Crypto Scandals & History

On February 2, 2022, the Wormhole cross-chain bridge, which connects Solana and Ethereum, was exploited for a staggering $320M. The vulnerability was attributed to a deprecated function called 'verify_signatures' that failed to properly validate guardian signatures. This allowed the attacker to mint 120,000 wETH on Solana without depositing the corresponding ETH on Ethereum. The exploit was only made public after Jump Crypto, a prominent investor in the project, silently bailed out the affected users to the tune of $320M. The incident highlights the security risks associated with cross-chain bridges and the importance of thoroughly auditing and testing code before deployment. The use of deprecated functions and the lack of proper validation mechanisms created an environment conducive to exploitation. This incident raises questions about the security posture of cross-chain bridges and the need for more rigorous testing and validation protocols. As the DeFi ecosystem continues to expand, it is essential to prioritize security and ensure that all protocols, including cross-chain bridges, are thoroughly tested and validated to prevent such incidents. The Wormhole exploit serves as a warning to the DeFi community, emphasizing the need for robust security measures and rigorous testing to mitigate the risk of similar incidents in the future. What does this incident reveal about the current state of bridge security, and how can the industry improve its security posture to prevent such exploits?

On March 23, 2022, the Axie Infinity Ronin sidechain was compromised by the Lazarus Group, a notorious hacking collective. The attackers managed to compromise 5 out of 9 validators, including 4 Ronin validators and 1 Axie DAO validator, using social engineering tactics. This allowed them to initiate a series of unauthorized transactions, draining a staggering 173,600 ETH and 25.5M USDC from the bridge. The heist went unnoticed for 6 days, until a user attempted to withdraw 5,000 ETH on March 29. The US Treasury's Office of Foreign Assets Control (OFAC) subsequently sanctioned several addresses connected to the Lazarus Group. Through the efforts of Chainalysis, a blockchain analytics firm, approximately $30M of the stolen funds were partially recovered. This incident highlights the vulnerabilities of cross-chain bridges and the importance of robust security measures. The fact that it took 6 days to detect the exploit raises questions about the adequacy of monitoring and incident response protocols in the DeFi space. As the industry continues to evolve, it is crucial to prioritize security and implement effective measures to prevent such catastrophic events. The Ronin bridge exploit serves as a stark reminder of the risks associated with DeFi and the need for vigilance in protecting user assets. With the increasing sophistication of hacking groups like Lazarus, the DeFi community must remain proactive in enhancing security protocols to mitigate the risk of similar incidents in the future. Can the DeFi industry learn from this experience and develop more robust security measures to prevent such massive heists?

On December 4, 2021, BitMart, a global cryptocurrency exchange, was hacked, resulting in the theft of $196 million in cryptocurrencies across Ethereum and Binance Smart Chain. The hack was attributed to a compromised private key, which allowed the attackers to drain the hot wallet. The company's CEO initially denied that the hack was a 'large-scale security breach,' but ultimately acknowledged the incident and promised to compensate affected users. BitMart promised to pay $200 million in compensation, but only partially followed through on the promise. The hack highlights the risks associated with hot wallets and the importance of robust security measures in the cryptocurrency space. The incident also raises questions about the transparency and accountability of cryptocurrency exchanges. As the cryptocurrency space continues to evolve, it is clear that companies must prioritize cybersecurity and regulatory compliance to mitigate the risks associated with hacking and cyber attacks. The BitMart hack serves as a reminder of the importance of vigilant security measures and the need for companies to stay ahead of potential threats. Can the cryptocurrency space ever be truly secure, or will the threat of hacking and cyber attacks always lurk in the shadows?

On December 6, 2017, NiceHash, a Slovenian cryptocurrency exchange, was hacked, resulting in the theft of 4,736.42 Bitcoin, worth $64 million at the time. The hack was significant not only because of the amount of money stolen but also because of the sophistication of the attack. The hack was likely an inside job or a targeted phishing attack on a senior employee. The company suspended operations and launched an investigation into the hack. NiceHash ultimately established a compensation program for affected users and implemented new security measures to prevent similar attacks in the future. The hack highlights the risks associated with insider threats and the importance of robust security measures in the cryptocurrency space. The incident also raises questions about the role of human error in cybersecurity breaches. As the cryptocurrency space continues to evolve, it is clear that companies must prioritize cybersecurity and regulatory compliance to mitigate the risks associated with hacking and cyber attacks. The NiceHash hack serves as a reminder of the importance of vigilant security measures and the need for companies to stay ahead of potential threats.

On August 19, 2021, Liquid Global, a Japanese cryptocurrency exchange, was hacked, resulting in the theft of $97 million in cryptocurrencies, including Ethereum, Bitcoin, XRP, and TRX. The hack was attributed to the Lazarus Group, a notorious North Korean hacking group. The funds were routed through mixing services, making it difficult to track the stolen cryptocurrencies. The hack was significant not only because of the amount of money stolen but also because of the involvement of the Lazarus Group. The group is known for its sophisticated hacking operations, which have been used to steal millions of dollars in cryptocurrencies. The hack also highlighted the vulnerability of cryptocurrency exchanges to cyber attacks. In the aftermath of the hack, FTX's CEO, Sam Bankman-Fried, loaned $120 million to Liquid to help the company recover from the hack. The incident highlights the interconnectedness of the cryptocurrency space and the risks associated with hacking and cyber attacks. The Lazarus Group's involvement in the hack also raises questions about the role of state-sponsored hacking groups in the cryptocurrency space. As the cryptocurrency space continues to evolve, it is clear that companies must prioritize cybersecurity and regulatory compliance to mitigate the risks associated with hacking and cyber attacks.

In April 2023, the US Securities and Exchange Commission (SEC) charged Bittrex, a pioneering cryptocurrency exchange, with operating as an unregistered exchange. The SEC also alleged that Bittrex had offered seven tokens that were securities, which were not registered with the agency. The charges were the culmination of years of regulatory avoidance by Bittrex, which had once been one of the top five exchanges in the world. The company ultimately settled with the SEC for $24 million and filed for bankruptcy. The Bittrex case is a stark reminder of the importance of regulatory compliance in the cryptocurrency space. The company's failure to register with the SEC and its decision to offer unregistered securities ultimately led to its downfall. Bittrex was once a leader in the cryptocurrency space, but its regulatory avoidance and failure to adapt to changing regulatory requirements eroded its position and ultimately led to its demise. The case also highlights the challenges faced by cryptocurrency exchanges in navigating the complex regulatory landscape. As the cryptocurrency space continues to evolve, it is clear that regulatory compliance will be essential for companies to survive and thrive. The Bittrex case serves as a cautionary tale for companies that fail to prioritize regulatory oversight and compliance.

In November 2023, Binance, one of the largest cryptocurrency exchanges in the world, reached a settlement with the US Department of Justice (DOJ) over charges that it had served US customers while evading know-your-customer (KYC) and anti-money laundering (AML) regulations. The settlement also addressed allegations that Binance had processed transactions for sanctioned entities, including Iran, Hamas, and ISIS. Internal messages revealed that compliance staff had described Binance as a 'fking criminal exchange.' As part of the settlement, Binance's CEO, CZ, pleaded guilty to money laundering violations and was sentenced to 4 months in prison and fined $200 million. The DOJ also installed a monitor to oversee Binance's compliance efforts. The settlement was a significant blow to Binance, which had long been accused of operating in a regulatory gray area. The company's troubles began in 2020, when it was sued by the US Commodity Futures Trading Commission (CFTC) over allegations that it had allowed US customers to trade cryptocurrencies without proper registration. The settlement is a reminder that cryptocurrency exchanges must operate within the bounds of the law and prioritize compliance and regulatory oversight. The $4.3 billion settlement is one of the largest in the history of the cryptocurrency space, and it marks a significant turning point in the industry's relationship with regulators.

The FTX disaster is a stark reminder of the dangers of unchecked power and greed in the cryptocurrency space. It began on November 2, 2022, when CoinDesk published an article revealing the balance sheet of Alameda Research, a trading firm closely tied to FTX. The article showed that Alameda's balance sheet was largely composed of FTT, the native token of FTX, which raised concerns about the financial health of the company. Just a few days later, on November 6, CZ, the CEO of Binance, tweeted about selling FTT, citing concerns about the token's liquidity. This sparked a wave of withdrawal requests, with $6 billion being withdrawn from FTX in just 72 hours. On November 8, FTX halted trading, and the following day, Binance announced that it would be walking away from a potential deal to acquire FTX. The company filed for bankruptcy on November 11, and its CEO, Sam Bankman-Fried (SBF), was arrested on December 12. In November 2023, SBF was found guilty, and in March 2024, he was sentenced to 25 years in prison. Alameda had special API privileges on FTX, which allowed it to trade with fake money, resulting in $65 billion in fake trades. The company also made significant political donations and had celebrity endorsements, which helped to build a false sense of legitimacy. The FTX disaster is a cautionary tale about the importance of transparency and regulation in the cryptocurrency space.

On September 14, 2018, Zaif, a Japanese cryptocurrency exchange, was hacked, resulting in the theft of $60 million worth of BTC, MONA, and BCH from the exchange's hot wallets. The hack was a significant blow to the Japanese cryptocurrency market, which had been growing rapidly in recent years. In response to the hack, the Japanese Financial Services Agency (FSA) launched an investigation and implemented stricter regulations on cryptocurrency exchanges. Fisco, a Japanese investment firm, acquired Zaif for $44 million, with the goal of covering the losses and restoring customer confidence. The Zaif hack highlights the importance of robust security measures and the need for effective regulatory oversight in the cryptocurrency industry. Japan's regulatory response to the hack has been seen as a model for other countries, demonstrating the importance of striking a balance between innovation and protection of customer funds. As the cryptocurrency industry continues to evolve, the question remains: what role will regulatory bodies play in shaping the future of the industry?

On December 9, 2018, Gerald Cotten, the CEO of QuadrigaCX, a Canadian cryptocurrency exchange, passed away in India. However, his death was not just a personal tragedy; it also had significant implications for the exchange's customers. Cotten was the sole holder of the private keys to the exchange's wallets, and his death meant that $190 million in customer funds was locked away, inaccessible. An investigation by the Ontario Securities Commission (OBSI) and Ernst & Young found that Cotten had been running a Ponzi scheme since 2016, using customer funds to pay for his own expenses and investments. The investigation also revealed that Cotten had created fake accounts under aliases such as Chris Mikkelsen and Aretwo Deetwo. Despite the challenges, some of the Bitcoin was moved from the exchange's wallets after Cotten's death, raising questions about the true circumstances of his death. The QuadrigaCX case highlights the importance of robust security measures, including the use of multi-signature wallets and transparent accounting practices. As the case continues to unfold, the question remains: what measures can be taken to prevent similar cases of fraudulent activity in the future?

On September 25, 2020, KuCoin, a popular cryptocurrency exchange, was hacked, resulting in the theft of $281 million worth of ETH, ERC-20 tokens, BTC, LTC, XRP, and USDT. The hack was one of the largest in cryptocurrency history, and it seemed like a significant portion of the stolen funds would be lost forever. However, KuCoin was able to recover 84% of the stolen funds through a combination of efforts. The exchange worked with DeFi protocols such as Uniswap, Orion, and Ocean Protocol to freeze the stolen tokens, preventing the hackers from selling them on the open market. Additionally, KuCoin collaborated with law enforcement to freeze over $200 million worth of stolen funds on other exchanges. The remaining $45 million was covered by KuCoin's insurance fund. The successful recovery of the stolen funds is a testament to the effectiveness of collaboration between exchanges, DeFi protocols, and law enforcement. As the cryptocurrency industry continues to grow, the question remains: what role will insurance play in protecting customer funds from future hacks?

On January 14, 2019, Cryptopia, a New Zealand-based cryptocurrency exchange, was hacked, resulting in the theft of $16 million from individual wallets. The hack was unique in that Cryptopia held wallets as a trustee, making it a legally complex situation. The exchange was subsequently placed into liquidation, with Grant Thornton appointed as the liquidator. In 2021, a liquidation plan was proposed, which would see creditors receive a partial recovery of their funds. However, the plan was not without controversy, with some creditors expressing dissatisfaction with the proposed payouts. To make matters worse, a second hack occurred during the investigation, further complicating the situation. The Cryptopia hack highlights the importance of robust security measures and the need for clear regulations in the cryptocurrency industry. As the case continues to unfold, the question remains: how can exchanges balance the need for security with the need for user accessibility and convenience?

On August 2, 2016, Bitfinex, a prominent cryptocurrency exchange, was hacked, resulting in the theft of 119,756 BTC, worth approximately $72 million at the time. The hack was significant, not only due to the large amount of Bitcoin stolen but also because of the exchange's decision to socialize the losses across all customers, resulting in a 36% haircut. In an effort to mitigate the losses, Bitfinex created BFX tokens, which represented the debt owed to customers. However, in a surprising turn of events, Bitfinex was able to pay back all customers within 8 months, thanks in part to the creation of the BFX tokens. The hack and subsequent token creation have been the subject of controversy, with some critics arguing that the socialization of losses was unfair to customers. Additionally, the connection between Bitfinex and Tether, a stablecoin issuer, has raised concerns about the exchange's financial stability. As the cryptocurrency market continues to grow, the question remains: what measures can be taken to prevent similar hacks and ensure customer funds are protected?

Mt. Gox, once the dominant Bitcoin exchange, accounting for 80% of all BTC trading, was hacked in 2011, resulting in the theft of 850,000 Bitcoin. However, the exchange did not disclose the hack at the time. It wasn't until February 7, 2014, that Mt. Gox filed for bankruptcy, revealing the extent of the losses. The subsequent MtGox leak showed that the exchange had been insolvent for years, with the theft being a major contributing factor. The civil rehabilitation process, which began in 2014, took nearly a decade to resolve, with creditors finally receiving repayment in BTC and BCH worth $9B in 2024. The repayment was a significant development, marking the end of a long and complex process. Mark Karpeles, the CEO of Mt. Gox, was at the center of the controversy, facing criticism for his handling of the situation. The Mt. Gox hack and subsequent bankruptcy served as a wake-up call for the cryptocurrency industry, highlighting the importance of security and transparency. As the industry continues to evolve, the question remains: can we trust exchanges to safeguard our assets?

On January 3, 2009, Satoshi Nakamoto mined Bitcoin’s genesis block. The reward—50 BTC—went to address 1A1zP1. Since then, that wallet has received 68,899.99 BTC across 1,148 transactions. At today’s price ($87,000/BTC), that’s $60.1 billion. Not a single satoshi has moved. The math is brutal. The first 50,000 BTC (blocks 1-10,000) were mined by Satoshi alone. Hal Finney, the first recipient of a Bitcoin transaction, got 10 BTC on January 12, 2009. By the time Satoshi vanished in April 2011, the wallet held ~1.1 million BTC. That’s $95.7 billion at ATH ($69,000). The private keys? Still cold. Forensic analysts like Sergio Demian Lerner and Chainalysis have mapped the "Patoshi" pattern—blocks mined with a unique nonce signature. The pattern stops at block 54,316. After that? Silence. The wallet’s last incoming transaction was on May 20, 2019: a 0.00000547 BTC ($0.47) "donation" from some anon. The dust sits there, untouched. Theories abound. Satoshi lost the keys. Satoshi died. Satoshi is a time-traveling AI. The most plausible? Satoshi is a collective, and the keys are split among dead men. Hal Finney (RIP 2014) denied being Satoshi, but his early emails with Nakamoto read like a bad spy novel. Craig Wright’s claims? Laughable. The court-ordered "bonded courier" never showed. The Tulip Trust? A $5 billion farce. Here’s the kicker: If Satoshi’s wallet moved, Bitcoin’s price would crater. The market can’t handle $60 billion in sell pressure. The SEC would scream "manipulation." The IRS would demand $25 billion in back taxes. And yet, the wallet sits. A monument to decentralization—or the ultimate rug pull, frozen in time. So here’s the question: Is Satoshi’s silence the greatest act of self-restraint in financial history, or the most expensive tombstone ever built?

April 19, 2024—Bitcoin’s fourth halving came and went like a bad Tinder date. Block rewards slashed from 6.25 BTC to 3.125 BTC, miners’ revenue instantly cut in half, and the market? Yawned. Price at halving: $63,750. Price today: $61,200. A whopping -4% in the two weeks since, while altcoins bleed out like a crypto zombie apocalypse. Let’s talk numbers. Miners are feeling the squeeze. Riot Blockchain’s hash rate dropped 12% post-halving, and Marathon Digital’s stock is down 28% since March. Public miners are dumping BTC to stay solvent—Bitfarms sold 390 BTC ($24M) in April alone. Meanwhile, the "halving pump" narrative is dead on arrival. The 2012 halving saw a 9,000% rally over the next year. 2016: 3,000%. 2020: 700%. 2024? A flatline with a side of liquidations. Institutional money is playing hard to get. Grayscale’s GBTC outflows hit $17B since January, and BlackRock’s IBIT saw its first net outflow day on May 1. The ETF hype is fading faster than a Solana memecoin. Even the meme stock crowd is moving on—MicroStrategy’s MSTR is down 35% from its March high, and Michael Saylor’s "stack sats" mantra sounds more like a eulogy. The real kicker? The halving was priced in months ago. Bitcoin hit $73,750 in March, then crashed 17% in a week. Retail traders got rekt—$1.2B in long liquidations on April 13 alone. Now, the only thing pumping is the cost to mine a single BTC. JPMorgan estimates it’s now $42,000, up from $21,000 pre-halving. Miners are operating at a loss, and the weak hands are capitulating. So here’s the question: If the halving was supposed to be the rocket fuel, why does Bitcoin feel more like a sinking ship? Maybe because the market finally realized that cutting supply doesn’t matter when demand is on life support. Or maybe the real halving was the friends we made along the way—like the 20% of mining rigs that just got unplugged. Either way, the

Brevan Howard, the $33 billion hedge fund run by Alan Howard, just dropped $100 million into a new crypto-focused venture called BH Digital. The move comes after Howard spent years whispering sweet nothings about Bitcoin while his fund sat on the sidelines. Now, with BTC up 120% YTD and BlackRock’s ETF sucking up all the oxygen, Brevan’s finally decided to stop lurking and start allocating—because nothing says "conviction" like chasing a rally. Point72, Steve Cohen’s $35 billion beast, isn’t far behind. They’ve been sniffing around crypto for years, but in 2024, they’re actually pulling the trigger. Their latest play? A $20 million investment in a crypto trading firm called *GSR Markets*, announced in March. Cohen’s been vocal about his skepticism—"I don’t get it," he said in 2021—but when the price action speaks, even the doubters start taking notes. Here’s the kicker: both firms are late. Brevan’s $100 million is a rounding error for a fund of its size, and Point72’s $20 million is pocket change. For context, MicroStrategy’s Michael Saylor has been stacking sats since 2020, and BlackRock’s IBIT ETF has hauled in $17 billion in inflows this year alone. These hedge funds aren’t leading—they’re following, and they’re doing it with the enthusiasm of a kid who shows up to the party after the pizza’s gone. The real question isn’t whether they’ll make money—of course they will, if they time it right. It’s whether their sudden interest is a sign of institutional maturity or just another case of FOMO dressed up in a suit. Given their track record of waiting until the coast is clear, bet on the latter.

—

—

—