $ 500 million in dividends over the next two years.

Bitfinex used a similar concept toto avoid forfeiture of the $ 850 million held by Crypto Capital payment processing by collecting $ 1 billion through the sale of Unus Sed Leo tokens (LEO).


Since the end of 2017, Binance is the first altcoin trading platform. This exchange is used by many retail traders, it has accumulated significant reserves in bitcoin and other coins.

In May 2019, with a hot wallet, exchanges were7000 BTC are displayed. Presumably, hackers gained access to many retail accounts using various methods, having outwitted Binance's hot wallet system to process the withdrawal of such a large amount.

News about the hack did not affect the price of bitcoin, which, in fact, even rose soon.

What lessons did the largest hacks of bitcoin exchanges teach the crypto community



Fortunately, in August 2018 it was launchedSAFU (Secure Asset Fund for Users) initiative to avoid bankruptcy after theft. Binance accumulated 10% of the total trading fees on a separate cold wallet to cope with such situations.


Since hacking worked on a singleBitcoinica server and ending with a complex and well-organized attack on Binance, the confrontation between exchanges and those who seek to steal their reserves, only intensified.

Despite the millions lost, each hack is an important milestone in the development of a new class of assets and provides many lessons for future market participants:

- The incident with Bitcoinica harmed many, but at the same time, the code base of the platform served as the basis for the emergence of new exchanges;

- Mt. Gox promoted bitcoin to the mainstream, which led to the emergence of a more fragmented and still working spot market, which gave long-term enthusiastic investors a long period of low prices;

- hacking Bitfinex and its subsequent restoration with the help of financial engineering, may have given impetus to the development of many exchange tokens;

- A recent attack on Binance proved the usefulness of self-insurance, also pointing to the increased level of complexity of hacker attacks.