Crypto Hacks: Can Cryptocurrencies Like Bitcoin Be Hacked?

Cryptocurrencies have seen enormous growth over the years. As more users have come on board, the number of hacks have increased. This year crypto hacks cost over $2 billion in stolen funds. These thefts are especially rampant with crypto bridges, resulting in $1.4 billion taken in 2022 alone.

The largest single hacking incident, in March of this year, was the $615 million taken from the Ronin Bridge, which connects the popular game Axie Infinity on the Ronin network to Ethereum. Earlier this year, even the large crypto exchange Crypto.com was hacked for millions, causing the network to pause withdrawals for over 14 hours.

Hacks have caused investors to not only lose their life savings, but also their trust in cryptocurrencies, which results in potential investors backing away from the industry. This article explains how cryptocurrencies are being hacked today, why it’s important to stay vigilant, and some tried-and-true ways to avoid getting hacked.

Are Blockchains Safe?

The blockchain trilemma of having to choose two out of three features (decentralization, security and/or scalability) is fundamental to how blockchains work. To compensate, the architecture behind modern cryptocurrencies, decentralized applications (DApps) and NFTs has significant built-in security features. Once data blocks have been added to the blockchain database, they’re immutable and cannot be reversed or hacked. Despite this structure, hackers have made off with millions every year because of shortfalls in bridge, protocol and personal security. As hackers take advantage of fringe vulnerabilities in the system and abuse existing smart contracts, users can effectively combat this by keeping themselves safe through secure crypto wallets.

So, are blockchains safe? The short answer is yes. The blockchain itself is secured through cryptographic techniques and consensus mechanisms from network participants. However, losses happen all the time because of the security shortfalls mentioned above.

The Role of Miners in Keeping the Blockchain Secured

Cryptocurrency miners play an important role in keeping proof-of-work (PoW) blockchains secure from hostile takeovers, spam and attempts to centralize the network. In return, miners are rewarded for contributing their resources. 

On the surface, miners package transactions from their mempools into candidate blocks. Then each miner uses a computational machine to solve the hashing algorithm (for Bitcoin, SHA-256, or Secure Hashing Algorithm 256 bits). Once a hash has been solved and verified, it’s added to the blockchain and the miner receives a reward.

The Impact of a 51% Attack

Naturally, blockchains are open to assault from the same miners who secure the network. Using the 51% attack, a group could potentially take over a blockchain if they owned more than 50% of a PoW cryptocurrency. A 51% attack works by overriding the existing network and taking over the set security protocols. Once the attackers control the majority of the hash rate, they can introduce changes to the blockchain and allow transactions — such as a double spend  —  through majority consensus.

For example, Bitcoin transactions require six confirmations from the network to be processed. An unprocessed transaction could be reversed in a 51% attack in which miners would gain control over coins from unconfirmed transactions. They could then transfer the coins to an address of their choosing. The severity of a 51% attack would depend on what the attackers ultimately decided to do.

Can Someone Steal My Cryptocurrency?

Yes — your cryptocurrency can be stolen if you don’t take the necessary steps to secure your coins. Hackers can steal them directly, or use scams to trick you into handing them over. If your private keys aren’t kept safe, it’s possible for a hacker to get into your hot wallet (see Wallet Hacks, below). This can’t happen if you store your coins offline in a cold wallet, such as Ledger — one of the best hardware wallets available.

Types of Crypto Hacks

Blockchain security has improved over the years, but as we see more widespread adoption, crypto hacks are growing. Here are the three most common crypto hacks.

Bridge Hacks

A blockchain bridge allows assets to be sent from one blockchain to another. Users send funds in one asset to the bridge, where the funds are locked into a contract. The user is then issued a wrapped token — mimicking the characteristics and functions of the target token, once it reaches the target blockchain network.

Bridges have been targeted in the last few years because they often have a central storage point where funds are locked up and used to back the wrapped assets. Whether they’re held by a centralized entity or locked in a smart contract, current bridge designs have yet to solve the challenges among blockchain bridges.

Some bridges are vulnerable because of their poor model. For example, the Horizon Bridge was hacked for $100 million after attackers compromised two out of five accounts and approved the withdrawal of funds from Harmony to Ethereum.

Wormhole, one of the largest cross-chain bridges, was hacked for $320 million. The hacker managed to mint Wrapped Ethereum (WETH) on Solana without putting up the necessary collateral on Ethereum. Fortunately, Jump Trading stepped in to provide the same amount of ETH, saving protocols and users from huge losses.

Wallet Hacks

Digital wallets, or crypto wallets, are noncustodial storage platforms with private keys to manage your own cryptocurrencies. The keys are required to access your crypto deposits. You have full control over them, and keeping them safe is your most important task. 

Wallets are divided into hot and cold wallets. Cold wallets like hardware wallets from Trezor and Ledger are the most secure storage option because it’s not connected to the internet. It's untouchable except during short connection periods for online transactions. 

A hot wallet is connected to the internet and, therefore, more vulnerable to attacks. While most users prefer hot wallets for their convenience, hackers can directly interact with a hot wallet using malware, phishing and other hacking strategies. Recently, over 8,000 hot wallets were hacked and drained of funds, unbeknownst to the users. The attack happened on hot wallets Phantom, Slope and Trust Wallet, and amounted to $5 million worth of native Solana tokens. According to a tweet from Solana Status, engineers discovered the bug was not on Solana, but in the software of several hot wallets.

Other hot wallets include desktop wallets (Coinbase Wallet), mobile wallets (Trust Wallet) and browser wallets (MetaMask). These are usually third-party applications that could have security vulnerabilities, which might allow hackers to access your private keys. In the case of MetaMask, there are bogus sites that can induce you to input your seed phrase — and then the scammers immediately convert and drain your funds.

Exchange Hacks

A crypto exchange is a platform where users buy and sell digital assets using fiat money. The exchanges provide users with custodial wallets and other services, which include managing user accounts and their private keys. Since only a few private keys hold large funds, the wallets become targets for hackers.

Earlier this year, one of the biggest crypto exchanges, Crypto.com,  was hit with a $35 million hack that affected over 400 users. The exchange initially found that a small number of users had unauthorized crypto withdrawals from their accounts. This turned into a large number as withdrawals were being approved without using 2FA (two-factor authorization). Crypto.com halted withdrawals for 14 hours and fully reimbursed its affected users.

Following the Solana wallet hack in the same week, a hacker stole $4.8 million worth of cryptocurrencies from the ZB.com exchange (whose homepage states, “The World’s Most Secure Digital Asset Exchange” — so yes, it can happen anywhere). Unfortunately, ZB.com wasn’t fast enough to suspend withdrawals, and the funds were transferred from the exchange wallet to an unknown address thought to belong to the hacker.

CeFi vs. DeFi Hacks

Centralized finance (CeFi) requires a central entity to oversee transactions, while decentralized finance (DeFi) allows users to transact with each other using smart contracts. Both CeFi and DeFi have their benefits, although hacks happen to users on both platforms. In terms of crypto hacks, one advantage of using a CeFi platform is the possibility of recovering your assets, usually at the expense of the platform's insurance fund. When compared to a similar hack in DeFi, the chances of recovery are close to zero, as assets are managed by the individual.

Safest Crypto Exchanges

Many crypto exchanges have been targeted over the years, and although users are usually reimbursed, it isn't always the case. Some exchanges don’t have enough to pay out their customers. Despite this predicament, people still want to invest in cryptocurrencies because of their potential to skyrocket in value. If you’re considering adding crypto to your portfolio, it’s worth noting the safest crypto exchanges.

Here are the top five:

1. Bybit

Bybit is the best P2P crypto exchange around the world for trading with leverage. The platform facilitates the buying and selling of cryptocurrencies at an optimal, agreed-upon price, and supports more than 80 types of payment methods. Bybit’s signup process is straightforward and allows users to make unlimited deposits, withdrawals and trades by complying with Bybit’s KYC.

2. Binance

Considered one of the safest crypto exchanges, Binance allows users to purchase almost 60 types of cryptocurrencies, including Litecoin, Chainlink and Dogecoin. Trading P2P on Binance doesn’t incur any taker fees. However, the P2P altcoin exchange does charge a maker fee of up to 0.35%. That aside, P2P advocates everywhere use it to buy and sell a host of altcoins.

3. Huobi

Huobi is among Asia’s best-known crypto exchanges, offering one of the largest platforms for crypto trading since 2013. Customer service is surprisingly quick and responsive, which is comforting in a volatile marketplace. On this P2P crypto exchange, neither buyers nor sellers pay transaction fees, making it extremely competitive against other first-rate P2P crypto exchanges.

4. OKX

Another one of the safest crypto exchanges in more than 200 countries, OKX supports advanced trading for experienced crypto traders. It also offers more than 100 currency pairs for Tether, Bitcoin and Ether, making it a favorite P2P exchange for international users.

5. KuCoin

KuCoin is one of the safest crypto exchanges for non-American traders who are ready for an advanced trading platform with more features. Traders can also earn interest on their crypto while it sits in their wallets, making it one of the most popular P2P crypto exchanges on the market. KuCoin claims that one in four crypto users hold some assets on its platform, which means there’s a big pool of buyers and sellers to trade with for added liquidity. Transfer fees depend on the currency and on which third-party app is used.

Can Bitcoin Be Hacked?

With its peer-to-peer network, Bitcoin is completely open and decentralized. Thousands of nodes in every corner of the globe communicate with each other on transactions and blocks.  As the Bitcoin network has grown and the price has risen, so has the hash rate of Bitcoin miners. This has made 51% attacks increasingly harder and more expensive to execute over the years, resulting in Bitcoin becoming more secure. If an attack were to happen, it would crash Bitcoin’s price, devaluing any Bitcoin that was stolen.

How Are Bitcoins Stolen?

Bitcoin can be stolen if a hacker gains access to your wallet. Hackers can accomplish this in one of two ways: 1) Directly, through email phishing scams that give hackers access to your wallet, enabling them to transfer your Bitcoin into theirs. 2) The other way is through crypto exchanges, where hackers steal directly from custodial wallets once they gain access to the private keys.

Can Bitcoin Be Hacked by Quantum Computers?

A popular theory about the possibility of Bitcoin getting hacked involves the implementation of quantum computers. Quantum computers can perform computation with extraordinary efficiency and speed. While scientists have theorized about the possibilities of quantum computers, they have yet to be implemented by individuals.

Quantum computers could dominate any crypto blockchain, and would potentially have the power to execute a 51% attack on coins such as Bitcoin. Applying their force, they could also steal the private keys of wallet addresses and confiscate any and all Bitcoin.

Bitcoin, however, is actually one of the safer systems as compared to bank accounts or credit cards. If quantum computers are indeed implemented, the entire financial system will be at risk.

The Biggest Crypto Hacks

To date, the biggest crypto hack happened in March 2022 when the Ronin Bridge of Axie Infinity, the popular play-to-earn game, was targeted. The hackers stole a whopping $615 million worth of ETH and USDC, and although a small percentage of it was recovered within the month, the Ronin Bridge hack remains the biggest in history. The Poly Network hack is a close second, with $611 million stolen in August 2021.

How to Protect Your Cryptocurrency

You can take several steps to protect your cryptocurrency from being stolen. As mentioned above, the least secure wallets are hot custodial wallets because of their constant connection to the internet, and because you don't have access to your private keys. Never store your keys on a device with a connection that’s constantly on — always hold onto them. Hot custodial wallets can be hacked easily and used to access your keys.

The most secure wallets are noncustodial hardware wallets, such as Ledger or Trezor. Store your private keys for these wallets by writing them down on a piece of paper and keeping the paper in a safe, also known as a paper wallet, or by using a device that uses extra encryption. Since paper wallets are easily damaged, the first method should only be temporary.

Your private keys should always be held in cold storage without a wired or wireless connection. If you want to use your cryptocurrency, transfer only the keys you need for that transaction to your hot wallet, conduct the transaction, then remove the keys from the hot wallet immediately. Finally, never share your private keys with anyone if you’re uncomfortable with the risks.

What Happens If Your Crypto Is Hacked?

A simple way to know if your wallet has been hacked is to look for any unauthorized transactions. Should this happen, it’s likely someone has gained access to your wallet.

If your wallet has been hacked, immediately create a new wallet and transfer any existing funds out of your current wallet. Be sure to check your device for viruses, such as malware, beforehand to avoid having your new wallet get hacked.

If you’re using a centralized exchange, change your login details, and ensure that you have two-factor authentication turned on. Notify the crypto exchange as soon as possible for help. They might be able to freeze your funds before they’re drained from the exchange, or offer reimbursement while they work with authorities to resolve the issue.

What’s the Safest Cold Wallet for Your Crypto Storage?

Hardware wallets are a form of cold wallets that offer the safest crypto storage. They let you keep your crypto wallet and your seed phrase offline when you don't want to trade or make a transfer. While your hardware wallet is offline, a hacker or malware still could seize the wallet.

Popular wallets such as Ledger Nano X, Trezor Model T and KeepKey allow you to authorize transactions directly from the physical device. While you do need to connect your device to the internet to trade crypto, your private keys will never be sent over. Even if the connected device or DApp is compromised, your wallet remains secure.

What’s the Least Safe Place to Store Your Crypto?

The internet is the least safe place to store your crypto. It’s possible for hackers to break into anything on the internet. For example, someone who keeps their private keys on a cloud storage account makes the process of getting into their wallet too easy, as the only line of security for hackers to get past would be their iCloud password, especially if it’s not strong.

Also, avoid keeping your private keys on computers or phones in case of viruses, such as malware, which can pull information from your devices — even if they’re not connected to the internet.

The Bottom Line

Cryptocurrency and DeFi protocols continue to grow, and users who deposit money into crypto are growing in numbers as well. As the underlying technology of blockchains is safe and almost impossible to attack, hackers look to exploit funds directly from protocols or users themselves. Therefore, it’s important to protect your funds so you can enjoy crypto protocols with peace of mind.