2020's worst cryptocurrency breaches, thefts, and exit scams

Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year.
Written by Charlie Osborne, Contributing Writer

2020 has been a year few of us will forget any time soon, and as businesses clamor to either stay afloat or weather the storm the COVID-19 pandemic has caused -- let alone everything else that's happened over the past 12 months -- in the criminal underground, business is booming. 

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

Of particular interest to cyberattackers over the past few years is cryptocurrency. An alternative to traditional, bank-controlled fiat currency, cryptocurrency has evolved from the Wild West in speculative trading to something more akin to a stable financial structure, projects of which are supported by blockchain technologies, an area now being explored by tech giants including IBM, Google, and Microsoft

However, many blockchain and cryptocurrency-related technologies are still experimental and speculative; vulnerabilities can lead to wallets -- and the crypto stored within -- becoming compromised, and there are still cases of exit scams and fraudulent coin launches, known as Initial Coin Offerings (ICOs). 

Cases of data breaches, theft, and investor losses are still very much in existence. Below are the worst recorded incidents, month by month, over the course of 2020. 


  • Poloniex: Poloniex disclosed a data breach and forced a mass password reset for users after credentials were leaked across social media. 


  • Helix: An Ohio man was arrested for running the Helix Bitcoin mixing service. An estimated $300 million was laundered through the mixer.
  • Microsoft engineer theft: A software engineer was convicted of stealing over $10 million from Microsoft.
  • IOTA: The IOTA Foundation shut down its entire network due to a hacker exploiting a vulnerability in the IOTA wallet app.
  • Altsbit: The Italian cryptocurrency exchange closed following an alleged cyberattack in which the majority of user funds were stolen.


  • Prometei: Researchers found a botnet exploiting the Microsoft Windows SMB protocol to mine for cryptocurrency.
  • YouTube: YouTube accounts were hacked to promote a Bill Gates-themed Ponzi cryptocurrency scam.

TechRepublic: How remote working poses security risks for your organization | How phishing attacks are exploiting Google's own tools and services | Linux and open source: The biggest issue in 2020


  • Lendf.me: $25 million in cryptocurrency was stolen from the Lendf.me platform.
  • Bisq: Over $250,000 was stolen from Bisq Bitcoin exchange users.


  • Supercomputers: Supercomputers across Europe were hacked in order to mine for cryptocurrency.

CNET: Russian and North Korean hackers are targeting COVID-19 vaccine researchers | The best outdoor home security cameras for 2020 | Android and iPhones are all about privacy now, but startup OSOM thinks it can do better


  • BTC-e: New Zealand law enforcement froze $90 million in BTC-e assets as part of a money laundering investigation.
  • CryptoCore: Researchers said that the CryptoCore hacking group has stolen at least $200 million in cryptocurrency from online exchanges. 
  • Coincheck: A hacker infiltrated the cryptocurrency exchange's domain registration service, causing a pause to deposit and withdrawal services. 

Cryptocurrency cyberattacks and breaches of 2019 (in pictures)


  • Twitter: High-profile Twitter profiles belonging to figures including Joe Biden, Bill Gates, and Elon Musk were compromised to tout a cryptocurrency scam.
  • Coinbase: Coinbase blocked an attempt by attackers to steal $280,000 in Bitcoin.
  • VaultAge Solutions: The CEO went into hiding after allegedly scamming investors out of $13 million.
  • AT&T: AT&T was dragged to court over a $1.9 million SIM hijacking and cryptocurrency theft case.
  • GPay Ltd: UK regulators shut down GPay for scamming cryptocurrency investors by using fake celebrity endorsements.


  • FritzFrog: A cryptocurrency-mining botnet was discovered that compromised at least 500 enterprise and government servers. 
  • Ukraine arrests: Ukraine law enforcement arrested suspected members of a gang that laundered $42 million in crypto for ransomware groups.
  • 2together: €1.2 million in cryptocurrency was stolen from the exchange.
  • PlusToken: Chinese police arrested over 100 people suspected of being involved in the PlusToken cryptocurrency investment scam.
  • Lazarus: Researchers discovered a new Lazarus campaign targeting a cryptocurrency firm through LinkedIn job adverts.


  • KuCoin: Roughly $150 million in cryptocurrency was stolen by a cyberattacker after being stored in hot wallets.
  • Cryptocurrency phishing: Two Russians were charged for stealing close to $17 million in cryptocurrency-themed phishing campaigns.
  • Eterbase: The cryptocurrency exchange lost $5.4 million, stolen from hot wallets by unknown attackers. 


  • Kik: The US SEC issued Kik a $5 million penalty over an allegedly illegal securities offering. 
  • Harvest Finance: Hackers stole $24 million, but later returned $2.5 million. A $100,000 reward has been posted for information leading to fund recovery.


  • GoDaddy: GoDaddy admitted that its staff had become victim to a social engineering campaign leading to email and DNS record-based attacks against Liquid.com and NiceHash.
  • Akropolis: Akropolis suffered a flash loan attack and $2 million in cryptocurrency was stolen. The company later offered the hacker a 'bug bounty payment' in return for the stolen funds. 
  • Operation Egypto: US and Brazilian law enforcement seized $24 million in cryptocurrency from individuals allegedly connected to an online investor fraud scam.
  • Silk Road: The US Justice Department seized $1 billion in Bitcoin, said to be from the now-defunct Silk Road marketplace.


  • Compounder Finance: The DeFi project has allegedly performed a 'rug pull,' stealing $11 million from investors. 
  • CEO Global: One of the cryptocurrency exchange's founders is reportedly being held by Chinese law enforcement, and as they have the private key for cold wallet storage, withdrawals have been suspended. 

How to spot a fake ICO (in pictures)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards