Centralized Exchange Security Vulnerabilities Review: Historical Lessons and Preventive Measures

In recent years, several centralized cryptocurrency exchanges have suffered significant losses due to external hacking attacks or internal fund misuse. Even industry giants face survival threats from powerful financial regulators. In contrast, decentralized exchanges have advantages in defending against hacking attacks, fraud, and excessive regulation.

This article reviews the top 10 most serious security incidents involving centralized exchanges in the history of cryptocurrencies and discusses the lessons learned from these events.

Top Ten Centralized Exchange Security Incidents

10. Bithumb: repeatedly attacked

The South Korean exchange Bithumb has been hacked multiple times since 2017:

• February 2017: Lost 7 million USD
• June 2018: lost $32 million
• March 2019: Lost $20 million in EOS and XRP
• June 2019: Lost $30 million in tokens

The South Korean Ministry of Science and Technology found that the main issues include insufficient network isolation, weak monitoring systems, and improper management of encryption keys.

9. WazirX: Large-scale wallet vulnerability

In July 2024, the Indian exchange WazirX suffered a major wallet vulnerability attack, resulting in over $230 million in cryptocurrency assets being stolen. The stolen assets included more than $100 million in SHIB, 20 million MATIC tokens, and 640 billion PEPE tokens.

Despite taking security measures such as hardware wallets, WazirX still suffered from this complex attack, highlighting the risks of centralized control of private keys.

8. A certain exchange: 40 million USD loss

In May 2019, a leading global cryptocurrency exchange suffered a hacking attack. The attackers used phishing and viruses to steal users' 2FA codes and API keys, stealing 7,074 Bitcoins from the hot wallet, which were worth over $40 million at the time.

The exchange subsequently established the User Security Asset Fund (SAFU) to protect user funds. However, in October 2022, the platform was attacked again, resulting in a loss of approximately $570 million.

7. KuCoin: $281 million theft case

In September 2020, KuCoin suffered a major hacker attack. The attackers stole various cryptocurrencies worth $281 million by stealing the private keys of hot wallets.

KuCoin acted quickly to transfer the remaining funds and suspend trading. By collaborating with law enforcement, approximately $204 million of the stolen funds were ultimately recovered.

6. BitGrail: Suspected internal crime

The Italian exchange BitGrail was hacked for 120 million euros, affecting 230,000 users. Police accuse the exchange's founder of possibly being involved in the hacking attack or neglecting security management.

The court announced the bankruptcy of BitGrail, demanding the founder to return the stolen assets and seizing his personal assets. This highlights the risks of centralized control of assets in a Centralized Exchange.

5. Poloniex: Two major security incidents

Poloniex has experienced two serious security breaches:

• March 2014: 97 Bitcoins were stolen, accounting for 12.3% of the holdings at that time.
• November 2023: Approximately $126 million was stolen from hot wallets.

The recent attack is suspected to have been carried out by North Korean hacker groups, involving complex methods such as social engineering and malware.

4. Bitstamp: 5 million USD loss

Hackers infected the system administrator's computer to gain access to Bitstamp's key files and passwords. Ultimately, they stole 18,866 bitcoins from the hot wallet, resulting in a loss of about 5 million dollars.

Afterwards, Bitstamp carried out a comprehensive overhaul of the platform, including migrating infrastructure and implementing multi-signature measures.

3. A certain exchange: 120,000 bitcoins were stolen

In August 2016, hackers exploited a vulnerability in the multi-signature system to steal 120,000 bitcoins from the platform's hot wallet.

The platform adopts a transparent strategy, distributing losses to user accounts and issuing tokens to gradually compensate users for their losses.

2. Coincheck: $534 million NEM tokens stolen

In January 2018, the Japanese exchange Coincheck suffered a serious hacking attack, resulting in the theft of 523 million NEM tokens, worth approximately $534 million.

The incident exposed the shortcomings of the exchange in areas such as hot wallet management and multi-signature protection. The crypto community quickly took action to try to stop the flow of stolen assets.

1. Mt. Gox: The most notorious hacking incident in cryptocurrency history

Mt. Gox, as one of the earliest and largest Bitcoin exchanges, experienced two major security incidents:

• 2011: 25,000 Bitcoins lost
• In 2014: About 850,000 Bitcoins were stolen.

This event greatly affected the price of Bitcoin and the confidence of the entire crypto community, becoming an important lesson for the industry.

Exchange Security Prevention Measures

To enhance security, the exchange can take the following measures:

• Cold and hot wallet separation: Store most assets in an offline cold wallet.
• Multisignature: Requires multiple key holders to jointly sign a transaction
• Continuous Security Audits: Regular assessment and upgrades of security systems
• User Education: Increase users' security awareness
• Insurance: Purchase insurance protection for user assets

By adopting a comprehensive security strategy, the exchange can better protect user assets and enhance the platform's credibility.