As technology advances, so do the cunning methods employed by hackers to steal millions. Join us as we unravel the thrilling tales of the biggest crypto heists and data breaches that unraveled in our beloved digital world.
Which of these crypto heists made it to your list as well?
1. Ronin Network: $620 Million
Our journey begins with the biggest of ALL.
The largest crypto gaming hack unfolded in 2022 as Ronin Network, an Ethereum sidechain for Axie Infinity, fell victim to a $620 million hack. Compromised private keys allowed the attacker to gain control, draining 173,600 ETH and 25.5 million USDC.
This hack happened because of several oversights from the network, including a lack of decentralization, too many permissions, and zero monitoring from the developers of Axie Infinity.
And here’s the craziest part: the incident was discovered six days after it happened, thanks to a user who was trying to withdraw some ETH and couldn’t!
2. Poly Network: $610 Million
Interoperability protocol Poly Network faced a major setback in 2021 when a hacker exploited vulnerabilities, transferring $610 million worth of assets to addresses they controlled.
But can you guess the surprising twist?
The hacker returned the funds, emphasizing the importance of collaboration between security and hackers in fortifying systems.
And that’s not all… the hacker even posted a three-page Q&A to communicate with people on the blockchain, including a note that read: “I prefer to stay in the dark and save the world.”
3. BNB Chain: $570 Million
In 2022, BNB Chain faced a major exploit as hackers stole $570 million worth of BNB tokens using an exploit on the BSC Token Hub. Quick intervention froze a significant portion of the stolen tokens, limiting the irreversible damage to $110 million.
The hackers, infamously named the “BNB bridge exploiters,” were able to create 2 million tokens out of thin air by forging proofs!
Shocking? Well, it will probably shock you even more to find out they were able to send 1 million BNB tokens to themselves undetected TWICE in a row.
Shortly after, several parties noticed the hack and made reports on it. There was even a thread on X (Twitter) by a blockchain researcher, explaining how it could have happened.
4. Coincheck: $540 Million
In 2018, Coincheck lost a whopping $530 million worth of NEM tokens due to a security lapse and insufficient staffing. With funds kept in hot wallets, the hackers found their golden opportunity.
Coincheck was unaware of the heist until a few hours after it happened. About 260,000 customers were affected and were thankfully reimbursed afterward.
ATM: $XEM currently trades at a mere fraction of its peak value, but the Coincheck hack remains a cautionary tale of lax security measures.
5. Mt. Gox: $450 Million
This list wouldn’t be complete without the granddaddy of crypto heists: Mt. Gox. Operating out of Tokyo, Japan, this once-mighty exchange handled 70% of all BTC transactions globally.
In 2014, Mt. Gox abruptly halted withdrawals, revealing a staggering 850,000 BTC ($450 million) heist. The exact culprits remain elusive, but experts suspect long-term siphoning leading to the infamous breach.
But we don’t know what’s worse – the hackers not getting caught or people not getting their money back due to the inexperience and mismanagement of the higher-ups.
2023 vibes be like FTX.
Fun fact: A Mt. Gox former employee said, “He (referring to Mark Karpelès, then CEO of the exchange) invested quite a large amount of money in an oven that was specifically built to cook quiche.”
Which of these data breaches have you heard of?
1. Yahoo: 3 Billion Records
In 2013, Yahoo suffered a colossal breach that was initially reported at 1 billion accounts but later revised to a staggering 3 billion. Usernames, birthdates, phone numbers, and passwords were compromised.
The breach happened while Verizon’s acquisition of Yahoo was underway. But Yahoo only revealed the breach three years later, so some onlookers thought something fishy was going on.
Coincidentally, what stands out to us is Senator John Thune of South Dakota asking former Yahoo CEO Marissa Mayer, “Why the delay in disclosing it? I mean it took, from 2013, three years.”
A mic drop in a senate hearing is always a fancy treat.
2. Aadhaar: 1.1 Billion Records
The Aadhaar breach in India that happened between August 2017 and January 2018 exposed records of 1.1 billion citizens, including names, birthdates, email addresses, and phone numbers. At the time, the hackers were selling access to the biometric database for Rs 500.
Apparently, the breach stemmed from former employees and unsecured APIs, emphasizing the need for robust identity and access management practices.
To date, it is no. 1 in the top 10 biggest data breaches in 2018 and no. 3 on the list of the biggest data breaches of all time.
Rightly so, don’t you think?
3. First American Financial: 885 Million Records
In 2019, First American Financial suffered a leak of 885 million files containing sensitive information such as bank accounts, Social Security numbers, and tax documents. These documents contained mortgage deals that can be traced back to 2003. An insecure direct object reference (IDOR) flaw paved the way for unauthorized access.
Those who reported on this called it corporate negligence at its finest and a security gap that could have been avoided. The vulnerability was discovered, thanks to a real estate developer in Washington State who notified Krebs on Security about it.
4. Onliner Spambot: 711 Million Records
The Onliner spambot revealed 711 million records, including email addresses and passwords. A data-stealing Trojan horse facilitated its stealthy operation for over a year, highlighting the importance of continuous security monitoring.
Emails disguised as invoices from government agencies and hotels hoodwinked users into opening an attachment that triggered the download of the malware. A security researcher known pseudonymously as Benkow exposed it and even wrote about it on his blog. As an added measure to help users find out if their emails have been affected, they can easily check it on Have I Been Pwned.
Let us know if you find yours.
5. Facebook: 533 Million Records
Facebook faced a major blow in 2021 when 533 million records were compromised. Threat actors scraped data using a feature designed for friend connections. While Facebook claimed at the time that it was old data from 2019, it cannot be overstated that the leaked data is still useful to malicious actors and can be used in different ways to scam people.
The incident spurred Facebook to overhaul its features to prevent future scraping. But we also hope that they eventually understood the implications of any kind of data exposure regardless of when it happened.
Digital Security and Awareness
As the digital landscape continues to evolve, the battle between hackers and security experts wages on. We hope these IRL stories of colossal heists and breaches serve as reminders to stay vigilant, implement robust security measures, and embrace technological advancements to safeguard your digital future.
It doesn’t mean you can never be susceptible, but you can at least be proactive and be aware of how these bad actors deceive people. Whether it’s the volatility of crypto or the vulnerability of personal data, the stakes are high in the ever-expanding cyber frontier. So, trust no one with your personal information and be quick to take action when you’ve been compromised.
Stay safe out there, Shib Army! 🧿🚀
