Who Stole Billions in Crypto? Biggest Thefts Revealed

Who stole billions in crypto? A story about crypto and hackers

Understanding the Evolution of Cybercriminals Targeting Cryptocurrencies

In the world of cryptocurrencies, where anonymity and decentralization promise financial freedom, a dark and ominous threat looms considerably the rise of crypto thieves. As digital assets gained popularity, they inevitably attracted the attention of cybercriminals seeking to exploit vulnerabilities in this nascent ecosystem. We delve into the origins of crypto thefts, tracing the timeline of these malicious activities and exploring the transformation of cybercriminals into formidable adversaries in cryptocurrency. So, who stole billions in crypto?

The Early Days

Cryptocurrency thefts were initially sporadic and opportunistic, reflecting the early experimental phase of digital currencies. In the early 2010s, when Bitcoin was the dominant player, hackers sought to exploit flaws in online wallets and exchanges. These breaches were often carried out by individual hackers or small groups, who found success due to cryptocurrency's lack of robust security measures.

The Pioneers of Crypto Crime

As the value and popularity of cryptocurrencies surged, so did the scale and sophistication of the attacks. Notable pioneers of crypto crime, such as the infamous Mt. Gox incident in 2014, set the stage for more audacious heists. Mt. Gox, once the largest Bitcoin exchange, suffered a debilitating breach that led to the disappearance of approximately 850,000 Bitcoins, worth billions of dollars at the time. So, who stole billions in crypto?

The Evolution of Tactics

In the following years, crypto thieves evolved tactics to stay ahead of security measures. Phishing attacks, ransomware, and social engineering became prevalent techniques to gain unauthorized access to private keys and digital wallets. Cybercriminals exploit the human element, preying on individuals' lack of awareness or negligence in securing their crypto assets.

The Rise of Crypto Ransomware

Crypto ransomware emerged as a particularly devastating weapon in the hands of cybercriminals. By encrypting victims' files or locking them out of their systems, hackers extorted cryptocurrency payments to restore access. High-profile cases, like the WannaCry and NotPetya attacks, demonstrated the immense financial damage caused by ransomware and the growing demand for cryptocurrency as a means of payment for criminals.

Dark Web Marketplaces

The dark web, a hidden corner of the internet, became a thriving marketplace for stolen cryptocurrencies and other illegal activities. Cryptocurrencies offered an efficient and pseudonymous method for facilitating transactions on these platforms, enabling criminals to buy and sell illicit goods and services with relative anonymity.

The Specter of Nation-State Actors

In recent years, there have been growing concerns about nation-state actors entering the world of cryptocurrency cybercrime. State-sponsored hacking groups have been implicated in stealing cryptocurrencies to fund their operations or undermine their adversaries. Cryptocurrencies allow these actors to circumvent traditional financial systems and evade detection. So, who stole billions in crypto? The evolution of crypto thieves from opportunistic hackers to highly organized and sophisticated cybercriminals poses significant challenges to the cryptocurrency community. As digital assets continue to gain prominence, it becomes imperative to strengthen security measures, raise awareness among users, and foster collaboration between stakeholders to thwart the relentless onslaught of crypto thefts. At PlasBit, we implement the highest security measures for user funds. Only exchange funds are kept in hot wallets, while all user funds are held in cold wallets, protected by multi-factor authentications and other essential security measures. It provides maximum prevention against hacks and ensures that user funds are protected and secure. So, who stole billions in crypto? We will unmask some of the biggest culprits behind these heists and explore the measures taken to protect cryptocurrencies' future.

Unmasking the Culprits: The Infamous Cryptocurrency Thieves

Within the cryptocurrency landscape, a sinister group of individuals and state-sponsored actors has earned notoriety by orchestrating audacious heists, leaving victims bereft of their digital fortunes. This chapter exposes some infamous cryptocurrency thieves, explicitly identifying their origins and affiliations. By delving into their nefarious deeds, we aim to understand their motivations and tactics for executing these high-stakes thefts. So, who stole billions in crypto?

The Lazarus Group - North Korean State-Sponsored Hackers

The Lazarus Group believed to operate under the patronage of the North Korean regime, has left a trail of cryptocurrency thefts and cyber espionage. Known for their sophisticated hacking techniques, they were implicated in the 2014 attack on Sony Pictures and have since set their sights on the cryptocurrency world. The group is suspected of being behind the 2017 WannaCry ransomware attack and has targeted various cryptocurrency exchanges, including Coinrail and Bithumb in South Korea, siphoning millions in digital assets.

The Eastern European Cybercriminals

Eastern European hacker groups have emerged as formidable adversaries in cryptocurrency heists. Groups like "Fancy Bear" and "Cozy Bear" have been linked to state-sponsored cyber espionage but have also shown keen interest in cryptocurrency thefts. These hackers have targeted individuals and exchanges by deploying sophisticated phishing campaigns and exploiting security vulnerabilities, leading to substantial losses.

The Inside Job - Gerald Cotten and QuadrigaCX

Gerald Cotten, the late CEO of Canadian cryptocurrency exchange QuadrigaCX, was at the center of a shocking and controversial case. Following his sudden death in 2018, it was revealed that he was the sole custodian of the exchange's private keys, leaving more than $190 million in customer funds inaccessible. Many suspect Cotten may have orchestrated an exit scam, faking his death to abscond with the funds.

The Bitfinex Hack - Unidentified Culprits

The Bitfinex hack in 2016 saw the theft of nearly 120,000 Bitcoins, causing significant upheaval in the cryptocurrency community. While the identities of the perpetrators remain a mystery, theories abound regarding the potential involvement of organized hacking groups or even state actors seeking to disrupt the digital currency space.

The PlusToken Ponzi Scheme - Vanished Perpetrators

The PlusToken Ponzi scheme originated in China, trapping millions of investors with promises of high investment returns. The organizers managed to trick an estimated $2 billion worth of cryptocurrencies before abruptly shutting down the scheme in 2019. To this day, the masterminds behind PlusToken have successfully evaded capture, leaving investors defrauded and seeking justice. The identities and affiliations of these infamous cryptocurrency thieves reveal various actors ranging from state-sponsored hacking groups to individuals seeking personal gain. Their relentless pursuit of digital riches highlights the pressing need for robust security measures, international cooperation, and vigilant law enforcement to safeguard the crypto ecosystem. We will follow the money trail and delve into the complex world of laundering and concealing stolen cryptocurrencies.

Following the Trail: Unraveling the Money Flow in Cryptocurrency Heists

Who stole billions in crypto?

In the aftermath of high-profile cryptocurrency heists, the stolen digital assets are not simply lost forever. Instead, cybercriminals use sophisticated techniques to launder and move funds, making it challenging for law enforcement agencies to trace and recover the stolen cryptocurrencies. We explore the intricate world of money laundering in cryptocurrency heists, shedding light on how stolen funds are concealed, mixed, and converted into seemingly legitimate assets.

The Tumbling and Mixing Process

To obfuscate the origins of stolen cryptocurrencies, cybercriminals turn to tumbling and mixing services. These services pool together various digital assets, making tracing specific funds back to their source difficult. Tumblers and mixers shuffle the cryptocurrencies multiple times, breaking the transaction chain and adding a layer of complexity for investigators trying to follow the money.

The Dark Web Marketplace

The dark web is a notorious hub for illicit activities, including trading stolen cryptocurrencies. Cybercriminals use anonymous marketplaces to exchange stolen digital assets for other cryptocurrencies or fiat currencies. Transactions conducted on the dark web offer a cloak of anonymity, shielding the identities of both buyers and sellers.

Privacy Coins

Privacy-centric cryptocurrencies, often called "privacy coins," have gained popularity among cybercriminals due to their enhanced anonymity. Coins like Monero, Zcash, and Dash offer strong privacy protections, making it challenging for authorities to track the flow of funds on their respective blockchains. Criminals often convert stolen cryptocurrencies into privacy coins to further obscure their traces.


To avoid detection and spread of the risk, thieves frequently conduct multiple exchanges of the stolen funds across various platforms and jurisdictions. By hopping between exchanges, they aim to distance the funds from the original theft, complicating tracking and recovering the assets.

Cash-Out Strategies

Eventually, cybercriminals seek to "cash out" their ill-gotten gains into traditional fiat currencies. They may use over-the-counter (OTC) services or peer-to-peer networks to convert cryptocurrencies into cash without leaving a clear digital trail. Alternatively, criminals may attempt to use the stolen funds for high-value purchases, such as real estate or luxury goods, to conceal their origins further.

Layering and Smurfing

Layering and smurfing are techniques borrowed from traditional money laundering practices. Layering involves multiple complex transactions to separate the illicit funds from their source while smurfing entails breaking large sums of money into smaller, less suspicious amounts to avoid detection. The complex and rapidly evolving world of money laundering in cryptocurrency heists poses significant challenges for law enforcement and regulatory authorities. The use of advanced technologies and privacy-centric cryptocurrencies has made it increasingly difficult to trace stolen digital assets and bring cybercriminals to justice. As the cryptocurrency landscape continues to evolve, combating money laundering and ensuring the security of digital assets will require innovative approaches and international collaboration. We will explore the efforts to enhance cryptocurrency security and protect users from falling victim to these sophisticated cyber criminals.

Strengthening Cryptocurrency Security: Safeguarding Users from Cybercriminals

The prevalence of high-profile cryptocurrency heists has underscored the critical importance of enhancing security measures within the crypto ecosystem. As cybercriminals continue to devise sophisticated tactics, cryptocurrency platforms, exchanges, and users need to adopt proactive strategies to safeguard digital assets. At PlasBit, we are dedicated to researching, studying, and providing the best solutions for top security. On our blog, you can learn more about the safety and ongoing process of the Web3 space. We explore the various initiatives and best practices to fortify cryptocurrency security and protect users from falling victim to these relentless cybercriminals.

Two-Factor Authentication (2FA)

Two-Factor Authentication is a fundamental security feature that adds an extra layer of protection to user accounts. Requiring users to enter a one-time code sent to their mobile devices or email, 2FA helps prevent unauthorized access to cryptocurrency wallets and accounts, even if the login credentials are compromised.

Hardware Wallets

Hardware wallets provide an offline and secure means of storing private keys. These physical devices, like Ledger and Trezor, keep users' cryptocurrency holdings isolated from the internet, reducing the risk of hacking attempts. Hardware wallets are widely recommended for the long-term storage of significant amounts of cryptocurrencies. PlasBit uses cold storage to protect users' funds and prevent hacks. Security is our top priority.

Multi-Signature (Multi-Sig) Wallets

Multi-Signature wallets require multiple authorized signatures to complete a transaction, enhancing security by reducing the risk of a single point of failure. These wallets are particularly beneficial for businesses and organizations managing significant cryptocurrency holdings.

Regular Security Audits

Cryptocurrency exchanges and platforms should conduct regular security audits to identify and address potential vulnerabilities. Thorough assessments of the platform's infrastructure, codebase, and operational practices help maintain a robust defense against cyber threats.

Bug Bounty Programs

Bug bounty programs incentivize ethical hackers to identify and report security flaws or vulnerabilities. By rewarding researchers for responsibly disclosing issues, exchanges can proactively identify and fix potential weaknesses before malicious actors exploit them. You can check out the PlasBit Bug Bounty program and financial rewards for reporting bugs.

Education and Awareness

Promoting user education and awareness is vital in preventing cryptocurrency thefts. Users must know the risks of storing and trading cryptocurrencies and best practices for securing their digital assets. Education can significantly reduce the success rate of social engineering attacks and phishing attempts.

Regulatory Measures

Governments and regulatory bodies play a crucial role in enhancing cryptocurrency security. By establishing clear guidelines and regulations for cryptocurrency exchanges and businesses, authorities can promote responsible practices, reduce fraudulent activities, and protect users' interests.

Insurance Coverage

Cryptocurrency exchanges and custodial services increasingly offer insurance coverage to protect users' funds against potential breaches or hacking incidents. Insurance policies provide an added layer of confidence for users entrusting their digital assets to third-party platforms. As the cryptocurrency landscape continues to evolve, so will cybercriminals' strategies. From hardware wallets and multi-signature solutions to user education and regulatory efforts, a multi-pronged approach is essential to safeguarding users' digital assets and ensuring the long-term sustainability of cryptocurrencies. By fostering collaboration between industry stakeholders, governments, and users, we can collectively strive to stay one step ahead of cybercriminals and create a more secure future for cryptocurrencies.