The Dark Side of Bitcoin: A History of Hacks, Scams and Cybercrimes Involving the Cryptocurrency

Published in

Coinmonks

6 min readNov 6, 2023

Bitcoin’s decentralized, digital nature has enabled groundbreaking innovation in finance. But that same technical complexity has also facilitated serious cybercrimes over bitcoin’s short life. Hacks, scams, ransomware, thefts, and frauds exploiting security gaps have resulted in billions of dollars in bitcoin losses.

This article will delve into bitcoin’s darker history, profiling famous scams, thefts, ponzi schemes, ransomware attacks, and exchange hacks that shaped its early years. While bitcoin’s underlying blockchain remains unhacked, the interfaces enabling market activity have proven vulnerable. Understanding past risks helps the community develop more secure and ethical systems going forward.

Mt. Gox — Early Bitcoin Exchange Hack

Among bitcoin’s formative cybercrime cases is the massive 2014 hack of early exchange Mt. Gox. At the time, Mt. Gox handled over 70% of global bitcoin transactions, making it the largest bitcoin intermediary. But weak security and mismanagement exposed vulnerabilities.

Over its lifespan, hackers slowly drained Mt. Gox of bitcoins through compromised wallets and transaction malleability attacks exploiting system bugs. Ultimately around 850,000 bitcoins were stolen, valued at almost $500 million at the time and $41 billion at today’s prices. The scale of this early exchange hack shattered trust and bankrupted Mt. Gox.

Sheep Marketplace Heist

Darknet marketplaces using bitcoin to facilitate illicit transactions were also fertile ground for thefts. In 2013, Sheep Marketplace performed an “exit scam” suddenly shutting down after accumulating 30,000 BTC in sales. Thieves made off with 96,000 bitcoins, swiping $6 billion worth today.

This highlighted the risks of underground markets. While bitcoin’s blockchain itself is transparent, when paired with tools like Tor for anonymity, accountability vanishes. Rogue administrators could easily pull off huge crypto heists in the early days.

NiceHash Hack

Bitcoin miners flocked to NiceHash to lease hashing power and earn Bitcoins, exchanging billions of dollars by 2017. But that year, a breach exposed 4,700 bitcoin wallets containing customer funds. With minimal security protecting accounts, hackers stole over 4,000 bitcoins worth $63 million.

This illustrated that with immature crypto firms prioritizing growth over security in bitcoin’s early years, custodial services were extremely high-risk. Offering to keep customer funds in exchange for convenience opened the door for catastrophic losses if hacked.

BitGrail Exchange Hack

The 2018 BitGrail breach highlighted exchange vulnerabilities. On the smaller BitGrail exchange, an exploit allowed hackers to repeatedly withdraw stolen nano coins. In total 17 million nano coins worth about $195 million were drained from users.

While nano developers denied fault, the incident underscored the risks of holding funds on exchanges. Even smaller names could become targets of hacks. Savvy crypto investors learned to custody their own coins after exchange breaches became commonplace.

Parity Wallet Hack

Beyond exchanges, bitcoin wallet developers also faced high-profile breaches exposing users to theft. In 2017, a novice hacker accidentally froze and trapped $300 million worth of Ether in Parity wallets by exploiting a code vulnerability.

White hat hackers rescued most funds, but millions were permanently locked. Again, the relative immaturity of early crypto startups exacerbated technical risks, and users suffered the consequences of unrefined code.

The DAO Attack — $60 Million Ethereum Heist

The notion of decentralized autonomous organizations (DAOs) managing crypto funds programmatically seemed promising. But in 2016, the first DAO built on Ethereum contained a flaw allowing hackers to siphon $60 million worth of Ether into a copycat DAO under their control.

This was a wake-up call about smart contract security. Adopting bleeding edge decentralized finance technology without rigorous auditing opened the door to major exploits. Ethereum ultimately did a contentious hard fork to reverse the attack and protect investors.

Bitfinex Exchange Hack — $72 Million Loss

Hong Kong-based Bitfinex was one of the world’s largest bitcoin exchanges when hackers breached its systems in 2016 and initiated over 2000 unauthorized transactions. In total, 119,756 bitcoins were stolen, valued at over $72 million at the time.

Bitfinex avoided admitting full details to avoid further panic. The exchange reduced all account balances by 36% to spread the loss. This contributed to the growing perception that holdings were unsafe on exchanges long-term unless they prioritized security.

QuadrigaCX Exit Scam — $250 Million

The risks of holding funds on exchanges came to a head with QuadrigaCX’s 2019 shutdown and apparent exit scam. Qaudriga was Canada’s largest exchange when its CEO Gerald Cotten mysteriously died overseas. When $250 million in customer funds disappeared, theories emerged that Cotten simulated his own death to steal user assets.

While unclear if Cotten absconded with funds alone or worked with associates, the incident showed cryptocurrency exchanges were still dangerously under-regulated in many jurisdictions. Few protections existed to recover lost assets.

Coincheck Hack — $534 Million in NEM Stolen

Japanese exchange Coincheck demonstrated one of the largest crypto exchange breaches to date, with over $534 million worth of the NEM altcoin stolen in 2018. Hackers exploited deficiencies in Coincheck’s storage systems to rapidly drain massive amounts of NEM.

Unlike most other major thefts, the exchange vowed to eventually reimburse all 260,000 affected users. The incident triggered improved regulation in Japan to mandate solvency and security requirements for exchanges and prove funds were properly held.

PlusToken Scam — $2 Billion Fraud Scheme

Transitioning to large scams perpetrated against crypto investors, PlusToken was one of the most brazen Ponzi schemes yet. The project falsely promised outsized investment returns for depositing bitcoin, promising profit sharing from mining, online advertising, and more. In reality, no revenue existed outside of new victims’ funds.

Although based in China and marketed widely across Asia, the fraud took in over 200,000 BTC worth $2 billion from duped investors who thought the business was legitimate. Its founders vanished in 2019, showing how crypto scams could flourish internationally.

Bitconnect Lending Scam

Bitconnect also successfully sold the too-good-to-be-true dream of earning interest on crypto holdings to naive investors. The Bitconnect platform offered securities empowering users to lend bitcoin in exchange for interest-earning tokens. Guaranteed returns looked clearly unsustainable, but promoters enthusiastically shilled the scam.

In its 2017 peak, Bitconnect boasted a $2.5 billion market cap before collapsing amid regulators cracking down on the obvious fraud. While some users recognized the manipulated hype, enough were deceived to feed significant funds into the short-lived Ponzi.

OneCoin Pyramid Scheme

OneCoin presented itself as an innovative new digital currency, but investigations revealed it was purely a pyramid scheme designed to enrich its founders Ruja Ignatova and Sebastian Greenwood. OneCoin relied on members recruiting new buyers into the fraudulent investment rather than mining or development.

Despite being suspended in multiple countries, promoters continued traveling internationally to hype worthless OneCoin packages running into the thousands of dollars. Estimates suggest the multi-level-marketing scam raked in $4 billion before Ignatova disappeared in 2017.

Ransomware Payments

Beyond outright thefts and scams, bitcoin has also often facilitated darker transactions as ransom payments for malware and cyber attacks. Hard-to-trace cryptocurrencies have enabled the growth of ransomware schemes compromising computer systems and encrypting data.

Victims around the world have paid millions in bitcoin to hackers holding their systems hostage. Global ransomware damage reached an estimated $20 billion in 2021, frequently fueled by difficult-to-track crypto ransoms. Bitcoin’s pseudo-anonymous nature has unintentionally made it a key facilitator of cybercrime.

Silk Road and Illegal Darknet Markets

Finally, bitcoin proliferation enabled the growth of underground darknet markets selling illicit goods and services. The convicted founder of the Silk Road marketplace estimates it facilitated $183 million in bitcoin transactions for illegal drugs and forgeries. Cryptos allowed unlawful dealings to flourish.

While blockchain analytics can support catching cybercriminals, the first decade of bitcoin saw rampant illicit market activity out of sight from authorities. From drugs to weapons to pirated material, bitcoin sales attracted criminals before legitimate adoption took off.

Conclusion

In summary, bitcoin’s early years featured several unfortunate associations with cybercrimes like massive hacks and ponzi schemes that undermined confidence. But over time, exchanges and custodial services have drastically improved security to reduce loss risks. And education has made investors more skeptical of “too good to be true” scams promising unreal returns.

Nonetheless, bitcoin retains reputational challenges from ransomware uses and perception as a haven for criminals. Focusing efforts on implementing solutions like stringent know-your-customer requirements can continue progress reducing undesirable illegal usage of bitcoin and other cryptocurrencies. Because truly achieving bitcoin’s mass adoption potential requires expanding legitimate real-world utility and shuttering avenues supporting cybercrime.

References: