2015

January

What : Bitstamp

: Bitstamp Amount: 19,000 BTC

The first licensed cryptocurrency exchange in Europe, Bitstamp, which is regulated by the Luxembourg Supervisory Authority in Finance (CSSF), was hacked in January 2015. Hackers sent a malicious file to the internal mail of employees. One of the Bitstamp’s employees neglected security rule №1 — do not open files from strangers, and followed the link on the device that has access to the BTC wallet of the exchange. As a result, 19,000 BTC was stolen, or about $5,100,000 at the day of the theft.

What : LocalBitcoins

: LocalBitcoins Amount: ~17 BTC

17 BTC is seemingly not a large sum compared to the compromised exchanges above; nevertheless, it’s one more argument in favor of paying attention (and allocating money) to cybersecurity.

Nikolaus Kangas, the vice-president of Local Bitcoins, explained:

“The attacker used that LiveChat access to spread some kind of Windows executable, which probably was some new kind of keylogger software which is not yet detected by virus protection mechanisms. If the user got that executable installed, with some social engineering, the attacker managed to get access to different accounts of those victims.”

Three users lost funds during the hack. The company stated that one of the possible reasons for the fraudulent withdrawal was a lack of 2FA. Again, 2FA is a reliable security measure that should be in place on every cryptocurrency exchange platform.

What : 796

: 796 Amount: 1,000 BTC

What seemed like a mistake, appeared to be a well-calculated and precise attack. At the end of January, the server of Chinese cryptocurrency exchange, 796, was compromised. According to the explanation, a hacker gained access to a sub-module and tampered customers’ withdrawal addresses with one’s own.

February

What : Bter

: Bter Amount: 7,000 BTC

Another attack that is related to employees mistake occurred in China. A small cryptocurrency exchange Bter was hacked several times. Employees of the exchange organized the largest heist. In February 2015, 7000 BTC was stolen from a cold wallet. After that, all the activities of the company were suspended, and only a couple of years later the Bter management resumed withdrawing funds from their assets.

What : KipCoin

: KipCoin Amount: 3,000 BTC

Being the owner of an exchange platform, will you admit the breach immediately or halter the news until the investigation gives you more details? The owners of KipCoin chose the second option.

Remember Linode? In 2015 it became clear that it was hacked again in June 2014 causing a breach of KipCoin server. The hackers changed Linode account password excluding the owners from accessing it; this entailed KipCoin Linode root password to be changed as well, as the hacker(s) gained control of the entire platform.

For a month, the administration of the exchange tried to regain control, and they succeeded (surprisingly, nothing malevolent had happened during this month). That didn’t mean that hackers went away, they lurked. In October 2014, hackers gained access to funds as the exchange didn’t change their BTC private keys.

KipCoin decided to not disclose this information immediately in light of BitStamp losing many coins and has taken all the necessary steps to file an official complaint with the police.