Bitcoins have been a juicy target for hackers since 2011.
There’s a lot of excitement about Bitcoin right now, with the value of the cryptocurrency recently soaring above $11,000—more than 10 times its value at the start of the year. This has caused many people to wonder if they should be getting involved in the Bitcoin craze.
But it’s important to keep in mind that participating in the Bitcoin economy comes with big risks. Over the years, the Bitcoin world has been plagued by hacks, scams, and abusive practices. Users who don’t take appropriate precautions can lose everything.
Here we present a short history of the Bitcoin world’s most significant scams and hacks. It’s worth noting that all of these attacks were against Bitcoin-related services, not the core Bitcoin software. As far as we know, the Bitcoin network itself is highly secure, though of course that’s little comfort if you entrust your bitcoins to a third party that gets hacked.
Also, the list seems to skew toward older incidents. Users seem to have faced greater dangers of hacking and fraud in 2011 and 2012 than they do today.
Still, the dangers haven’t gone away by any means. The Bitcoin economy is still lightly regulated, and fraud is a constant danger. While it might seem tempting to buy some bitcoins in hopes they’ll go up in value, the risks are high—perhaps too high for most people. If you do decide to acquire bitcoins, do your research and be careful.
June 2011: Bitcoin user loses $500,000 in bitcoin to hackers
In early 2011, Bitcoin had been a tight-knit community of hobbyists. Mining bitcoins was easier back then: people could generate thousands of bitcoins using a conventional home PC.
That’s what allinvain, a user on the Bitcoin Talk forums, claimed to have done, amassing a fortune of 25,000 bitcoins. Bitcoins were worth pennies in 2010, but, by early June 2011, the price of bitcoins had soared to $20, making his bitcoins worth around $500,000.
Then, on June 13, disaster struck for allinvain. “I just woke up to see a very large chunk of my Bitcoin balance gone,” he wrote. Allinvain believed that someone had hacked into his PC and stolen the bitcoins from his hard drive, transferring them to an account controlled by the hackers.
If those coins had not been stolen—and he’d held on to them until today—they would be worth around $250 million.
August 2011: Wallet service MyBitcoins disappears from the Web
Bitcoin wallet services offer to store bitcoins on users’ behalf. These were initially portrayed as a convenience to the customer, but many of them turned out to be either insecurely run or outright frauds (it can be hard to tell, since the frauds tend to claim they were hacked).
One wallet service that was popular in Bitcoin’s early days, for example, was called MyBitcoin. In August 2011, the company disappeared from the Web, claiming the site was hacked.
This and similar experiences have made the Bitcoin community suspicious of online wallet services. With no real regulation, there’s no way for users to verify that a wallet service is reliable.
An exception to this is client-side Web wallets like the one offered by Blockchain.info. In these services, customer data is only stored in encrypted form on the server. Data is encrypted on the client side with a customer-provided password. That approach makes users less vulnerable than traditional wallet services where the service provider has direct control of the bitcoins.
March 2012: Hacked Web host leads to stolen bitcoins
Hackers exploited a vulnerability in the shared online web host Linode to steal at least 46,703 bitcoins—then worth more than $200,000—from several Linode users. That included more than 43,000 bitcoins stolen from Bitcoinica, an early Bitcoin exchange.
Bitcoinica suffered a second hack in May 2012 that cost the company another 18,000 bitcoins. It was then taken offline for a security audit. Bitcoinica didn’t survive these incidents. In August 2012, the site was sued by several users seeking the return of $460,000 in deposits.
One lesson of the Linode debacle is that Bitcoin-related businesses have to be extremely careful when operating on shared hosting providers. Bitcoins are secured by encryption keys. If any third party—either other customers or rogue employees—has access to customer data, they will be able to read the encryption keys and use them to transfer bitcoins away from their owners.
August 2012: Bitcoin Ponzi scheme is shut down
The Bitcoin Savings and Trust was a classic Ponzi scheme. Customers were lured in with a promise of high returns—seven percent per week—and new customers’ deposits were used to pay profits to previous customers.
The scheme shut down in August 2012, and a year later the government indicted organizer Tendon Shavers. The government accused him of raising more than 700,000 bitcoins from gullible customers. In 2014, a judge ordered Shavers to repay victims more than $40 million. The judge found the scheme had cost victims 265,678 bitcoins.
September 2012: More exchanges get hacked, shut down
In September 2012, a Bitcoin exchange called Bitfloor suffered a catastrophic attack. Attackers stole 24,000 bitcoins, then worth around $250,000. Bitfloor didn’t have $250,000 in reserves, so the theft effectively made Bitfloor insolvent.
Bitfloor resumed operations a few weeks later, hoping to earn enough in fees to repay earlier customers. But the effort was unsuccessful; Bitfloor closed its doors for good in April 2013, leaving frustrated users in its wake.
February 2014: Hackers bring down the world’s then-largest exchange
The Bitcoin world’s biggest financial fiasco was the collapse of Mt. Gox—then the world’s leading Bitcoin exchange—in 2014. Operated by French-born CEO Mark Karpelès from a headquarters in Japan, Mt. Gox was the main way people bought and sold Bitcoins from its foundation in 2010 until February 2014. Then Mt. Gox announced that 850,000 bitcoins had gone missing—likely stolen by hackers, the company said.
At early 2014 prices, those bitcoins were worth around $450 million. Today, they’d be worth $8.5 billion.
In July, US law enforcement officials announced they had arrested a suspect in the massive theft. A Russian man named Alexander Vinnik was the owner and operator of a competing Bitcoin exchange called BTC-e. The feds allege that he knowingly accepted stolen bitcoins from Mt. Gox and laundered them through his own bitcoin exchange.
The collapse of Mt. Gox left no shortage of angry customers. Ironically, the continued appreciation of Bitcoin’s value means that the bankrupt company could eventually be able to repay its debts in full—with piles of money left over. Mt. Gox’s assets and liabilities were frozen while the company worked through the bankruptcy process. The liabilities were frozen in terms of Japanese yen, while the company’s remaining bitcoins have ballooned in value—from around $400 each at the time of the bankruptcy to around $11,000 today.
Obviously, Mt. Gox’s former creditors believe they should be repaid in appreciated bitcoins, but Japanese law might not be on their side.
January 2015: Bitstamp exchange is hacked
In January 2015, the popular Bitcoin exchange Bitstamp reported that it had lost around 19,000 bitcoins, then worth about $5 million. The exchange survived the attack and remains a leading Bitcoin exchange today.
August 2016: Another exchange loses 120,000 bitcoins to hackers
In August 2016, the Bitcoin exchange Bitfinex announced that hackers had stolen $77 million worth of bitcoins. The company foisted these costs on to users, forcing them to take a 36-percent reduction in the value of their deposits.
Bitfinex is still around, but there are big questions about the company’s credibility. As the New York Times puts it, Bitfinex is an “opaque operation that provides no information on its website about where it is or who operates the company.”