Hackers, Scammers Have Stolen $7.6B in Crypto Since 2011

Billions of dollars have been stolen through exchange hacks and scams, according to a new report from blockchain analytics firm Crystal Blockchain.

AccessTimeIconNov 12, 2020 at 7:00 a.m. UTC
Updated Sep 14, 2021 at 10:30 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Since 2011, $7.6 billion worth of cryptocurrencies have been stolen, according to a new report from Amsterdam-based blockchain analytics firm Crystal Blockchain. The total figure breaks down into two sadly predictable buckets – hacks and scams. 

The report found that $2.8 billion was stolen through security breaches, the most popular breach being via a cryptocurrency exchange’s security systems. In total, the firm documented 113 security breaches; the largest of these was the Coincheck breach in 2018, which saw hackers make off with more than $535 million worth of NEM coins. 

The United States, Japan, the United Kingdom, China and South Korea experienced the most exchange security breaches. U.S. crypto services were targeted 13 times, topping the list. 

Another $4.8 billion was stolen through scams, with Crystal Blockchain identifying 23 prominent fraud schemes. 

"We deemed $7.6 billion as the total amount for all the years combined in one sum. Basically a cumulative sum for the last 10 years," said Kyrylo Chykhradze, a product director of Crystal Blockchain.

In terms of the value stolen, China led the pack by far. The report attributed its ranking mainly to the 2019 PlusToken Ponzi scheme ($2.9 billion) along with the 2020 WoToken scam ($1 billion) that  was connected to the PlusToken. 

The majority of crypto exchanges that were hacked had insufficient security and low-level verification for withdrawals, such as just an email or phone number. 

In the case of Coincheck, for example, the company kept most of its assets in a wallet connected to other external networks. It also lacked multisignature security entirely, which would have required multiple key holders to sign off before funds were moved. 

Chykhradze said the main reason for vulnerabilities in the tech is the industry continues to evolve at a very fast pace, and more and more entities are appearing on the market with inadequate and "neglected" internal security policies. 

“Their security policies are neglected because these new services cannot (financially) afford to pay as much attention to such security issues, whereas well-established entities are in a better position to ensure and prioritize security,” he said in an email to CoinDesk. “This results in newer services becoming cherry-picking opportunities for bad actors who can spot those vulnerabilities.”

Hackers are becoming more sophisticated

The report's conclusion doesn’t offer much of a silver lining. It observes that over the last few years the number of attacks have remained high. Even large-scale exchanges, which would ostensibly have better security measures, have experienced breaches. The report also predicts that, given that methods used by hackers have continued to become more sophisticated, attacks will only continue to grow in number. 

Chykhradze said they see SIM-swapping on the rise; this scam is industry-agnostic, afflicting cryptocurrency players as well as those in other sectors. 

“But what has really changed and developed is the way that these criminals are laundering stolen funds. These entities scrutinize services to understand their [anti-money laundering/know your customer] policies as well as policies related to privacy coins in the service's offering,” he said. 

“Services with lower barriers for KYC or privacy coin entry are better opportunities for laundering. This is another critical point to consider in crypto service security, how do we make stolen fund laundering almost impossible for bad actors?”

By way of solution, a few basic security measures for all crypto exchanges were recommended, particularly when exchanges use hot wallets. One is having proper insurance for special cases, a second is retaining an in-house security team, the third is using blockchain analytics software and last is making sure to have assets in reserves equivalent to the amount of cryptocurrencies in online storage. 

“We can assume that the number of attacks and schemes will continue to grow as the blockchain industry and the crypto market grows,” said Chykhradze, “especially with this latest bitcoin bull run we are currently experiencing and the influx of new business.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.