The 4 largest cryptocurrency crimes in history

Various signs of crypto currency
Image: Shutterstock

Virtual currencies like Bitcoin and Ethereum were once just a niche interest for techies and finance experts, but they have exploded in popularity in recent years. The total value of the crypto market is now valued in the billions, and its decentralized ethos is at the heart of what pundits are calling ‘Web3’.

But the rise of cryptocurrency has been accompanied by some of the most audacious internet crimes ever recorded. Here are four that have hit the headlines.

The $610 Million Heist

In August 2021, one of the biggest and strangest heists of all time unfolded online. The target was Poly Network, a platform that allows users to make transfers between different blockchains (the digital ledgers which record crypto transactions). After successfully exploiting a flaw in the Poly Network system, the hacker made off with over $610 million in various currencies, including Ethereum and USD Coin.

However, that’s not the end of this peculiar story. Poly Network posted a tweet addressing the thief directly and asking for the safe return of the funds. The hacker did exactly that, returning the whole haul of stolen crypto before the month was out. The hacker also released a bizarre Q&A embedded within Ethereum transactions, in which they explained they were “not very interested in money”.

The alleged reason for the heist? To draw attention to a bug in the system in a very public way, which the hacker claimed was safer than submitting a report to a Poly Network staff member who might have exploited the vulnerability for themselves. Poly Network seemed to believe the hacker had acted in good faith, even offering them $500,000 in ‘bug bounty’ for identifying the flaw. This caused some controversy in crypto circles with some theorising the hacker had merely back-pedalled after realising they couldn’t launder all the stolen currency. Whatever their true motivation, the hacker’s identity remains unknown to this day.

The Gamer Heist

Another gigantic crypto theft took place in March 2022, when Ronin reported that hackers had made off with over $625 million in Ethereum and USD Coin tokens. Ronin is a ‘sidechain’ of the Ethereum blockchain, created to power the in-game economy of an explosively popular online video game called Axie Infinity.

Created by Vietnamese studio Sky Mavis, Axie Infinity allows players to collect and trade Non-Fungible Tokens (NFTs) in a colourful, Pokémon-like world. The ability to generate serious amounts of money brought the game lots of attention, with the media reporting fairy tale stories of players quitting their lucrative day jobs to play Axie Infinity.

Blame for the mammoth hack has fallen on a North Korean posse known as Lazarus Group, thought to have been behind many similar cyberattacks over the years. In the weeks following the heist, it was announced that a chunk of the stolen money had been recovered, though the impact of the breach caused the value of Axie Infinity currency to plummet.

The Crypto Ponzi Scheme

The story of Gerald Cotten has become notorious thanks to the Netflix documentary Trust No One: The Hunt for the Crypto King. It’s certainly a story that almost defies belief. Cotten was, on the face of it, a crypto success story. Young, cherubic, and charming, he created Canada’s biggest cryptocurrency exchange, QuadrigaCX. It brought the young entrepreneur millions during the Bitcoin boom of 2017.

But, just a year later, Cotten apparently died from Crohn’s disease while on his honeymoon in India. Thousands of horrified investors on his platform found they were unable to access hundreds of millions in funds, as Cotten had seemingly taken the password to his grave. Worse still, an investigation by the Ontario Securities Commission concluded that QuadrigaCX had actually operated as a Ponzi scheme. Cotten opened false accounts on the platform to make fraudulent transactions with unsuspecting members and covered a shortfall in assets using other clients’ deposits. As the report put it: “What happened at Quadriga was an old-fashioned fraud wrapped in modern technology.”

Adding to the intrigue is the widespread suspicion that Cotten actually faked his death in India, and is currently living incognito with stolen funds. The fact that the seemingly fit young man died so suddenly, and his name was misspelt on his death certificate, have fuelled dark rumours that persist today.

Into the Wormhole

Yet another crypto heist hit the news in February 2022, when hackers targeted Wormhole – a crypto platform that allows users to transfer assets between different blockchains. Such bridges make up a highly significant part of the crypto world, as so many people use different blockchains and need a way to move their tokens around. The thieves helped themselves to over $320 million by exploiting a vulnerability on Solana, a newer blockchain that’s been touted as a potential rival of the more established Ethereum blockchain.

Just as Poly Network did when it was breached, the techies behind Wormhole directly addressed the hackers in a public statement that was calm, even casual in tone. It opened by saying that they’d “noticed” the hacker had been able to steal millions in assets, before offering a bug bounty of no less than $10 million in return for the funds and details of how the exploit took place.

The money was later reported to have been fully recovered. However, the episode has served as a stark reminder of the risks inherent in the brave new world of the blockchain. Commenting on the story, cybersecurity expert Ronghui Gu emphasised that “the hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols. This attack is sounding the alarms of growing concern around security on the blockchain”.