Major Security Incidents Faced by Centralized Exchanges

In recent years, many well-known centralized cryptocurrency exchanges have experienced serious security incidents, resulting in huge financial losses. These incidents include not only external hacking but also cases of poor internal management and fund misuse. Even industry giants are facing pressure from regulatory agencies. In contrast, decentralized exchanges have certain advantages in dealing with threats such as hacking attacks, fraud, and excessive regulation.

This article will review the ten most serious security incidents involving centralized exchanges and discuss the lessons learned.

1. Bithumb: Multiple Attacks

The South Korean exchange Bithumb has been hacked multiple times since 2017:

• February 2017: Lost 7 million USD
• June 2018: Loss of approximately 32 million USD
• March 2019: Loss of approximately 20 million USD in EOS and XRP
• June 2019: Lost approximately 30 million USD in digital tokens

The South Korean Ministry of Science and Technology has found issues with Bithumb, including insufficient network isolation, weak monitoring systems, and improper management of encryption keys.

2. WazirX: Huge Assets Stolen

In July 2024, the Indian exchange WazirX suffered a major security breach, resulting in the theft of over $230 million in crypto assets. The attackers targeted WazirX's multi-signature wallet on Ethereum. The stolen assets included various tokens such as Shiba Inu, MATIC, PEPE, USDT, and GALA. This incident highlights the risks associated with centralized management of private keys.

3. A well-known exchange: 40 million USD worth of Bitcoin stolen

In May 2019, a top global exchange was attacked by hackers. The attackers obtained users' two-factor authentication codes and API keys through phishing and virus attacks, stealing 7,074 bitcoins from the hot wallet, worth over $40 million. The platform subsequently established a user security asset fund to address extreme situations.

4. KuCoin: $281 million in cryptocurrency stolen

In September 2020, KuCoin suffered a massive hacking attack, with attackers stealing approximately $281 million worth of various cryptocurrencies by obtaining the private keys of hot wallets. KuCoin quickly took measures, freezing trading and transferring remaining funds. After efforts, KuCoin recovered about $204 million of the stolen funds within a few weeks.

5. BitGrail: Insiders Suspected of Involvement

The Italian exchange BitGrail has suffered a loss of €120 million (approximately $147 million). Police suspect that the exchange's founder may have been involved or negligent in management. This incident has affected about 230,000 users, making it one of the largest financial misconduct cases in Italy's history.

6. Poloniex: Two Major Security Incidents

Poloniex has suffered two serious security vulnerabilities in succession:

• March 2014: 97 Bitcoins were stolen, accounting for 12.3% of the holdings at that time.
• November 2023: Approximately $126 million in crypto assets stolen, suspected to be the work of North Korean hacker groups.

In the second attack, hackers used social engineering and malware to obtain private keys and launder money through complex methods.

7. Bitstamp: System Administrators Become the Breakthrough

Hackers successfully infiltrated the exchange's system through a social engineering attack targeting Bitstamp system administrators, stealing 18,866 bitcoins valued at approximately 5 million dollars. Afterwards, Bitstamp underwent a comprehensive overhaul of the platform to strengthen security measures.

8. Certain exchange: Multi-signature system breached

In August 2016, the multi-signature security system of a well-known exchange was breached, resulting in the theft of 120,000 bitcoins. The platform implemented measures such as loss sharing and token compensation to address the crisis.

9. Coincheck: $534 million NEM tokens stolen

In January 2018, the Japanese exchange Coincheck suffered a major hacking attack, with 523 million NEM tokens (approximately $534 million) stolen. This incident exposed the exchange's shortcomings in asset storage and multi-signature protection.

10. Mt. Gox: The Most Notorious Hacking Incident in Cryptocurrency History

Mt. Gox, once the world's largest Bitcoin exchange, suffered hacker attacks in 2011 and 2014, ultimately resulting in approximately 850,000 Bitcoins being stolen. This incident had a profound impact on the entire cryptocurrency industry.

Measures to Strengthen Exchange Security

To improve security, the exchange can take the following measures:

1. Store most of the assets in a cold wallet, keeping only a small amount of operating funds in a hot wallet.
2. Implement a multi-signature mechanism to prevent the loss of funds due to the leakage of a single key.
3. Strengthen internal management and auditing to prevent internal fraud risks.
4. Conduct regular security audits and vulnerability testing
5. Raise employee security awareness and strengthen the prevention of social engineering attacks.
6. Adopt advanced encryption and monitoring technologies
7. Establish an emergency response mechanism to promptly handle security incidents.

These measures can help the exchange better protect user assets and maintain platform security.