CryptocurrenciesThe rate at which cryptocurrency thefts are running is accelerating. In the first three months of 2018, the total stood at around US$670 million. By the end of June that number had soared to US$1.726 billion. At this rate we could see over $4 billion stolen by December 2018. It is a truly enormous number. The problem is understanding what it really relates to.

Website collates a list of known cryptocurrency thefts. It records the amount of each currency taken, what allowed the breach to happen and the value reported at the time. The latter is important. Each theft can only be calculated on the value at the time not the impact on the specific currency. Interestingly, when you track through many of the thefts, the amount of currency recovered is low. In many cases there are questions as to whether it really existed or if the theft was simply a cover up.

Cryptocurrency thefts pose a significant challenge for law enforcement. They have to take the details from the cryptocurrency exchange at face value. Many investors are unwilling to be named for several reasons. It could be that they acquired the currencies illegally, are worried about the tax situation or have simply forgotten about them.

2018’s thefts to date

The list of thefts in 2018 is contained in the table below and is taken from the cryptoaware website. It includes the ongoing misconfigured Ethereum clients incident which started in June although. The value for that theft is still not a final number.

Name Reported Loss (Crypto) Reported Loss (USD) Occurred On
Misconfigured Ethereum Clients Incident 38,680 ETH 20,000,000 2018 Ongoing
MyEtherWallet DNS hack 215 ETH 152,000 Apr-18
Coinsecure Theft 438 BTC 3,300,000 Apr-18
South Korean Bitcoin Pyramid Scheme N/A 20,000,000 Apr-18
GainBitcoin India Ponzi Scheme N/A 300,000,000 Apr-18
Dantang coin Ponzi N/A 13,000,000 Apr-18
iFan/Pincoin Token Scam N/A 650,000,000 Apr-18
Coinhoarder Phishing Scams (ongoing) N/A 50,000,000 Feb-18
Seele ICO Theft  2,162 ETH 1,800,000 Feb-18
Bee Token Phishing 890 ETH 928,000 Feb-18
BitGrail Theft 17,000,000 NANO 170,000,000 Feb-18
BlackWallet Theft 670,000 XLM 400,000 Jan-18
Coincheck 500,000,000 NEM 400,000,000 Jan-18
Bithumb Exchange hack 2,016 BTC 17,000,000 Jun-18
2,219 ETH
692 BCH
5,227,490 XRP
Coinrail Exchange hack 1,927 ETH 40,000,000 Jun-18
2.6 billion NPXS
93 million ATX
831 million DENT
BTC Global Ponzi Scam N/A 50,000,000 Mar-18


As the table shows, April was a bad month for cryptocurrency investors. Many of these incidents cannot simply be put down to poor security at the exchanges. The table shows that scams and Ponzi schemes have played their part.

How does this compare to thefts from ordinary banks?

The national banks in the G20 see cryptocurrencies as a major risk. Much of their focus is on the instability that they create. However, crime statistics like this help to reinforce their views that non-fiat currencies should be avoided.

There is a problem with this view. Malware and cyber thefts from the traditional banking system exceeds this number. The recent arrest of the head of the Carbanak malware syndicate revealed that the malware had made over $1 billion in five years. It is just one of several malware families targeting banking.

Alongside this, we have seen attacks against the Swift inter-banking system. While the Swift network makes it clear that this is not a compromise of their central systems, it has still be used to facilitate the thefts.

The impact of cybercrime as a whole is hard to estimate. The numbers that are thrown around are often impossible to verify. They are often conflated by mixing together many different parts of the attack rather than separate what is lost compared to the costs to reputation, replacement of equipment and spending on cybersecurity solutions.

None of that underplays the size of the problem. More and more people are being drawn into a world where they believe fortunes are to be made. Every day, it seems, yet another company or organisation announces it is to launch its own cryptocurrency. Some are sensibly ring-fenced for specific purposes and platforms. The majority, however, are speculative, scams or good old fashioned Ponsi schemes.

What does this mean

If it has a value, someone will want to steal it. The surge in cryptocurrency thefts in April caught many organisations by surprise. While attribution is much harder than people realise, the majority of the thefts are believed to be down to state sponsored hacking teams. The most blamed of these are those associated with North Korea.

Irrespective of who is doing the hacking, individuals need to take more care of their assets. An extremely large number of people leave their currencies in ‘hot wallets’ that can be attacked from the Internet. The movement of coins to ‘cold wallets’ is always a recommended approach. This is what Bithumb did when they were under attack. As a result, the exchange believes it avoided an even bigger problem and has promised to refund all its customers from its own reserves.

Cryptoaware has its own list of how to keep your cryptocurrencies safe. Increasing numbers of organisations are beginning to get involved in cryptocurrencies. Some are buying them to protect against cyber-attacks so that they can pay ransoms. Others see them as a legitimate gamble in the same way they would buy stocks and share. This means that they need to ensure that their cybersecurity tools cover their cryptocurrency wallets.


Please enter your comment!
Please enter your name here