The statistics only cover exchange hacks confirmed by multiple sources, excluding exit scams and hacks on third party solutions such as wallet providers and payment processors.
This narrows down the number of hacks to 11 – of which the biggest one was that of Coinbene – where a staggering $105,000,000 was stolen. Upbit and Binance also suffered major losses throughout the year ($49,000,000 and $40,000,000 respectively), with the latter being followed up with a rather questionable network rollback proposition by Binance CEO Changpeng Zhao. Wrapping up the eight figure heists are those of BITPoint, Bithumb, Cryptopia and GateHub.
All of the five biggest hacks drained the hot wallets of the exchanges, with the bigger portion of crypto holdings remaining safe. This, combined with the better distribution and increasing number of exchanges contributes to one positive statistic – the significant drop in actual value that was stolen. In that regard, all hacks combined pale in comparison to 2018’s $534 million Coincheck hack, or the $473 million Mt. Gox hack reveal in 2014.
The blog post also details the most popular destination for stolen funds. Surprisingly, direct transfers to other exchanges are leading the way, despite the strict KYC and AML requirements in recent years. Only a minor portion of the stolen funds are passed through anonymity services and coin mixers such as CoinJoin. While new to Ethereum, the knowledge required to conceal and obscure the origin of crypto funds has been publicly discussed since 2013. That said, this destination is becoming more popular for stolen funds as compared to previous years.
Overall, the report gives mention to some positive trends – hot wallets are holding a smaller percentage of exchanges’ overall funds, suspicious withdrawing activity is better monitored. However, organised crime is also evolving and entities such as Lazarus Group also have more sophisticated hacking and money laundering methods at their disposal.