Ahh, crypto. We’ve all heard the seductive, utopian platitudes sung by digital currency evangelicals: It’s changing the world (or, as BitConnect guy once put it, “The world is not anymore the way it used to be!”)! It’s revolutionising finance (no more banks)! It’ll make you fucking rich, you idiot! It’s all good stuff. Yet here’s the other thing it’ll probably do: Empty out your pockets and leave you trolling through the nearest city’s streets, singing the blues about that time a hacker made off with your life savings.
It’s no secret that fraud and theft are common occurrences in the cryptocurrency industry. Reports from various watchdog dog groups have shown that the largely unregulated landscape of digital finance is rife with criminality because, duh, that’s what happens in unregulated industries. Add to that the diffusive cybersecurity weaknesses of crypto infrastructure, the hordes of money-hungry cybercriminals scouring the internet for an unsecured hot wallet or exchange zero-day, and what you have is a perfect recipe for getting your shit robbed.
It’s also readily apparent that ripoffs and theft seem to be getting worse, not better. According to a study put out by Crypto Head in August, this year was one of the worst on record for cryptocurrency hacks and robbery — with some 32 incidents reported, the likes of which amount to approximately $US2.99 billion ($4 billion-ish) in associated losses. That’s apparently up from last year’s numbers, which were, themselves, a 40 per cent increase from 2019’s reported incidents. And, since Crypto Head’s report came out, a smattering of exchange hacks have continued to prove its central thesis correct.
In that spirit, here’s a look back at six of the crypto biggest ripoffs of 2021.
BadgerDAO
As it would happen, December has been a really active month for crypto thieves. Indeed, the ripping off of BadgerDAO, a decentralised finance platform, just happened a few weeks ago. According to a blog post published by the platform, an unknown party had managed to break into a number of different user accounts on Dec. 2. The damage? About $US120 million (around $166 million) in stolen funds. Afterward, Badger explained that it would appear that the hacker injected a malicious script into its website that allowed the criminal to intercept active users’ transactions and redirect their funds to the hacker’s wallet.
BitMart
Only a few days after BadgerDAO got robbed, $US150 million (approx $208 million) disappeared in a plume of digital smoke from the coffers of the popular crypto exchange BitMart. On the day in question, the platform issued a statement in which it said it would be “temporarily suspending withdrawals until further notice” after discovering a “large-scale security breach” connected to two “hot wallets” — digital crypto accounts connected to the internet. Peckshield, the cybersecurity firm that initially drew attention to the incident, described the hack as a “pretty straightforward: transfer-out, swap, and wash” operation. Unfortunately, BitMart’s former slogan (“The most trusted cryptocurrency trading platform”) will probably be a hard sell for current and future customers.
Poly Network
One of the largest and weirdest cryptocurrency heists of all time is the story of Poly Network. On August 10, the exchange was reportedly hacked, leading to a loss of approximately $US600 million (about $831 million) of investors’ money — one of the biggest windfall thefts in crypto history. Poly’s leadership frantically put together an online missive in which they begged the hacker for their money back. “Dear Hacker,” the letter hilariously began — and went on to plead with the anonymous token robber for a safe “return [of] the hacked assets.”
The letter was largely greeted with derision and bemused sympathy online, and nobody actually believed that the stolen money would ever be seen again. However, Poly’s tactic worked! The hacker, whoever the hell they are, began returning the stolen funds — later claiming in blockchain-inscribed memos that they had only ever hacked the exchange “for fun” and to reveal a glaring security hole in Poly’s system. By the end of August, the thief had reportedly returned the entirety of the massive haul.
Liquid Exchange
In August, the Japanese cryptocurrency exchange Liquid lost a reported $US97 million (around $134 million) after someone hacked into its systems and targeted its multiparty computation (MPC) system of custody — a supposedly secure cryptographic digital asset mechanism. Blockchain analysts watched as the money was subsequently funnelled through a series of wallets and mixers to obscure its trail and ultimately allow the anonymous bandit (or bandits) to make off with the loot. For now, at least.
Vulcan Forged
Another unfortunate victim is Vulcan Forged. The company manages a number of different crypto services and products, including a DeFi platform, an NFT market, and several play-to-earn token-based video games. Anyway, Vulcan reportedly got robbed of $US140 million (just shy of $200 million) earlier this month, when a hacker somehow managed to get ahold of the private keys to 96 of the platform’s wallets and made off with every last cent inside of them. According to estimates, the hacker stole an average of $US1.46 million (that’s $2 million!) per wallet. Unlike a lot of crypto platforms, Vulcan actually refunded the money that had been lost to investors — a very charitable move that probably helped it save face.
Thodex
Then there’s the unfortunate tale of Thodex, a Turkish crypto exchange whose young, weasel-like CEO allegedly made off with around $US2.7 billion (about $4 billion) of investors money this past spring. After seeing tremendous investment since its launch in 2017, Thodex unexpectedly went offline in April and Faruk Fatih Ozer, the platform’s 27-year-old founder, caught a quick flight to Albania. One of the last known photographs of the dude is him hustling through Istanbul airport, after which he jetted off to God knows where. The exchange’s collapse led to significant trouble in Turkey, where authorities rounded up and detained 83 people, including Ozer’s family members. Not Ozer though! Has anybody seen this guy lately? If you do, there are about 400,000 people who’d like to get a copy of his current address.