Major Thefts in Blockchain and how it happened?
All around the world, blockchain is believed to be the secured digital ledger, yet many of the crypto currency theft happened under blockchain networks. Here we list out the major thefts that occured in the blockchain world.
Ronin network theft
Hackers perpetrate the largest-ever crypto theft by stealing $625 million from Ronin Network. According to a revelation from the Ronin Network, hackers stole almost $625 million in bitcoin from the play-to-earn Axie Infinity video game network that runs on top of the Ronin blockchain. According to a statement made online by the Ronin Network, the hack happened in March 2022. After bitcoin, ether is the second most popular cryptocurrency. The hackers got off with around 173,600 ether and 25.5 million USDC, a stablecoin tethered to the dollar. The Ethereum-linked sidechain known as The Ronin Network is utilised by the blockchain game Axie Infinity. On March 29, an attacker used an exploit to syphon 25.5 million USDC and 173,600 ETH, totaling around $625 million, from the bridge that linked it to the Ethereum mainnet. Players can trade the virtual currency they gain from playing Axie Infinity for other cryptocurrencies like Ethereum thanks to Ronin Network, which is also controlled by the Vietnamese parent company Sky Mavis. According to the report, a hacker transferred $540 million worth of cryptocurrencies to themself six days prior, but the corporation didn't find out until a customer couldn't get their money out on Tuesday. The scam was exposed after a senior developer opened a PDF that was purported to be the official offer, at which point four out of the nine nodes utilised by Sky Mavis' Ronin blockchain to confirm financial transactions were also compromised
Poly Network theft
Cryptocurrency heist Hackers take $611 million from Poly Network, but following a request, they refund some of the money. The most frequently stolen cryptocurrency appears to be ethereum. The stolen assets were $85 million in USDC on the Polygon network, $273 million in Ethereum tokens, and $253 million in tokens on Binance Smart Chain. The largest DeFi hack to date involved the $611 million theft from Poly Network. The Network reported an attack on BinanceChain, Ethereum, and Polygon in August 2021. It pleaded with the hackers to give back the stolen property in an open letter. A network called Poly Network was created to facilitate interoperability between many chains, including Bitcoin, Ethereum, Ontology, Binance Smart Chain, etc. In essence, it makes it possible for different blockchains to cooperate. A cross-chain decentralised finance (DeFi) platform called Poly Network allows users to transfer currencies using a number of other blockchains, including BSC, Ethereum, and NEO. Polygon, a platform for building scaling solutions and blockchain networks compatible with Ethereum. The platform was abused by an attacker who took the native tokens, according to the MATIC token's site. The intrusion happened in early December, according to a blog post by the network development team. Before the group could close the security hole, the hacker stole 801,601 MATIC tokens. The hack demonstrates how even some of the most well-known and protected platforms, like Polygon, are susceptible to attacks. This month's significant hacking attempt on Poly Network, a platform for decentralised finance, or "DeFi," resulted in the theft of digital tokens valued at more than $600 million. The criminal was able to transfer the money to their own accounts by taking advantage of a flaw in Poly Network's coding. The fundamental reason for this attack is that the EthCrossChainManager contract has the ability to change the EthCrossChainData contract's keeper, and that contract's verifyHeaderAndExecuteTx function has the ability to execute data that the user has supplied through the _executeCrossChainTx function. As a result, the attacker employs this function to send carefully crafted data to change the EthCrossChainData contract's keeper. It is not true that the keeper's private key leaked and caused this incident.
Coincheck heist
Heist of $530 million in cryptocurrencies at coincheck in January 2018. The exchange, Coincheck, has agreed to partially reimburse the 260,000 bitcoin investors whose investments were compromised by the heist, but it hasn't specified a time frame or the source of the funds. NEM, a less well-known digital currency, was stolen from consumer deposits, according to Coincheck. The exchange committed to pay out 46.3 billion ($426 million) in cash from its own coffers to offset the losses of its users. That is almost 20% less than the entire value of the stolen virtual tokens. Coincheck is an exchange; it does not possess its own blockchain, cryptocurrency, or coin. About 16 cryptocurrencies are available on the exchange, and the number of NFTs is expanding. Attackers most likely used phishing emails to access victims' email accounts before taking advantage of a security hole in Coinbase's two-factor SMS system to access users' Coinbase accounts. Attackers most likely used phishing emails to access victims' email accounts before taking advantage of a security hole in Coinbase's two-factor SMS system to access users' Coinbase accounts.
Mt. Gox Heist
The Tokyo-based bitcoin exchange Mt. Gox filed for bankruptcy, claiming that $460 million in equivalent online funds had been stolen by hackers in February 2014. The news shook the bitcoin community and may potentially cause the much-hyped virtual currency to crash. The biggest bitcoin exchange in the world appeared to be a colossal display of entrepreneurial renegadeness. However, several who were present claimed that Mt. Gox was internally a chaotic concoction of poor management, neglect, and unbridled inexperience. For those who were familiar with the inner workings of the Tokyo-based corporation, its bankruptcy last week—along with the disappearance of $460 million, which was reportedly stolen by hackers, and another $27.4 million missing from its bank accounts—came as little of a surprise. Insiders claim that Mark Karpeles, the company's CEO and majority shareholder who was more of a computer programmer than a chief executive and who occasionally got sidetracked even from his technical responsibilities when they were most important, was largely responsible for the company's performance. Gox, which was formerly the largest Bitcoin exchange in the world, stopped all trading and went down in February 2014 after losing roughly 850,000 Bitcoin, which at the time was worth about $500 million. Later, some of its possessions were discovered. Between 2011 and 2014, bitcoin worth about $500 million (€453 million) was stolen from the Mt.Gox exchange in Tokyo, which was at the time the biggest in the world. After the hack was made public, Mt.Gox, which had handled 80% of all Bitcoin trade globally, filed for bankruptcy in early 2014, causing around 24,000 users to lose access to their money. The business suffered its first attack in June 2011, when criminals gained access to the computer of a Mt. Gox auditor and reduced the price of bitcoin to one penny. Using the private hot wallet keys of Mt. Gox clients then began purchasing bitcoin at this fictitious price, eventually amassing roughly 2,000 bitcoin.
Wormhole Portal heist.
A DeFi bridge called Wormhole Portal, which connects Solana and other blockchains, has been compromised, and 120,000 Ethereum (ETH) worth over $325 million have been taken in February 2022. This makes it the second biggest theft from a DeFi provider and the fourth worst crypto theft overall. According to the exploit, the attacker was able to mint 120,000 wrapped ETH on the Solana blockchain, and then transfer 93,750 ETH to the Ethereum network. Bridge gateways transform an input cryptocurrency into a transitory internal token using "smart contracts" on the Ethereum blockchain, which they then change into the user's preferred output coin. A blockchain bridge like Wormhole makes it possible to transfer digital currency from one blockchain to another. Decentralized finance (DeFi) services that operate on two or more chains, frequently with radically different protocols, rules, and procedures, find these blockchain bridges to be especially helpful. According to Wormhole's post-event incident report, a signature verification vulnerability was used. The offender bridged wETH tokens on Solana that weren't connected to Ethereum deposits in order to steal them.