Cryptocurrency Exchange Thefts Nearing $1 Billion In 2018, Report Finds

A report published Wednesday by a cybersecurity firm found that $927 million worth of cryptocurrencies were stolen by hackers from several exchanges in the first nine months of 2018. The value of virtual currencies stolen from exchanges in 2017 was $266 million, a nearly 250 percent increase already in 2018.

Published by CipherTrace, the report noted the most significant hacks of 2018 were the theft of $530 million worth of tokens stolen in Japan from Coincheck and the $195 million worth of tokens stolen from BitGrail in Italy. Additionally, the report mentioned it did not include over $60 million worth of cryptocurrencies that were stolen during the year but not reported publicly.

The data also showed that well-known cryptocurrency exchanges from various countries with weak anti-money laundering regulations (AML) had been used to launder $2.5 billion worth of bitcoins (in today's price) since 2009. Twenty exchanges that had been used for laundering money were identified in the report, but were not named.

"These results indicate that money laundering activity using cryptocurrencies is directly correlated to AML regulations and their enforcement on exchanges. They also show that cryptocurrency exchanges in countries with weak AML regulation receive nearly 5% of their payments directly from criminal sources," the report read.

The data indicated a pattern of smaller thefts on a regular basis, where "sophisticated professional cyber thieves" carried out hacks at exchanges and platforms by benefiting from exposed vulnerabilities, as well as by gaining trust of employees of those companies.

Under a section on emerging threats, the report spoke about the increasing menace of "SIM swapping." It involves transferring the victims' phone number to a SIM card held by a hacker. After taking ownership of the number, hackers reset passwords and break into the victims’ financial accounts, which include accounts on cryptocurrency exchanges.

"In one instance, a hacker used the technique to allegedly steal $24 million from a wealthy investor," the report read.

The researchers used the "Money Laundering and Financial Crimes Country Database" of the State Department's Bureau for International Narcotics and Law Enforcement Affairs as the data source to determine if exchanges were located in countries with weak AML regulation or not. Of the 212 countries examined, 79 were found to have weak AML regimes.

Saying that regulators worldwide were aiming to cut off financial resources available to terrorists and protect citizens from theft and scams, the report also pointed to the challenges that regulators face.

"Cryptocurrency exchanges and services like mixers represent fertile ground for criminal activity and money laundering. In addition, the fast-moving and highly speculative market in cryptocurrencies — including Ethereum-based ICOs and smart contracts — is making companies and initiatives built on the blockchain technology ripe for frauds ranging from Ponzi schemes to bogus ICOs," it said.

The report also examined some other cryptocurrency exchange hacks that took place in 2018, inlcuding Bithumb, Bancor, Geth, Coinrail, Zaif, and Taylor.

Another security report published Oct. 2 by ICORating — an agency that does independent analytical research — said that over the past 8 years, about 30 cryptocurrency exchanges had been hacked and approximately $1.3 billion stolen, and that over half the current exchanges had security vulnerabilities for users' accounts.