Bitcoin exchange hacks 2016: security issues revealed

7 February 2017

Due to the rapidly growing value and popularity, Bitcoin has become a target for digital attacks which have raised the question of security yet again. The number of companies has lost millions of dollars in total, with some of them having a hard time getting back to business and the others being shut down for good, despite of the attempts to make up for the stolen funds. The cryptocurrency exchange platforms, listed below, struggled to find the attackers, and while the outcomes vary, every case is notable.


A hacker’s attack on Bitcoin platform Bitfinex in Hong Kong resulted in a loss of over $72 million (120,000 BTC), raising security concerns as one of the biggest digital security thefts in history. Reportedly, the Bitcoin was abducted from a number of separated wallets, despite of multi-signature technologies the company started using in partnership with BitGo that owned one of security keys, and two others kept by Bitfinex.

The partnering company didn’t find any breaches in their system, but the attack happened in August, 2016 and lasted over 3 hours, unnoticed. The unexpected attack caused digital currency depreciation, which, fortunately, was temporary, and now its value is higher than ever. Additionally, over 800 stolen Bitcoins were found in circulation on other websites, therefore the company offered a 5% reward to anyone willing to cooperate, including the hackers. Other cryptocurrency services have also been helping Bitfinex track the money.



In May, 2016, Gatecoin discovered a breach in the system that lead to an immediate suspension of services for further investigation. Several attacks on hot wallets occurred between May 9 and May 13 in connection to a server reboot. While most users keep their digital currency in well-secured cold wallets, the hackers found a way to alter the system, therefore the money was transferred straight to the less protected wallets during the breach.

Over $2 million was lost during the attack, with Gatecoin’s cryptocurrency funds exceeding the 5% restriction previously set on hot wallets. However, the company managed to stay afloat and re-launch their services in September, 2016 after a three-month break. Gatecoin is getting new investors in attempt to repay the users who suffered from the theft, and expanding the number of digital coins they exchange. As of this year, the Hong Kong’s company started processing Euro SEPA and Euro international transfers.


Located in Switzerland, ShapeShift is an unusual company that allows their users to exchange coins anonymously, and since its launch in 2013 it has been known for its simplicity. Unlike other companies, ShapeShift supports only a coin-to-coin trade without involving a fiat currency. Despite of the lack of users’ information, which has been essentially used to maintain privacy along with providing the security, ShapeShift was hacked in April, 2016.

The company lost $230,000 due to several internal attacks on the hot wallet; nevertheless, all the consumers’ digital currency was unaffected. Although the stolen sum was tangible for ShapeShift, the platform managed to discover the weak points in their security, making more investments in it as a result. The CEO hired a new security specialist Michael Perklin, who introduced the first CryptoCurrency Security Standard (CCSS), to strengthen the system.


A Florida based company, Cryptsy used to exchange digital currencies until the attacker embedded a Trojan malware into the system, stealing $6 million equivalent in Bitcoin. The platform was hesitant to declare the theft, desperately searching for the opportunity to return the lost money to the users’ wallets, placing all money the company earned to the accounts. Nevertheless, the damage done by the hacker turned out to be irreparable, and Cryptsy had to come clean about the accident.

In January, 2016, the company admitted to the fact of the attack, revealing the sum of money lost. However, the situation worsened and after withholding the users’ access to the funds, a lawsuit was filed against Cryptsy. The platform’s accounts were frozen during the investigation, and it was closely monitored by the court representatives. Consequently, the company had the only option to be shut down, and it has remained offline.



Kraken is a digital currency exchange company launched in 2011, in California. It claimed to have a high security system, which allows the clients to safely transfer a variety of currencies. Nevertheless, in July, 2016, some of the consumers’ accounts were claimed to be hacked, with $285 stolen from one of the accounts. Shortly after, some of the other users reported to have been hacked as well, sharing the information online.

Despite the compromising news and accusations, the company authorities stated that the consumers, whose accounts were subjected to the attacks, didn’t use 2-factor authorization (2FA), decreasing the level of protection as a result. Moreover, the clients confirmed to have overlooked the recommended security method, giving the hackers an easy access to the funds. The other accounts have stayed unharmed, and Kraken exchange managed to prove their reliability.

The digital world is predicted to lead people to the new era, however, it makes both the users and the creators vulnerable. Thus, there are main factors to consider when it comes to a cryptocurrency exchange security. The recommended precautions, such as 2FA and a strong password should be taken, when it is possible. Just as with a credit card, a cold wallet should serve the main currency storage, with only necessary amounts kept online. And every big trading platform should invest a lot of money and inner resources in the security to be trusted and successful.

Blockchain techs
Mastercard may launch a payment system for fast cryptocurrency transactions
Banking techs
Korea digitizes mortgage and loan documents on a blockchain platform
Writing a White Paper for an ICO: expert recommendations
Show more posts...