Flashback: Cyber/Crypto Crime in 2021

According to a recent Financial Times article, the amount of crypto sent to addresses with known criminal associations hit a record $14 billion in 2021, more than doubling from 2020. This is according to the company’s research. Chainalysis data. Scams, ransomware and thefts increased by 79% in dollars last year. This is perhaps unsurprising when you look at our aggregation chart below of notable scams, hacks and thefts of 2021.

The main takeaways from last year’s hacks and scams can be summarized as follows:

  • Hot wallets are hackable. Hackers stole private keys to hot wallets from many different crypto exchanges last year. Each exchange generally admitted hacking and was limited to hot wallets;
  • Cold wallets cannot be hacked while offline (unless of course the private key is written somewhere accessible). Cold wallets prevent hackers from accessing private keys while not connected to the internet. However, to perform a cryptocurrency transaction, each user must connect to the Internet. Once connected, the cold wallet can then become vulnerable to attacks;
  • Cryptocurrency exchanges can be a weak link in the cryptocurrency transaction process. Hackers have specifically targeted exchanges due to their facilitation of crypto transactions. The hackers have usually taken control of the exchanges themselves or of the hot wallets and private keys held by the exchanges. Until exchange security increases, this will continue to be a vulnerability; and
  • New hacks and scams are constantly being developed. Recent examples include the “Squid Game” cryptocurrency attraction where crypto developers abandoned the project and ran away with funds from investors (see Penningtons recent article on this here), or Symbio Energy’s alleged encouragement to invest in a crypto trading company, Carbonyte (owned by the owners of Symbio) just before it entered administration. Carbonyte claimed to allow customers to manage unregulated investments through a “secure hard wallet” and encourage them to earn money quickly by mining digital currency. As more companies expand into the crypto asset market, for example through accepting cryptocurrency payments, one can’t help but wonder if this adventure offered by Symbio has gone beyond of the. If the company had not been placed in receivership, it would have been likely that the FCA, the Advertising Standards Authority (ASA) or other regulators had and still have something to say about the actions of Symbio. If you have been affected by Symbio’s involvement in Carbonyte, please contact us.

Aggregator: Notable Crypto Scams Heists and Hacks in 2021






February 1, 2021


Liquidated New Zealand cryptocurrency exchange Cryptopia was hacked in February. This followed the $30 million stolen in 2019.


February 15, 2021

London-based cryptocurrency exchange Exmo suffered a distributed denial of service attack. The attack came two months after the crypto exchange reported hackers stole $10.5 million in Bitcoin, Ether, XRP, Bitcoin Cash, Tether, and Zcash.


April 28, 2021

50 million US dollars

A Binance Smart Chain Uniswap clone, Uranium Finance, lost $50 million in tokens due to an exploit.

Money lost.


April 29, 2021

On April 29, 2021, the Hotbit exchange announced that it had suspended all services to investigate a cyberattack on its systems. The hackers attempted to access the exchange’s hot wallets that store a small portion of client funds, but were denied access by internal systems. No funds were stolen, but the hackers were able to compromise an internal database that included user information such as phone numbers, email addresses, and asset wallet information.


July 10, 2021

US$4.4 million

An attacker managed to take control of the ChainSwap platform. The attacker minted tokens directly to their address and then sold them on Binance Smart Chain’s most popular decentralized exchange, PancakeSwap.

ChainSwap worked with the police and OKEx to identify the attackers and successfully brokered the recovery of the Corra and Rai tokens. An initial email with the attackers suggested the attackers had returned $1 million.


July 12, 2021

6 billion yen (about US$55 million)

Four men have been arrested in Japan’s Aichi prefecture for running an allegedly fraudulent crypto investment scheme that persuaded investors they could reap profits based on an artificial intelligence-powered trading system .


August 10, 2021

600 million US dollars

Hackers hacked the blockchain-based platform Poly Network and mined over $600 million in cryptocurrencies.

All $600 million returned (link)


August 19, 2021

US$97 million

Japan-based Liquid, a cryptocurrency exchange, has announced that it suffered a major hack and a resulting loss of funds. Just over $97 million in crypto assets were received by the accounts identified by Liquid as belonging to the thief.

Funds still unpaid.


October 1, 2021

The founders of an energy company, Symbio Energy, which owed the regulator hundreds of thousands of pounds, used the company’s Twitter account to promote a new cryptocurrency venture when their business collapsed.

Symbio Energy, which had 48,000 customers, entered receivership on October 1, 2021.


October 5, 2021


In the rather underreported case, Coinbase admitted that customer accounts had been emptied.


October 27, 2021

130 million US dollars

Cream Finance was tapped by a flash loan for over $260 million in depositor assets.


October 29, 2021

US$139 million

Boy X Highspeed (BXH), a decentralized cross-chain exchange, was hacked in October in a hack that drained $139 million in funds. It was probably the result of an admin key leak and possibly some inside work. With the private key, the attacker was able to digitally sign a transaction transferring $139 million in tokens from BXH’s account on BSC to his own account.

BXH’s CEO said an investigation is underway to identify the hacker. If the hacker is not found, BXH said it would develop a plan to reimburse users and offer $1 million to teams able to help recover the funds.


October 29, 2021

A CryptoPunk NFT appeared to sell for $530 million after an on-chain transaction in this scam. While CryptoPunks has sold for up to 4,200 ETH in the past, the fake sell would have been the largest by orders of magnitude. As noted above, it appears the owner used a flash loan to make the fake Punk purchase, borrowing and repaying 124,000 ETH. The move was probably a marketing stunt.


November 1, 2021


Squid Game Cryptocurrency has dropped to zero and associated Twitter accounts have been frozen in the rug draw scam. Players were unable to withdraw crypto from the game.

Probably all funds lost.


November 3, 2021

vs. 4 billion euros

A money laundering trial in Germany has shed light on the purchase of a luxury London penthouse by cryptocurrency scammer Dr Ruja Ignatova. Charges have been laid for the siphoning off of millions of euros from Dr Ruja’s €4 billion scam – which involved selling a fake cryptocurrency called OneCoin.


November 3, 2021

7 million users

A Robinhood data breach allowed a hacker to steal the personal information of approximately 7 million users. Robinhood is a mobile app that allows commission-free trading of stocks, exchange-traded funds, and cryptocurrencies introduced in March 2015.


December 2, 2021

120 million US dollars

Hackers stole approximately $120 million in BTC and ETH assets from Badger, a decentralized finance platform.

Investigation launched.


December 5, 2021

US$196 million

Crypto exchange BitMart lost around $196 million worth of crypto in a large-scale DeFi hack. The $196 million in losses makes it one of the most devastating centralized exchange hacks to date.

The exchange’s CEO said the company will compensate affected users out of its own funds.


Comments are closed.