T
ABLE
VII.
A
TTACKS
,
E
XPLOIT
V
ALUES AND
R
OOT
C
AUSES
Attack
Year
Category
Exploit
Value
Root Cause
Mt. Gox
2011
C1
Several
thousand
BTC
Deficiencies
in network
protocols
Bitfloor
2012
C2
24,000
BTC
($250K)
Bitfloor’s
server
was
hacked
to
leak
an
unencrypted backup of the
wallet keys
Instawallet
2013
C4
35,000
BTC
Instawallet was hacked
Bitcoin
Foundation
2013
C6
A generation bug with old
pseudo random number
Sheep
Marketplace
2013
C4
5400 BTC
One site vendor exploited a
vulnerability
Mt. Gox
2014
C4
650,000
BTC
($450M)
A
bug in software to allow
users to modify transaction
IDs
Dell
SecureWorks
2014
C1
$83,000
BGP hijack
DAO
2016
C4
$50M
Code
weakness:
subtle
game-theoretic weaknesses
Bitfinex
2016
C2 & C4
119,756
BTC
($65M)
Hackers stole BTC.
Ethereum
network
2016
C1 & C4
DDoS
attack:
calling
EXTCODESIZE
opcode
roughly 50,000 times per
block
Gold HKG
2017
C4
A
bug with contract code
that read “=+” instead of
“+=”
Parity Wallet
2017
C4
$30M
Addresses were comprised
(Delegate
call+exposed
self-destruct)
SmartBillions
2017
C4
400 ETH
($120,000)
Broke
into smart contract
Broken caching mechanism
Parity Wallet
2017
C4
$300M
An undiscovered bug of not
proper
initialization
(Delegate call+unspecified
modifier)
Cryptojacking
2017
–
2018
C2 & C4
-
Hacked
and
inserted
cryptomining
script
or
cryptojacking code
PoWH
2018
C4
888 ETH
Integer overflow
Spankchain
2018
C4
165.38
ETH
Reentrancy attack
IOTA
2019
C2
$3.94M
A phishing attack to collect
the users’ privacy keys
IOTA
2020
C4
Custom-made
hash-
function was broken
Cashaa
2020
C2
More than
336 BTC
Suspect a piece of malware
was installed onto the
system
2gether
2020
C2
$1.3M
2gether’s
servers
was
hacked
