Crypto Scam RoundUp: Top Executed scam Attacks of 2020 in review

By: Henry Felix

January 01, 2021 1:10 PM

When it comes to crypto scams cryptocurrency exchanges are the first that comes to mind, as they felt the impact of everything from vulnerability exploit to social engineering scams over this year.


It's all begun early in the year 2020 with high-profile Twitter accounts targeted and hacked, 2020 was a year few of us will forget any time soon, and as businesses clamor to either stay afloat or weather the storm the COVID-19 pandemic has caused -- let alone everything else that's happened over the past 12 months.


Interest to cyberattacks over the past few years is cryptocurrency. An alternative to traditional, bank-controlled fiat currency, cryptocurrency has evolved from the Wild West in speculative trading to something more akin to a stable financial structure, projects of which are supported by blockchain technologies, an area now being explored by tech giants including IBM, Google, and Microsoft.

However, many blockchain and cryptocurrency-related technologies are still experimental and speculative; vulnerabilities can lead to wallets -- and the crypto stored within -- becoming compromised, and there are still cases of exit scams and fraudulent coin launches, known as Initial Coin Offerings (ICOs).


Cases of data breaches, theft, and investor losses are still very much in existence. Let's discuss about some important scam events during the year 2020 as Cryptocurrency exchanges dominate the list


Poloniex was first to be attacked as they disclosed a data breach and forced a mass password reset for users after credentials were leaked across social media.


The month of February was fueled by planned exit scam as well as some notable cyberattack reports to note.

Helix: An Ohio man was arrested for running the Helix Bitcoin mixing service. An estimated $300 million was laundered through the mixer.

Microsoft engineer theft: A software engineer was convicted of stealing over $10 million from Microsoft.

IOTA: The IOTA Foundation shut down its entire network due to a hacker exploiting a vulnerability in the IOTA wallet app.

Altsbit: The Italian cryptocurrency exchange closed following an alleged cyberattack in which the majority of user funds were stolen.


Major phishing attacks and data breaches led the show on March with three high profile platforms the victims
Prometei: Researchers found a botnet exploiting the Microsoft Windows SMB protocol to mine for cryptocurrency.
YouTube: YouTube accounts were hacked to promote a Bill Gates-themed Ponzi cryptocurrency scam.
TechRepublic: How remote working poses security risks for your organization | How phishing attacks are exploiting Google's own tools and services | Linux and open source: The biggest issue in 2020.


Two major Scam events occurred with ( and (Bisq) the victim, $25 million in cryptocurrency was stolen from the platform, while Over $250,000 was stolen from Bisq Bitcoin exchange users.


Supercomputers: Supercomputers across Europe were hacked in order to mine for cryptocurrency.

CNET: Russian and North Korean hackers are targeting COVID-19 vaccine researchers | The best outdoor home security cameras for 2020 | Android and iPhones are all about privacy now, but startup OSOM thinks it can do better.



BTC-e: New Zealand law enforcement froze $90 million in BTC-e assets as part of a money laundering investigation.
CryptoCore: Researchers said that the CryptoCore hacking group has stolen at least $200 million in cryptocurrency from online exchanges. 
Coincheck: A hacker infiltrated the cryptocurrency exchange's domain registration service, causing a pause to deposit and withdrawal services.


Twitter: High-profile Twitter profiles belonging to figures including Joe Biden, Bill Gates, and Elon Musk were compromised to tout a cryptocurrency scam.
Coinbase: Coinbase blocked an attempt by attackers to steal $280,000 in Bitcoin.
VaultAge Solutions: The CEO went into hiding after allegedly scamming investors out of $13 million.
AT&T: AT&T was dragged to court over a $1.9 million SIM hijacking and cryptocurrency theft case.
GPay Ltd: UK regulators shut down GPay for scamming cryptocurrency investors by using fake celebrity endorsements.


FritzFrog: A cryptocurrency-mining botnet was discovered that compromised at least 500 enterprise and government servers. 
Ukraine arrests: Ukraine law enforcement arrested suspected members of a gang that laundered $42 million in crypto for ransomware groups.
2together: €1.2 million in cryptocurrency was stolen from the exchange.
PlusToken: Chinese police arrested over 100 people suspected of being involved in the PlusToken cryptocurrency investment scam.
Lazarus: Researchers discovered a new Lazarus campaign targeting a cryptocurrency firm through LinkedIn job adverts.


A month where exchanges dominated the headlines for cyberattacks as lots of vulnerability was exploited.

KuCoin: Roughly $150 million in cryptocurrency was stolen by a cyberattacker after being stored in hot wallets.
Cryptocurrency phishing: Two Russians were charged for stealing close to $17 million in cryptocurrency-themed phishing campaigns.
Eterbase: The cryptocurrency exchange lost $5.4 million, stolen from hot wallets by unknown attackers.


Kik: The US SEC issued Kik a $5 million penalty over an allegedly illegal securities offering. 
Harvest Finance: Hackers stole $24 million, but later returned $2.5 million. A $100,000 reward has been posted for information leading to fund recovery.


GoDaddy: GoDaddy admitted that its staff had become victim to a social engineering campaign leading to email and DNS record-based attacks against and NiceHash.
Akropolis: Akropolis suffered a flash loan attack and $2 million in cryptocurrency was stolen. The company later offered the hacker a 'bug bounty payment' in return for the stolen funds. 
Operation Egypto: US and Brazilian law enforcement seized $24 million in cryptocurrency from individuals allegedly connected to an online investor fraud scam.
Silk Road: The US Justice Department seized $1 billion in Bitcoin, said to be from the now-defunct Silk Road marketplace.


Compounder Finance: The DeFi project has allegedly performed a 'rug pull,' stealing $11 million from investors. 
CEO Global: One of the cryptocurrency exchange's founders is reportedly being held by Chinese law enforcement, and as they have the private key for cold wallet storage, withdrawals.


Happy New Year