The rise of Initial Coin Offerings (ICOs) became an alternative to the traditional model of fundraising for many projects. Companies could raise money from investors by issuing digital tokens which would be spent and redeemed over the native decentralized application. However several projects which were potentially scamming investors were red flagged. But several fake projects were successful in tricking investors to transfer their digital holdings. According to a study by Ernst and Young, more than 10 percent of the amount raised through ICO in 2017 had been lost to attackers. There has been a rise in the number of cryptocurrency scams that have been reported.
Fake ICOs creating big problems for the industry
In January 2018, the US SEC obtained a court ruling to freeze and halt all assets acquired by Arise Bank in its ICO. The U.S. Securities and Exchange Commission (SEC) reacted immediately to a complaint filed in Dallas, Texas and soon initiated action against the decentralized bank. The SEC received information that Arise Bank had falsely announced the acquisition of an FDIC insured bank. Founder of Arise Bank admitted to having raised as much as $600 million of their ambitious $1 billion target. It was one of the biggest amounts ever raised in the history of the ICO industry. The SEC ensured that all investor tokens were returned and investor money safeguarded.
But investors have lost money after investing in fake ICOs. The earliest ICO to be flagged and shut down by the SEC was Protostarr. Dubbed as the next option for Youtubers and other social media influencers to be funded by viewers the project raised 119 Ethereum tokens in August 2017. It decided to return all Ethereum tokens invested after the intervention of the SEC on August 13, 2017.
The biggest crypto ponzi scheme OneCoin
OneCoin was a cryptocurrency ponzi scheme promoted by two offshore companies which were founded by Ruja Ignatova. It had been reported that Chinese prosecutors recovered more than $267.5 million and prosecuted 98 people in connection with the same. Bulgaria’s Financial Supervision Committee cited OneCoin as an example of ponzi schemes being operated in the cryptocurrency industry to caution investors on September 30, 2015. Further action was taken against operators of this ponzi cryptocurrency scheme in Italy, India and Germany.
There have been several other fake ICO projects which have been shutdown by the SEC and other regulators. However there are several projects which have raised capital in an ICO and are yet to deliver. It has been commonly observed that teams conduct an ICO without having developed their basic product. There is a high probability that most of the fake ICOs who raised capital from investors have not been reported yet. Most of the ICOs came after the cryptocurrency wave of late 2017 and their products would begin to rollout either in late 2018 or early 2019.
Cryptocurrency Exchanges being hacked and attacked
Over the years, many security breaches have occurred in the technology sector. The cryptocurrency industry has lost a significant amount of money to attacks. Millions of dollars worth of cryptocurrency has been stolen by digital intruders in cryptocurrency exchange hacks. Many exchanges went bankrupt. The frequent attack on cryptocurrency exchanges prompted financial regulators to introduce more stringent set of regulations for digital currency exchanges.
One of the first reported hacks of Bitcoin was Allinvain. He lost 25000 Bitcoin in June 2011 after his windows machine was hacked. The value at that time was $500,000 and would now be worth more than $15,00,00,000.
Mt Gox: A Double blow to Bitcoin
The largest Bitcoin exchange back in June 2011 was Mt Gox. It had more than 70% of the worldwide trading volume. Bitcoin price at that time was around fifteen dollars. The attackers hacked a Mt Gox computer which had access to their funds and transferred large amounts of Bitcoin to themselves. Accounts with funds more than $8,750,000 were affected.
Mt Gox managed to recover from the previous hack. In January 2014, Mt Gox users complained of long delays in service. In February 2014, Mt Gox stopped all Bitcoin withdrawals to find the underlying cause. They realized that they had been a victim of a transaction malleability attack. Mt Gox lost 744,408 Bitcoins, which is seven percent of all the Bitcoin in the world. The coins at that time were worth $473 million. After this incident, Mt Gox declared bankruptcy and was shut down.
Bitcoinica was Attacked thrice in one year
Bitcoinica was the only Bitcoin exchange that was attacked thrice in the same year. The first attack was in March 2012. Hackers compromised Linode, a website which offers cloud based services. Hot wallets stored on unencrypted servers of Linode were affected. Bitcoinica lost more than 43000 Bitcoin. The second hack occurred in May 2012. This time Bitcoinca’s own servers were compromised and a theft of 18547 Bitcoins occurred. According to their blog post, their database was also compromised. In July 2013, Bitcoinca was again hacked for around $300,000. The community believed it to be an inside job and accused Bitcoinica CEO Zhou Tong. Zhou Tong defended himself against public accusations in a forum thread.
Bitfloor lost around 24000 Bitcoins worth $250,000 in September 2012. The founder of Bitfloor, Roman Shtylman made the mistake which lead to the hack. During a manual upgrade, he kept unencrypted data on a computer connected to the internet. This allowed the hacker to access the funds.
2013: PicoStocks and Vircurex
On May 10, 2013 Vircurex was hacked and they lost 1454 Bitcoin, 225,263 Terracoin and 23,400 Litecoin as stated in their report. PicoStocks suffered an attack in June 2013 leading to a loss of $130,000 worth of cryptocurrency. PicoStocks was attacked for the second time in November 2013. According to Wired, this attack was much larger as 5896 Bitcoin were stolen.
Small exchanges are hacked continuously between 2014 and 2015
Many exchanges were hacked in 2014. Cryptsy was hacked in July 2014 where $9.5 million were stolen. This information was not revealed until January 2016, when Cryptsy threatened bankruptcy. In August 2014, a Chinese exchange BTER was robbed of $1.65 million worth NXT tokens. Mintpal, in July 2014, announced that millions of Vericoins had been stolen from their hot wallet. Mintpal was again hacked in December 2014 and more than 3700 Bitcoin was lost this time.
Bitstamp employees were targets of phishing attempts in December 2014. One of their employees downloaded a file which allowed the hacker to access the hot wallets stored on the server. A total of 18,866 Bitcoin were stolen, which were valued at more than five million dollars. BTER was hacked again in February 2015 and 7170 Bitcoin were stolen. BTER claimed that this time their cold wallet storage system had been hacked.
The Decentralised Autonomous Organisation (DAO) Hack
The DAO was a smart contract on the Ethereum network that was made to create a completely decentralized digital app venture capitalist fund. During the funding period, people could contribute ether for DAO tokens. The token sale was highly successful with contributors raising over $150m in just thirty days. In June 2016, a hacker managed to drain 3.6 million ether into a smaller DAO. A soft fork was proposed to rectify the problem but the hacker requested nodes not to update their code. He offered a million ether as incentive. Ethereum hard forked on July 20, 2016 to resolve the situation.
In August 2016, Bitfinex was victim to a massive theft of Bitcoin. In 2015 Bitfinex tied up with BitGo and implemented multi-signature wallets for increased security. These wallets were attacked and a total of 119,756 Bitcoin was stolen. BitGo claimed their servers were not affected. Its value at the time of theft was $70 million.
Major hacks of 2017 and 2018
NiceHash is a company which serves as a marketplace for hashing power which can be used to mine cryptocurrencies. In December 2017, NiceHash said that their payment system was compromised and 4450 Bitcoin were taken. NiceHash promised to completely reimburse its users.
A major attack was made on Coincheck in January 2018. $500 million worth of NEM was stolen by the attacker. Coincheck announced that they will refund the users in fiat currency. Bitgrail is an Italian cryptocurrency exchange and was the only place to buy RaiBlocks which now has renamed to NANO. Bitgrail announced the theft of $195 million worth of NANO tokens in February 2018.
Image provided by Wealth Recovery International.