Lost or stolen crypto?
Contact our Investigations team

Article Series: Crypto Investigations and Crypto Recovery

Articles from our colleagues at Crypto Investigators

DeFi Hacks

Crypto Investigators is a Cryptosec company with a leading team of investigators and lawyers focused on investigating and recovering stolen or scammed cryptocurrency assets. These experts, with extensive experience in law enforcement and global investigations, are skilled in tracing blockchain activities, preparing official reports for legal cases, and providing expert testimony in court. Please note that Crypto Investigators provide services exclusively to corporations, law firms, family offices, and law enforcement agencies. 

If you are an individual, victim of a crypto scam, please red this information first: Read First – Avoiding Crypto Recovery Scams

Below is a series of articles originally published on the Crypto Investigators website.

BitMart Hack – A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing. When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public. In the case of BitMart hack, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on. This is the fullest story you’ll find on what happened with the $200M BitMart hack. Timeline of the BitMart Hack December 04, 2021: At approximately 22:30 UTC, BitMart staff identifies a security breach involving two hot wallets (lower-security wallets that are connected to the internet). They respond by immediately shutting down various systems, including withdrawals and the freezing of certain trading pairs. We learn in a later update that the BitMart hack involved the attacker gaining access to two private keys, which allowed them to take various cryptocurrencies from the two wallets. December 05, 2021: At 00:28 UTC, just under 2 hours after BitMart noticed the hack...
Read More
Coincheck hack – the biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.  Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection. With the $534M Coincheck hack in January of 2018, security and responsible self-custody of crypto assets quickly became a hot topic of discussion in the media and the crypto community. You’ll see why. The Full Story Behind the Coincheck Hack Coincheck is today one of Japan’s largest crypto exchanges, still trading 10’s of millions of dollars worth of crypto each day, denoted in Japanese Yen (JPY). At the time of the Coincheck hack, it was the largest crypto exchange in Japan, and the attack represented the largest crypto heist of all time in terms of US dollar amount, surpassing the hack of another...
Read More
Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think. The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets. In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the use of blockchain forensics and crypto investigations. The infiltration of Sky Mavis leading to the Axie Infinity Ronin bridge exploit and the subsequent postmortem is a perfect example. How Axie Infinity’s Ronin Bridge was Hacked In short, it was a phishing attack against employees at Sky Mavis that led to a successful 51% attack on the Ronin network, but let’s start at the beginning. Axie Infinity was at one time the world’s most popular play-to-earn blockchain game. It has its own layer 2 blockchain called Ronin, built on Ethereum. In order for users to transfer funds from the Ethereum blockchain to the Ronin blockchain, a bridge is required. This is what we’re referring to when we talk about the Ronin bridge. Bridges require sufficient...
Read More
The full story behind the Wormhole bridge hack that led to the fraudulent minting of 120,000 wETH and threatened to crash Solana. Early February of 2022 was a low-point for the cryptocurrency asset class; one of many more to come throughout the year. The price of BTC was on a relentless downtrend from a high of $69,044.77 on Nov 10, 2021, to under $40,000 by February 02, 2022. This is the market atmosphere in which the $320M Wormhole bridge hack occurred. The Wormhole bridge exists to help users move their assets from one blockchain to another – most often from Ethereum to Solana. The bridge, like any other, requires that users deposit their assets from one chain, such as ETH for example, and then they get the equivalent in a “debt token” (wETH or wrapped ETH) on the chain they wish to bridge to. From there, they can use the wETH to interact with dApps (decentralized apps) or exchange it for other assets, such as SOL or USDC. The Wormhole bridge hack involved falsifying on-chain messages and transactions which allowed the attacker to steal the funds. How the Wormhole Bridge Hack was Executed By using a fake ‘sysvar’ account to...
Read More
Many believe total anonymity is possible using private cryptocurrencies. It might not always be the case. Are popular cryptocurrencies like Bitcoin and Ethereum private? Absolutely not. There are privacy enhancing tools and techniques that can be used to obscure crypto transactions, but in general most cryptocurrencies leave a very convenient trail to trace for investigators and law enforcement. But not all cryptocurrencies are made the same. This article will provide a brief overview of the most private cryptocurrencies, how they’re used for user privacy and sometimes to avoid detection of fraud or other cybercrimes, and how private cryptocurrencies can still be traced by professional crypto investigators using advanced blockchain forensics. In case you’re unfamiliar with this topic, here’s a look at the 5 most common crypto scams and how they might involve the use of pseudo-private cryptocurrencies. The 4 Most Private Cryptocurrencies: Private Cryptocurrencies – Monero (XMR) Often regarded as the most private of private cryptocurrencies, anonymity-enhanced “privacy coin” Monero (XMR) uses ring signatures and stealth addresses to make transactions nearly impossible to trace. Furthermore, their RingCT (Ring Confidential Transactions) method effectively hides transaction amounts, adding further difficulty to tracing. In 2022, there was an increase in threat actors demanding...
Read More
KuCoin Hack – When attacked, some crypto projects and exchanges buckle and fold under pressure; KuCoin, set the standard in 2020 for how to react to crypto hacks, even on the largest scale. KuCoin is a Singapore-based crypto exchange that consistently ranks among the top 5 exchanges in terms of daily volume serving the crypto markets in Asia. As of November 2022, they offer over 900 trading pairs of 700+ different cryptocurrencies, putting them firmly in the top 10 among both centralized and decentralized exchanges in terms of sheer amount of coins offered. On September 25, 2020, KuCoin suffered one of the biggest incidents of theft in human history, let alone the short lifespan of the cryptocurrency asset class. More than 150 different cryptocurrencies made up the loot, which were valued at roughly $285M at the time according to KuCoin’s CEO. You can imagine it’s difficult to calculate the precise value of the stolen digital assets because of the volatility of their varying prices, but it’s not impossible. In fact, blockchains record all the information required to calculate the exact value of the assets at the time of the hack; they also record all the information required to trace the...
Read More
The full story behind the first major crypto hack – MtGox Hack – and how much really was lost. MtGox was one of the very first platforms on which people could buy, sell, and trade bitcoin. Launched in July 2010, by 2014 the Tokyo-based company was handling over 70% of all BTC transactions globally. It was on a trajectory that could have put it alongside or even in place of the major exchanges we know today, such as Coinbase, Kraken, Binance, etc. In fact, the domain name ‘mtgox.com’ was initially purchased in 2007 by the MtGox founder, Jed McCaleb, with the intention of building a Magic: The Gathering trading website where users could trade their MtG cards online like stocks (MtGox = Magic the Gathering Online Exchange); there’s no doubt they would have been early adopters of NFTs as well. The website was transitioned into one of the world’s first crypto exchanges after McCaleb read about bitcoin in an online publication called Slashdot and saw the opportunity to build a business. However, in early 2014, at the height of its operations and no longer in the hands of McCaleb (who sold in 2011 to French developer Mark Karpelès), everything ground...
Read More
1 2 3 4

Let us help you realize and protect the benefits of the new economy