This post has been written jointly with Álvaro Moreno.
Cryptocurrencies have grown so much in recent years in terms of economic volume and relevance that they have become an important target for cybercriminals. Given that exchanges, platforms where users can buy and sell these cryptocurrencies, bring together a large number of transactions and users of these assets, they have become an important target for cybercriminals, who seek to get as much money as possible by exploiting their vulnerabilities.
In this article we will cover some of the most recent attacks on these Exchange platforms and conclude with a table on other major attacks on cryptocurrency exchanges.
Crypto.com
On January 17, 2022, the Exchange platform Crypto.com discovered that a small number of users were making unauthorized withdrawals of cryptocurrencies from their accounts worth approximately 4800 ETH and 440 BTC, plus about $66,200 in other currencies.
The response from the platform was to suspend withdrawals of any tokens while an investigation was conducted. In the end, no customers of the platform suffered any loss of funds, as the 483 affected users received a full refund.
This security breach was due to a few users making transactions that were being approved without the 2FA authentication check. As a result, Crypto.com removed all customer tokens and added additional security measures, forcing users to re-log in and set up a new token to ensure that all activity was legitimate and authorized.
As a workaround, on January 18, 2022, a 24-hour delay was added between the registration of a new withdrawal address and the first withdrawal from that address. In addition, Crypto.com has committed to conducting additional checks on the platform and investigating additional threats.
Qubit Finance
On January 27, 2022, a cybercriminal stole $80 million from the Qubit Finance platform. After the theft, the platform asked the attacker to return the stolen funds to the entire Qubit community in exchange for a $250,000 reward.
This platform offers the possibility for investors to make deposits in one cryptocurrency and withdraw them in another, operating between Ethereum and the Binance Smart Chain (BSC) network.
The attacker took advantage of a logic error in Qubit Finance’s code, injecting malicious data and causing the repository logic to fail to invoke the function that verified the input data.
As a response from the platform, they started working with security companies and Binance, while trying to track down the offender. They also disabled the functions of Redeem, Lend, Refund, Deposit in one currency and Withdraw in another indefinitely.
This attack is the eighth largest attack on a DeFi (decentralized finance) platform and the second largest in 2022, according to DeFiYield.
Coinbase
Coinbase is one of the most popular exchanges. In this case it was a recently discovered and already patched vulnerability. The impact it could have had is really important since, in the proof of concept, 0.02433012 ETH/EUR could be exchanged for the same amount in BTC/USD.
The bug was discovered and detailed on Twitter by Tree of Alpha, which received one of the highest rewards in Coinbase history; $250,000 for the report. Basically, in the process it details how, initially, the ID on the sell order changed from what it had in ETH-EUR (product_id field) to BTC-USD. An amount of 0.02433012, which is reflected in the baseSize field.
The order was placed successfully. So it exchanged 0.02433012 ETH-EUR for the same amount in BTC-USD, resulting in a significantly higher exchange amount (in fiat). These changes were reflected in the order book, as seen below.
BitMart
On December 5, 2021, it was revealed by CEO Sheldon Xia that cryptocurrency exchange BitMart had suffered a security breach.
The result was, according to PeckShield Inc. the theft of around $200 million in cryptocurrencies. In the following images you can see the amount of each of the tokens stolen.
According to its CEO reported on Twitter, this incident was due to the theft of a private key associated with two of its “hot wallets”, which accounted for a small percentage of its assets. He stated that BitMart would use its own funds to cover up the incident and compensate those affected.
However, more than a month later, they still have not received the funds and are demanding transparency from BitMart.
Other major exchange attacks
| Día | Exchange | Source | Amount stolen |
| 2021, August 19 | Liquid | Access to a hot wallet | $97 million |
| 2020, December 21 | EXMO | Access to a hot wallet | $4 million |
| 2020, September 25 | KuCoin | Data leak | $275 million |
| 2019, November 26 | Upbit | Access to a hot wallet | $49 million |
| 2018, January 27 | CoinCheck | Unknown | $560 million |
| 2016, August 2 | Bitfinex | Unknown | $623 million |
| 2014, February | Mt. Gox | Several techniques | $460 million |
Reference: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/
Reference: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/
In this article we have seen some of the most recent successful attacks on cryptocurrency exchanges, as well as a quick overview of others that have occurred throughout their development and growth.
These attacks are having more and more impact and consequences due to the rise of cryptocurrencies in society, and it is likely that we will continue to see similar or worse incidents in the near future.
