Attacks on Cryptocurrency Exchanges

This post has been written jointly with Álvaro Moreno.


Cryptocurrencies have grown so much in recent years in terms of economic volume and relevance that they have become an important target for cybercriminals. Given that exchanges, platforms where users can buy and sell these cryptocurrencies, bring together a large number of transactions and users of these assets, they have become an important target for cybercriminals, who seek to get as much money as possible by exploiting their vulnerabilities.

In this article we will cover some of the most recent attacks on these Exchange platforms and conclude with a table on other major attacks on cryptocurrency exchanges.

Crypto.com

On January 17, 2022, the Exchange platform Crypto.com  discovered that a small number of users were making unauthorized withdrawals of cryptocurrencies from their accounts worth approximately 4800 ETH and 440 BTC, plus about $66,200 in other currencies.

The response from the platform was to suspend withdrawals of any tokens while an investigation was conducted. In the end, no customers of the platform suffered any loss of funds, as the 483 affected users received a full refund.

This security breach was due to a few users making transactions that were being approved without the 2FA authentication check. As a result, Crypto.com removed all customer tokens and added additional security measures, forcing users to re-log in and set up a new token to ensure that all activity was legitimate and authorized.

As a workaround, on January 18, 2022, a 24-hour delay was added between the registration of a new withdrawal address and the first withdrawal from that address. In addition, Crypto.com has committed to conducting additional checks on the platform and investigating additional threats.

Qubit Finance

On January 27, 2022, a cybercriminal stole $80 million from the Qubit Finance platform. After the theft, the platform asked the attacker to return the stolen funds to the entire Qubit community in exchange for a $250,000 reward.

This platform offers the possibility for investors to make deposits in one cryptocurrency and withdraw them in another, operating between Ethereum and the Binance Smart Chain (BSC) network.

The attacker took advantage of a logic error in Qubit Finance’s code, injecting malicious data and causing the repository logic to fail to invoke the function that verified the input data.

As a response from the platform, they started working with security companies and Binance, while trying to track down the offender. They also disabled the functions of Redeem, Lend, Refund, Deposit in one currency and Withdraw in another indefinitely.

This attack is the eighth largest attack on a DeFi (decentralized finance) platform and the second largest in 2022, according to DeFiYield.

Coinbase

Coinbase is one of the most popular exchanges. In this case it was a recently discovered and already patched vulnerability. The impact it could have had is really important since, in the proof of concept, 0.02433012 ETH/EUR could be exchanged for the same amount in BTC/USD.

The bug was discovered and detailed on Twitter by Tree of Alpha, which received one of the highest rewards in Coinbase history; $250,000 for the report. Basically, in the process it details how, initially, the ID on the sell order changed from what it had in ETH-EUR (product_id field) to BTC-USD. An amount of 0.02433012, which is reflected in the baseSize field.

The order was placed successfully. So it exchanged 0.02433012 ETH-EUR for the same amount in BTC-USD, resulting in a significantly higher exchange amount (in fiat). These changes were reflected in the order book, as seen below.

BitMart

On December 5, 2021, it was revealed by CEO Sheldon Xia that cryptocurrency exchange BitMart had suffered a security breach.

The result was, according to PeckShield Inc. the theft of around $200 million in cryptocurrencies. In the following images you can see the amount of each of the tokens stolen.

According to its CEO reported on Twitter, this incident was due to the theft of a private key associated with two of its “hot wallets”, which accounted for a small percentage of its assets. He stated that BitMart would use its own funds to cover up the incident and compensate those affected.

However, more than a month later, they still have not received the funds and are demanding transparency from BitMart.

Other major exchange attacks

DíaExchangeSourceAmount stolen
2021, August 19LiquidAccess to a hot wallet$97 million
2020, December 21EXMOAccess to a hot wallet$4 million
2020, September 25KuCoinData leak$275 million
2019, November 26UpbitAccess to a hot wallet$49 million
2018, January 27CoinCheckUnknown$560 million
2016, August 2BitfinexUnknown$623 million
2014, FebruaryMt. GoxSeveral techniques$460 million

Reference: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

Reference: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

In this article we have seen some of the most recent successful attacks on cryptocurrency exchanges, as well as a quick overview of others that have occurred throughout their development and growth.

These attacks are having more and more impact and consequences due to the rise of cryptocurrencies in society, and it is likely that we will continue to see similar or worse incidents in the near future.

See also in: