The rate at which cryptocurrency thefts are running is accelerating. In the first three months of 2018, the total stood at around US$670 million. By the end of June that number had soared to US$1.726 billion. At this rate we could see over $4 billion stolen by December 2018. It is a truly enormous number. The problem is understanding what it really relates to.
Website Cryptoaware.org collates a list of known cryptocurrency thefts. It records the amount of each currency taken, what allowed the breach to happen and the value reported at the time. The latter is important. Each theft can only be calculated on the value at the time not the impact on the specific currency. Interestingly, when you track through many of the thefts, the amount of currency recovered is low. In many cases there are questions as to whether it really existed or if the theft was simply a cover up.
Cryptocurrency thefts pose a significant challenge for law enforcement. They have to take the details from the cryptocurrency exchange at face value. Many investors are unwilling to be named for several reasons. It could be that they acquired the currencies illegally, are worried about the tax situation or have simply forgotten about them.
2018’s thefts to date
The list of thefts in 2018 is contained in the table below and is taken from the cryptoaware website. It includes the ongoing misconfigured Ethereum clients incident which started in June although. The value for that theft is still not a final number.
Name | Reported Loss (Crypto) | Reported Loss (USD) | Occurred On |
Misconfigured Ethereum Clients Incident | 38,680 ETH | 20,000,000 | 2018 Ongoing |
MyEtherWallet DNS hack | 215 ETH | 152,000 | Apr-18 |
Coinsecure Theft | 438 BTC | 3,300,000 | Apr-18 |
South Korean Bitcoin Pyramid Scheme | N/A | 20,000,000 | Apr-18 |
GainBitcoin India Ponzi Scheme | N/A | 300,000,000 | Apr-18 |
Dantang coin Ponzi | N/A | 13,000,000 | Apr-18 |
iFan/Pincoin Token Scam | N/A | 650,000,000 | Apr-18 |
Coinhoarder Phishing Scams (ongoing) | N/A | 50,000,000 | Feb-18 |
Seele ICO Theft | 2,162 ETH | 1,800,000 | Feb-18 |
Bee Token Phishing | 890 ETH | 928,000 | Feb-18 |
BitGrail Theft | 17,000,000 NANO | 170,000,000 | Feb-18 |
BlackWallet Theft | 670,000 XLM | 400,000 | Jan-18 |
Coincheck | 500,000,000 NEM | 400,000,000 | Jan-18 |
Bithumb Exchange hack | 2,016 BTC | 17,000,000 | Jun-18 |
2,219 ETH | |||
692 BCH | |||
5,227,490 XRP | |||
Coinrail Exchange hack | 1,927 ETH | 40,000,000 | Jun-18 |
2.6 billion NPXS | |||
93 million ATX | |||
831 million DENT | |||
BTC Global Ponzi Scam | N/A | 50,000,000 | Mar-18 |
1,736,580,000 |
As the table shows, April was a bad month for cryptocurrency investors. Many of these incidents cannot simply be put down to poor security at the exchanges. The table shows that scams and Ponzi schemes have played their part.
How does this compare to thefts from ordinary banks?
The national banks in the G20 see cryptocurrencies as a major risk. Much of their focus is on the instability that they create. However, crime statistics like this help to reinforce their views that non-fiat currencies should be avoided.
There is a problem with this view. Malware and cyber thefts from the traditional banking system exceeds this number. The recent arrest of the head of the Carbanak malware syndicate revealed that the malware had made over $1 billion in five years. It is just one of several malware families targeting banking.
Alongside this, we have seen attacks against the Swift inter-banking system. While the Swift network makes it clear that this is not a compromise of their central systems, it has still be used to facilitate the thefts.
The impact of cybercrime as a whole is hard to estimate. The numbers that are thrown around are often impossible to verify. They are often conflated by mixing together many different parts of the attack rather than separate what is lost compared to the costs to reputation, replacement of equipment and spending on cybersecurity solutions.
None of that underplays the size of the problem. More and more people are being drawn into a world where they believe fortunes are to be made. Every day, it seems, yet another company or organisation announces it is to launch its own cryptocurrency. Some are sensibly ring-fenced for specific purposes and platforms. The majority, however, are speculative, scams or good old fashioned Ponsi schemes.
What does this mean
If it has a value, someone will want to steal it. The surge in cryptocurrency thefts in April caught many organisations by surprise. While attribution is much harder than people realise, the majority of the thefts are believed to be down to state sponsored hacking teams. The most blamed of these are those associated with North Korea.
Irrespective of who is doing the hacking, individuals need to take more care of their assets. An extremely large number of people leave their currencies in ‘hot wallets’ that can be attacked from the Internet. The movement of coins to ‘cold wallets’ is always a recommended approach. This is what Bithumb did when they were under attack. As a result, the exchange believes it avoided an even bigger problem and has promised to refund all its customers from its own reserves.
Cryptoaware has its own list of how to keep your cryptocurrencies safe. Increasing numbers of organisations are beginning to get involved in cryptocurrencies. Some are buying them to protect against cyber-attacks so that they can pay ransoms. Others see them as a legitimate gamble in the same way they would buy stocks and share. This means that they need to ensure that their cybersecurity tools cover their cryptocurrency wallets.