Ever since a single Bitcoin became worth a small fortune, there have been people trying to steal them. Sure, there have some small-time thieves who've stolen a few hundred dollars worth of Bitcoin here and there. But there have also been heists. Massive, highly orchestrated attacks that lead to millions of dollars worth of cryptocurrency changing hands. And they just keep happening.
How many heists? Well, in the last three years alone—sort of the relevant lifetime of Bitcoin—there have been six really major robberies. And by major, I mean hundreds of thousands if not hundreds of millions of dollars worth of Bitcoin getting snatched. Think of this as the six best reasons to not invest your life savings in Bitcoin.
The most recent Bitcoin heist also happens to be the least severe, at least in terms of heists over the $100,000 mark. This week, researchers at the security firm Trustwave uncovered a massive attack involving the Pony botnet, a particularly nasty piece of malware that has been used to steal two million login credentials for websites like Facebook and Twitter.
This time around, the botnet infected over 700,000 accounts of varying types between September 2013 and January 2014, including the login information for 100,000 email accounts. It also compromised 85 Bitcoin wallets. That doesn't sound like much, but it actually amounted in $220,000 worth of cryptocurrency going missing. And there's no reason to believe the Pony botnet won't strike again.
Mt. Gox was the OG Bitcoin heist. Back in 2011, pretty much anybody who knew about Bitcoin was either a big nerd or a tech blogger (read: even bigger nerd). While the specific details of how the hacker broke in to Mt. Gox—one of the biggests exchanges around, even that early on—remain vague, the heist was a major event in early Bitcoin history. It raised lots of questions about Bitcoin's stability and security. Go figure.
The story goes that an unknown user account managed to hack into Mt. Gox and make off with about 25,000 Bitcoin. At the time, that was half a million dollars worth of the stuff. A lot, but that amount of 'coin would be worth $14.4 million with current exchange rates.
After the plunder, the hacker sold the bitcoin and bought them back in a pitiful attempt at money laundering before then exchanging them for U.S. dollars. Still, he never got caught, though Mt. Gox users did manage to trace his account to an IP address in Hong Kong, where he is probably now living pretty large.
Number four is a funny one. Not long after the Feds shut down the deep web's most famous black market, Silk Road, some buccaneer fired up a site that looked and worked exactly like the original Silk Road. And since everybody knew how much money was involved in the original Silk Road, a hacker soon set his sights on breaking in and cleaning out Silk Road the Sequel. He pulled it off.
You might say these users had this coming. After all, Silk Road 2 was a very obviously illegal site that sold things like meth and heroin, and the cavalier founder—who actually named himself after the Silk Road founder that ended up in jail—didn't exactly inspire much confidence. He ultimately blamed the breach on a "transaction malleability" bug in the Bitcoin architecture that shut down several exchanges around the same time. The founder later promised to refund everybody's money.
Like Silk Road 2, Sheep Marketplace opened up in October 2013 after the original black market shut down, and like Silk Road 2, it was an obvious target for hackers. The site became kind of popular and even earned its own subreddit. But that just made it an even juicer target.
In December, some cyberthieves broke into Sheep Marketplace and managed to steal 96,000 Bitcoins worth about $56.4 million while simultaneously manipulating the users account balances so that it looked like nothing happened. People eventually noticed that their money was gone and started trying to track down the hackers; the sheer size of the heist made it easy to notice when so many Bitcoins were suddenly being laundered. Some Redditors actually think they found the thief, though it's unclear if anyone was brought to justice. And in Bitcoin heists, few people are.
Though while Bitcoin purists and pseudoanarchists would call this one a heist, some of us might just call it justice. As previously mentioned, the FBI shut down the Silk Road marketplace last October. In doing so, they seized 29,655 Bitcoins from the website itself and an additional 144,000 from Silk Road's founder, Ross Ulbricht. The Feds still has them which means that the FBI has $127.4 million worth of cryptocurrency. That means that the FBI now has the single largest Bitcoin wallet in the world.
But the U.S. government probably doesn't want to get into Bitcoin speculation does it? Probably not. That's why the FBI announced in January that it would be offloading the near 30,000 Bitcoins it seized from Silk Road. Meanwhile, Ulbricht filed claim for civil forfeiture action saying that he owned his 144,000 Bitcoin fair and square. Good luck winning that lawsuit, Ross.
And now we're into the big sums. Like, half a billion dollars big. According to a leaked "crisis strategy draft" document, a years-long hacking effort to get (back) into Mt. Gox culminated in the loss of 744,408 Bitcoins. The heist hasn't been completely confirmed, but real or not, it was enough to make Mt. Gox to shut down soon thereafter. Unsurprisingly, the value of Bitcoin promptly dropped to a three-month low.
What's the lesson here? Don't use Mt. Gox (should the opportunity ever pop up again). This is the same organization that had to shut down earlier this month due to a glitch that allowed users to withdraw the same Bitcoin multiple times. It's also the same site that got in trouble with U.S. authorities for operating without the proper money transmission permits. Feds ended up seizing $5 million in assets from Mt. Gox. If you haven't already sold all your Bitcoins, just take away this one piece of advice: Never trust Mt. Gox.
And finally, as a bonus, we have what may be the ultimate Bitcoin heist. It's not the ultimate Bitcoin heist because it involved the largest amount of money or the most dramatic back story. It is, however, the funniest.
Not long after Silk Road got busted, a hacker-type named MettaDPR started a replacement marketplace called Project: Black Flag. There wasn't much for sale on Project: Black Flag, but the users came. And so did their Bitcoins. Just three weeks after starting the site, however, MettaDPR simply announced that he would be closing the marketplace, and he would be taking all those Bitcoins with him.
Pretty funny right? Well, the users didn't think so. They responded with anger (obviously) and threats. But Bitcoin being Bitcoin, the money was lost and gone forever. This instance in mind, you can really see why U.S. senators want to ban the cryptocurrency all together. So if you still think cryptocurrency is the future just be careful where you're stashing it. It's all fun and games until somebody steals your Bitcoins.