List of Major Bitcoin Heists, Thefts, and Losses

From Bitcoin Wiki
Jump to: navigation, search

Following is the result of research on prior Bitcoin-related thefts. Dates and times are sometimes approximate. The list is designed to be as accurate and informative as possible, and most of it is well-referenced. For disputed thefts, best judgement was applied and only the ones that were most publicly accepted were included.

This article is under construction!

Events by date

Stone Man Loss

Due to not keeping proper wallet backups, 8999 BTC sent as change were effectively destroyed when the private key controlling them was lost. Because this theft is from 2010, it is not included in severity lists.

Ubitex Scam

  • Time: April 2011 to July 2011
  • Victim: Investors on GLBSE of Ubitex
  • Status: Ubitex founder known, but nothing returned
  • Amount: About 1138.98 BTC (amount “invested” into Ubitex)
  • Equivalent USD: 11668.70 $ (wt. avg)
  • Equivalent in June 2013 BTC: 155 BTC

Ubitex was the first company to be listed on the now-defunct GLBSE “stock exchange”, which has been criticised for its illegal operations[1]. The company was run by a minor, but this fact was not initially known.

Around 1000 BTC of the missing investments are said to have been “spent”, many of which were further scammed, or converted into USD without follow-up.

The Ubitex scam would not have been possible today. Bitcoin users at the time were enjoying their newly-acquired wealth thanks to significant appreciation. Most “investors” at the time were extremely naïve.

Stefan Thomas Loss

  • Time: June 2011
  • Victim: Stefan Thomas
  • Status: Coins destroyed (no thief)
  • Amount: Estimate 7000 BTC[2]
  • Equivalent USD: 128000 $ (wt. avg, rounded to nearest thousand)
  • Equivalent in June 2013 BTC: 1250 BTC

Stefan Thomas, an early adopter (and eventually developer) of Bitcoin, uses this loss to teach other Bitcoiners the importance of backups — many of them. He had three copies of his wallet, and yet lost all of them.

Allinvain Theft

  • Time: June 13, 2011, 05:52:00 PM ± 600 s [satoshi estimated block transmission time]
  • Victim: user “allinvain”
  • Status: Thief uncaught
  • Amount: Exactly 25000.01000000 BTC[3]
  • Equivalent USD: 502750.20 $
  • Equivalent in June 2013 BTC: 4480 BTC
  • Chief transaction of interest: 4885ddf124a0f97b5a3775a12de0274d342d12842ebe59520359f976721ac8c3

A polarizing theft, its authenticity has undergone much dispute. Some believe that it was set up as a ploy for donations. However, these critics often lack evidence to back up their claims. Indeed, the victim was an early adopter who mined many coins at a low cost, so there is little reason for him to sabotage Bitcoin's image.

Although the hack attracted great attention in its day, said fame has mostly subsided. Even today, however, the hack still affects Bitcoiners. A common debate among Bitcoin users is that of “tainting” coins, and this hack is often used as an example for why “tainting” coins is futile. In just a few years, coins stolen in this hack are now present in nearly every user's wallet. This rapid redistribution is often cited as a reason that a tainted coin system would certainly fail.

June 2011 Mt. Gox Incident

  • Time: June 19, 2011, 06:00:00 PM ± 1 h (theft), days ensuing (hacks & withdrawals)
  • Victim: Mt. Gox (some claim also customers)
  • Status: Thief uncaught
  • Amount:
    • Stolen by thief: 2000 BTC[4]
    • Additional withdrawn from Mt. Gox: 643.27 BTC[5] (lower bound)
    • Total: Lower bound 2643.27 BTC
  • Equivalent USD: 46970.91 $ (trades on Mt. Gox not reliable at the time)
  • Equivalent in June 2013 BTC: 473 BTC
  • Transactions: none released officially

Mt. Gox, then the leading BTC/USD exchange service, suffered a severe breach as a consequence of an ownership change. The sale conditions involved a share of revenue to be remitted to the seller. To audit this revenue, the seller was permitted an account with administrator access.

The seller's administrator account was hacked by an unknown process. The priveleges were then abused to generate humungous quantities of BTC. None of the BTC, however, was backed by Mt. Gox. The attackers sold the BTC generated, driving Mt. Gox BTC prices down to cents. They then purchased the cheap BTC with their own accounts and withdrew the money. Some additional money was stolen by non-attacking traders capitalizing on the dropping price and withdrawing in time, including toasty, a member of BitcoinTalk.

Mt. Gox resolved the hack by reverting trades to a previous version. Many customers claim they have lost money from this reversion, but Mt. Gox claims it has reimbursed all customers fully for this theft. After the incident, Mt. Gox shut down for several days.[6]

The event's scale was widely disputed; some report a theft of almost 500000 BTC due to related account hacking. However, these reports are sparse and disreputable. Closer inspection puts the losses at closer to 2500 BTC.

Aside from the direct damages of the theft, the hack involved a database leak. Some weaker passwords were used to conduct the relatively more severe Mass MyBitcoin Thefts.