Operating centralized cryptocurrency exchanges is more challenging than it may appear on the surface. In this retrospective analysis, we delve into significant exchange mishaps from the past decade and the profound repercussions they unleashed upon the crypto ecosystem. Currently, more than 240 Bitcoin exchanges are being tracked by Brave New Coin, though compiling an exhaustive list remains an arduous task due to their constant emergence and vanishing act.
Regrettably, the misfortunes of crypto exchanges, be it through failures or hacks, have often erroneously cast aspersions on the integrity of the cryptocurrencies they hold. In reality, it is seldom the cryptocurrency's inherent flaw that's to blame, but rather, it's the product of inadequate management, deceitful founders, or government crackdowns.
According to the principles of Darwinian evolution, the collapse of crypto exchanges should theoretically enhance the overall quality of the remaining ones. As venture capitalist Marc Andreessen aptly pointed out following the infamous MtGox debacle: "MtGox had to perish for Bitcoin to thrive. Superior, more robust entities have supplanted its role since the early days of Bitcoin."
The prevailing theory posits that markets mature and fortify akin to natural selection, eliminating subpar or "unfit" services, thus paving the way for the best or "fittest" to flourish. However, despite this theory's soundness, the disconcerting reality of multiple exchange failures in 2023, resulting in the loss of depositors' assets, raises questions about the crypto exchange sector's true health. Therefore, we reiterate the importance of diligent research before engaging with any exchange for trading purposes.
North Korea's Persistent Assault on Crypto Exchanges
North Korea, long recognized as a malevolent actor in the crypto arena, continues to wreak havoc on the ecosystem by relentlessly targeting crypto exchanges. The Lazarus Group, a cybercrime syndicate operating under North Korean government auspices, orchestrated the most significant exchange heist of 2020, targeting Kucoin. This Singapore-based exchange incurred losses of approximately $275 million in Bitcoin, Ethereum, and other ERC20 tokens.
Kucoin's CEO, Johnny Lyu, attributed the hack to the "leakage of the private key of KuCoin hot wallets." Although Lyu reported the recovery of around $204 million, the attribution of the attack to Lazarus was corroborated by Chainanalysis, which identified similarities between Kucoin's hack and Lazarus's previous modus operandi.
Lazarus, also implicated in attacks on South Korean exchanges Upbit in 2019, Coinlink, and Bithumb in 2017, is suspected to have targeted Slovenian hash power provider Nicehash in 2017. Notably, the 2020 Kucoin hack showcased Lazarus's foray into decentralized finance (DeFi) platforms for laundering stolen funds. DeFi platforms, known for allowing users to be their own custodians with minimal Know Your Customer (KYC) or Anti-Money Laundering (AML) requirements, offered anonymity that facilitated this criminal activity.
QuadrigaCX: A Peculiar Heist
QuadrigaCX, one of the most enigmatic crypto heists, unfolded following the mysterious death of its founder, Gerald Cotten, in December 2018. The Canadian exchange claimed to have lost access to cold wallets purportedly holding customer funds. Subsequent investigations revealed that five of the six identified cold wallets had been emptied in April 2018.
Deeper probes suggested that Cotten engaged in "fraudulent conduct" by operating the exchange like a Ponzi scheme, using other clients' deposits to cover shortfalls in assets for withdrawal requests. Presently, the Ontario Securities Commission estimates that the exchange owes over $215 million to approximately 76,000 clients. However, the bankruptcy trustee, Ernst and Young, has only managed to identify $46 million in assets for distribution.
Zaif: A Japanese Exchange's Misfortune
In September 2018, the Japanese exchange Zaif fell victim to a hack resulting in the loss of approximately $60 million worth of cryptocurrency, including Bitcoin, Bitcoin Cash, and MonaCoin. The breach was detected after unusual fund outflows were observed on the platform.
Subsequent investigations revealed that unauthorized access had occurred in the exchange's hot wallets. Zaif temporarily ceased operations and resumed seven months later in April 2019.
Coinrail's Unwanted Intrusion
In June 2018, the South Korean exchange Coinrail experienced a cyber intrusion that led to the loss of approximately $40 million worth of Ether (ETH) and other ERC20 tokens. As a result, Coinrail suspended its services temporarily. Further investigation revealed that some of the stolen tokens were being traded on decentralized exchanges like IDEX and Ethdelta.
Coinsecure: An Inside Job
In April 2018, the Indian exchange Coinsecure fell victim to a hack amounting to 438 BTC, valued at around $3.5 million. This incident was suspected to be an inside job, with the exchange's Chief Security Officer, Amitabh Saxena, implicated in the investigations. Coinsecure remains non-operational.
Bitgrail: A Costly Theft
In February 2018, the Italian exchange Bitgrail suffered a massive theft of $170 million worth of Nano cryptocurrency. Subsequently, the exchange filed for bankruptcy. Founder Francesco Firano faced legal repercussions and was ordered by Italian courts to return assets to affected customers.
Coincheck's Massive NEM Heist
In January 2018, the Japanese exchange Coincheck was hacked, resulting in the loss of approximately 523 million NEM tokens valued at $533 million at the time. The breach occurred due to a virus spread via email, enabling the theft of private keys. Notably, the NEM was stored in a single hot wallet, eschewing the recommended NEM multisig contract security. After being acquired by the Monex group in April 2018, Coincheck resumed operations in November 2018.
Youbit's South Korean Setback
In December 2017, the South Korean exchange Youbit was hacked, losing an undisclosed amount estimated to be 17% of the exchange's asset reserve. The hack targeted the exchange's hot wallet while the cold wallet remained secure. Following the incident, Youbit declared bankruptcy. South Korea's Internet and Security Agency (Kisa) initiated an investigation into the breach, attributing an earlier attack on Youbit to North Korean spies.
BTCChina's Regulatory Conundrum
The Chinese exchange BTCChina, later rebranded as BTCC, ceased trading in September 2017. This decision followed the enactment of a new law barring Chinese mainlanders from engaging in digital money exchange unless conducted offshore. In response, many exchanges, including Huobi, shifted their operations overseas to circumvent the ban. BTCC reemerged in June 2018 after relocating first to London, then to Hong Kong.
Gatecoin's Cryptocurrency Conundrum
In May 2016, the Hong Kong-based exchange Gatecoin suffered a major hack, resulting in the theft of 250 BTC and 185,000 ETH, valued at approximately $2 million at the time. The stolen funds were extracted from the exchange's hot wallet. Despite ongoing efforts, the hack remains unresolved. In March 2019, Gatecoin was forced to close its doors due to complications with a payment service provider, which had paralyzed the exchange's operations for months.
Harborly's Abrupt Exit
Texas-based exchange Harborly, launched in early 2015, unexpectedly announced its closure by August of the same year. The company clarified that the shutdown was not prompted by a hack, fraudulent activity, or a security-related incident. Instead, a new venture had gained traction, prompting the search for an acquirer.
Coin.mx: A Mexican Bitcoin Exchange Scam
Announced in late 2013, Coin.mx was a Mexican Bitcoin exchange embroiled in a scandal. In July 2015, the FBI charged its founders, Anthony R. Murgio and Yuri Lebedev, for operating an unlicensed underground Bitcoin exchange, violating federal anti-money laundering laws.
Bitspark: A Shift in Focus
In April 2015, the Hong Kong-based Bitcoin exchange Bitspark announced the closure of its exchange operations to shift its focus towards remittance services. As of 2020, their website maintains a message affirming the closure of the exchange.
Excoin's Vanishing Act
In February 2015, Excoin, a company specializing in cryptocurrency exchange, announced that it had been hacked. The last Twitter update was on March 15th, 2015, where they mentioned preparations for a relaunch of the "new Excoin trading platform." Unfortunately, Excoin vanished without a trace.
Virtex's Swift Demise
Virtex, which opened in July 2014, was a platform trading various currencies. However, it ultimately proved to be another scam, folding in January 2015.
Yacuna's European Exit
Yacuna, a UK-based and regulated European cryptocurrency exchange trading Bitcoin, Litecoin, and Dogecoin for Euro and GBP, declared closure on October 13, 2015. Their official statement noted, "Bitcoin is a wonderful technology and we are proud that we have developed one of the first European exchanges for virtual currency. But everything comes to an end." Yacuna officially shuttered on November 15, 2015.
Bitstake's Brief Venture
Based in Nigeria, BitStake announced on October 14, 2015, that its platform would cease operations after just ten months. The company advised customers to withdraw their coins by October 30, redirecting them to another Nigerian exchange, NairaEx, which continues to operate to this day.
Melotic's Short-Lived Exchange
In May 2014, Hong Kong-based Melotic exchange announced its closure, citing a "lack of sufficient growth" as the primary reason.
Coin-Swap's Twitter Farewell
In March 2015, Coin-Swap.net took to Twitter to announce its shutdown, urging customers to "Please withdraw all funds immediately." However, executing this process proved to be more complicated than anticipated, as reflected in their Twitter feed.
AllCrypt's Small Loss
In March 2015, AllCrypt.com experienced downtime, attributing the issue to Word Press exploitation and reporting a minor loss of customer funds.
Comkort's Brief Stint
Estonian-based exchange Comkort concluded its Beta testing in March 2014. However, in July 2014, the company ceased operations.
LibertyBit's Ephemeral Presence
Launched in February 2013, Vancouver-based LibertyBit, touted for its auditable paper trail, announced a temporary trade suspension in June 2013. Unfortunately, LibertyBit faded into obscurity.
MintPal's VeriCoin Loss
In July 2014, MintPal reported a significant hack resulting in the loss of a large amount of VeriCoin. In October 2014, Moolah, the company operating Mintpal, declared the exchange's closure. Users on Bitcoin Talk accused Mintpal CEO Ryan Kennedy of scamming, reporting missing funds left on the exchange. Kennedy's subsequent arrest in July 2017 marked a turning point in the case.
McxNOW: Promising Beginnings, Mysterious End
Launched in September 2013, McxNOW was a digital currency exchange that promised interest on all user balances. However, on November 15, 2014, the exchange abruptly announced a "maintenance period" and subsequently vanished from the scene.
Cryptorush: A Multifaceted Setback
CryptoRush, a multi-currency exchange established in February 2014, experienced a turbulent journey, marred by operator dishonesty. After suffering losses due to a bug in the BlackCoin daemon, CryptoRush faced further challenges. A Reddit user claiming to be a former employee labeled the exchange as a scam, underscoring its troubled reputation.
WeExchange: Fading into Obscurity
Also known as Weex, this bitcoin currency exchange and trading platform, launched in December 2012, witnessed its last recorded volume on November 26, 2013. Its founder, Jon Montroll, faced legal troubles in the U.S., eventually pleading guilty to securities fraud and obstruction of justice.
Kapiton's Swedish Setback
Kapiton, a Swedish exchange trading platform, was introduced to a limited client base on April 18, 2012. However, payment problems emerged in November 2013, leading Reddit users to label it a scam.
Vault of Satoshi: A Trusted Legacy Ends
Vault of Satoshi, a Canada-based Bitcoin exchange, proudly launched in October 2013, highlighting its auditable paper trail. However, the exchange closed its doors on February 5, 2015, emphasizing that the decision was unrelated to insolvency, stolen funds, or other unfortunate scenarios.
Britcoin to Intersango: A Transition and Closure
Initially trading as Britcoin, this exchange commenced operations on April 17, 2013, becoming the first market accepting British Pound Sterling (GBP). In August 2011, it rebranded itself as Intersango before ultimately closing on December 19, 2012.
Bitomat's Tragic Polish Prelude
The first Polish exchange, Bitomat, went live on April 4, 2011. However, on July 26, 2011, Bitomat reported a loss of 17,000 client Bitcoins after losing access to its wallet.dat file. Shortly after, Mt. Gox acquired Bitomat on August 11, 2011.
Bitfloor's Regrettable Hack
Announced in February 2012, Bitfloor was the first FinCEN-registered Bitcoin exchange and trading platform, headquartered in New York. On September 3, 2012, it fell prey to a hack that saw the theft of 24,000 BTC. Compromised servers allowed access to encrypted backup files of wallet keys. Although operations resumed, Bitfloor's partner bank's account closure led to its permanent shutdown on April 17, 2013.
BitMarket.eu's Operator Dishonesty
Launched on April 5, 2012, BitMarket.eu initially performed well but was eventually marred by operator misconduct. On December 21, 2012, the operator revealed that customer funds had been used for speculation, resulting in the loss of nearly 20,000 BTC. Tragically, the founder, Tobiasz Niemiro, was later found dead in Poland under suspicious circumstances in July 2019.
Bitcoin Brasil's Uncertain Closure
Announced on March 31, 2011, Bitcoin Brasil was the pioneer market for exchanging Bitcoin and the Brazilian Real. Details about its eventual closure remain unclear.
FXBTC's Abrupt End
A small Chinese exchange registered under Shanghai Yao Chi Network Technology Co., FXBTC was established on November 26, 2013. After incurring losses, the company announced its closure, initially pledging to remain open until May 10 of the following year. Unfortunately, it closed a day earlier, leaving disgruntled customers without access to their funds. In September 2017, China mandated the closure of all crypto exchanges.
Crypto-Trade's Troubled Course
Owned by Esecurity SA, Crypto-Trade, a trading platform unveiled in March 2013, sold bitcoin-based shares for BTC or LTC and promised dividends. However, after claiming losses and an inability to cover expenses, the company closed its doors in January 2015.
Bitcoinica: A Series of Setbacks
Launched in New Zealand in September 2011, Bitcoinica suffered significant financial losses due to an internal security breach. More than 43,000 bitcoins were stolen. Subsequently, in May 2012, Bitcoinica experienced another security incident, leading to its immediate shutdown. Receivers were appointed in January 2013, with ongoing liquidation proceedings.
Bitcoin-Central: Europe's Regulatory Pioneer
Based in Paris, Bitcoin-Central became the first exchange to operate within European regulations. Despite efforts, the exchange closed its doors due to insufficient interest.
Tradehill: Regulatory Challenges
Founded on June 8, 2011, Tradehill held the position of the second-largest exchange after MtGox for nearly a year. On February 13, 2012, the exchange announced its closure, citing regulatory issues, a loss of $100,000, and a dispute with a payment processor as contributing factors.
MtGox: The Epochal Collapse
The most iconic exchange collapse, Tokyo-based MtGox, originally designed for trading playing cards, was established in July 2010. At its zenith, MtGox managed approximately 70% of all Bitcoin transactions. However, its downfall commenced in February 2014, when the company suspended trading, closed its website, and filed for bankruptcy protection. Simultaneously, an astounding 850,000 bitcoins, valued at over $450 million at the time (now worth 10.2 billion), vanished from customer accounts. CEO Mark Karpelès faced multiple arrests for his involvement. In March 2019, he was sentenced to 30 months in jail, suspended for four years. The MtGox liquidation saga persists, with the majority of remaining funds still undistributed as of August 2020.
The Bitcoin Market: A Pioneer's Disappearance
On February 6, 2010, the very first Bitcoin exchange, established by Bitcointalk user dwdollar, entered the scene. The market eventually faded into obscurity, but the exact date of its last day of trading remains unknown.
Thodex: A Cryptocurrency Vanishing Act
Thodex, a major Turkish cryptocurrency exchange, echoed the historic collapses of MtGox and The Bitcoin Market. In April 2021, it abruptly shut down, CEO Faruk Fatih Ozer went missing, and an estimated $2 billion in cryptocurrency vanished. Ozer's subsequent arrest in Albania, extradition to Turkey, and a historic sentence of 11,196 years in prison marked a modern cryptocurrency tragedy. This incident serves as a stark reminder of the risks inherent in the cryptocurrency space.