This year has been an eventful one for the crypto world. Bitcoin reached dizzying new heights and achieved legal status in El Salvador, crypto adoption is surging and so is regulatory scrutiny and government clampdowns. With Halloween upon us, it’s time to recall the most blood-curdling crypto horror stories of the year.  

1. When the powers above turn off the lights 

Imagine putting all your savings, or at least a major chunk of it, into cryptocurrencies — only to wake up and realize that your country has banned crypto. That’s what happened on Sept. 24 when crypto trading and mining were outlawed by China

The decision sent shockwaves through the crypto industry. Bitcoin price dropped 6% with altcoin prices also going downhill. But no development this big comes without warnings and threats. In the case of China’s crypto ban, there were many. 

In 2017, Chinese authorities banned initial coin offerings. Earlier this year, Chinese authorities began clamping down on crypto mining. Crypto miners began a mass exodus out of China as the ones in the shadows were dragged out. Some Chinese crypto traders are still carrying on their crypto trading — even while knowing that the bogeyman of government enforcement is hot in pursuit of them.

2. A curse that won’t let go

A significant chunk of Chinese miners found a safe haven in Kazakhstan. Less than a month after the ban announcement, China’s share of crypto mining plummeted and Kazakhstan emerged as the world’s second-largest Bitcoin mining hub after the U.S. 

But the relief of miners upon relocating to Kazakhstan was short-lived. The curse followed them across the continent. On October 1, the country’s energy minister proposed a draft bill to limit the nationwide total electricity consumption for new miners. The law was proposed after the country faced power shortages in several regions.  

Consequently, several new miners in Kazakhstan have been left in the dark, quite literally, as their power consumption is being rationed. Now some miners are packing bags and hunting for their next destination while others wait for the government to serve up a treat instead of a trick.  

3. Virtual vampires

Hackers are like vampires that lurk in the darkest corners of cyberspace, gaining prominence and notoriety only when they suck their victims’ accounts dry. Around US$3.78 billion worth of cryptocurrencies were stolen by hackers in 2020 alone. 

In August, a hacker stole US$600 million from Chinese DeFi platform Poly Network, making it the biggest hack in DeFi history. But this hacker was more of a lost spirit who found its way to the light and returned the stolen assets within two weeks. Dubbed Mr. White Hat, the hacker claimed to have benign intentions of only pointing out the flaw in the system that he exploited. 

On Wednesday, an attack on DeFi platform Cream Finance led to the loss of US$130 million worth of tokens. This was the third attack on Cream this year — hackers looted it in February and August, siphoning off US$38 million and US$35 million worth of tokens respectively. But the hacker in the second attack returned most of the stolen assets. 

Here’s hoping that the funds are returned again and Cream users, the real victims of the attack, don’t have to scream in despair like some Coinbase users. After all, it is ultimately the users’ money, sometimes life savings, that hackers feed on. 

4. Crypto hauntings

Watch any horror movie and you almost always see someone getting locked in a room with the doors slamming shut and not budging. It’s petrifying.  For a crypto investor, getting locked out of the wallet that contains their hard-earned crypto, is similarly spine-chilling. The blow is especially hard when your wallet contains millions. 

Several crypto holders, some with millions of dollars worth of tokens, have been locked out of their wallets simply because they could not remember the password. At least these investors are victims of their own folly. 

Investors that get locked out of their trading accounts by their exchanges are the ones that truly feel haunted. Without warning, they are left with their hearts pounding and blood boiling and no access to their own funds. 

That’s what happened in May when Binance and Coinbase both suffered outages sending Bitcoin’s price spiraling downwards. Not only did users lose access to their accounts, but to add to the nightmare, over 775,000 traders had their accounts, which contained around US$8.6 billion worth of tokens, liquidated. 

5. Mass slaughter of crypto exchanges

Before there was Squid Game, South Korean crypto exchanges participated in their own nightmarish death race this year as financial regulators introduced two new requirements in March. Crypto exchanges had to get Information Security Management System (ISMS) certification to prove that they can effectively protect user data, and also strike a partnership with a local bank to provide users with bank accounts under real names to counter money laundering and financial crimes. The exchanges had six months to comply.

This death race was a bit different from the eponymous movie starring Jason Statham. Instead of cannibalizing and killing each other, all exchanges scrambled to reach the finish line before the deadline of Sept. 24. It was like a dystopic race where if you don’t reach the finish line before the time is up, you’re killed. 

So, at the stroke of midnight on the fateful day, 36 of Korea’s 65 or so crypto exchanges that failed to meet the new requirements were not allowed to live anymore. There were four clear winners in the race, Upbit, Bithumb, CoinOne and Korbit. The remainder scraped through by meeting one of the two requirements. 

Retail investors who had poured money into coins that weren’t listed on the surviving exchanges had to bear huge losses. But market regulators maintain that the fallout of the massacre on the crypto market was limited

6. Digital ghouls and goblins

Ghouls are mythical creatures that steal bodies from their graves. They are also known to lure unsuspecting people into dark corners to feed on them. Ransomware attackers are partly like ghouls, preying on innocents, and partly like bandits that take your money while pointing a physical or metaphorical gun or knife at you.  

In 2020, victims paid US$406 million worth of cryptocurrencies to ransomware attackers — a growth of over 300% compared to 2019 — according to Chainalysis data. By mid-May of this year, victims had paid out US$81.55 for ransomware attacks.  

Unlike ransomware attackers, crypto scammers are more like goblins — nasty mischief-makers with an insatiable greed for gold, or in this case, crypto. According to the U.S. Federal Trade Commission, between October 2020 and March 2021, crypto scams led to the loss of over US$80 million, a 1,000% increase in reported losses compared to the same period a year ago. And these are just the losses in the U.S. 

In April, the founder of a crypto exchange in Turkey fled with nearly US$2 billion after duping around 300,000 users. In June, two South African brothers stole US$3.6 billion worth of Bitcoin and disappeared. As the number of crypto investors are increasing, so are these crypto goblins and their haul. 

7. Honey, I shrunk your Bitcoin

In 2021, the crypto market saw a number of flash crashes. But none measured up to the crash on September 7 in terms of intensity. It was meant to be the day the world celebrated as Bitcoin Day, marking El Salvador’s adoption of Bitcoin as legal tender. 

Instead, it became a day of terror. Two hours after El Salvador’s president tweeted that there’s a glitch in the Bitcoin wallet rollout, a massive sell-off began. Bitcoin’s price fell by nearly US$5,000 within 45 minutes while altcoin prices also started nosediving. Nearly 375,000 leveraged positions valued at US$3.67 billion were liquidated. 

The crash wiped off US$400 billion from the digital assets market within a day. For crypto hodlers, there’s scarcely anything scarier than watching token prices tank and their savings shrink — or disappear. 

8. Nightmare on Iron Street

On June 16, decentralized finance project Iron Finance’s TITAN token price dwindled to zero from US$64.19, causing investors to suffer mortal wounds and collectively bleed out billions in one day. 

The Iron stablecoin was soft-pegged to the U.S. dollar and has a multi-token collateral mechanism using time-locked smart contracts to maintain price stability. So USDC and TITAN were used as collateral for IRON on Polygon and BUSD and STEEL on the Binance Smart Chain. 

IRON’s stability was ensured by the assumption that arbitrage users would buy cheap IRON from the market when the price falls and exchange it for USDC and TITAN and then sell TITAN for profit. On the fateful day, there was a 10 minutes delay in the price feed oracle for TITAN which meant that prices were higher than real-time prices. This caused a price gap that made arbitrage unprofitable. 

So, instead of redeeming IRON, investors started selling IRON and TITAN tokens, leading to “the world’s first large-scale crypto bank run.” 

9. Treat turned trick 

Unexpected treats can bring a smile on the face of even the most grumpy trick-or-treater. But if the gift is a free air-dropped non-fungible token, it’s best to stay away. The world’s largest NFT marketplace OpenSea had a bug that allowed bad actors to steal crypto wallets when users clicked on malicious air-dropped NFTs, Check Point Research discovered earlier this month. 

In these attacks, hackers created malicious NFTs and gifted them to target victims. When victims tried to view the NFT, it triggered a pop-up requesting a connection to the victims’ wallets. As soon as they approved the request, the hackers gained access to the wallets. They then triggered another pop-up and if the victim did not read the request carefully and gave approval, the hackers ended up draining the funds. 

The flaw was thankfully fixed by OpenSea within an hour of becoming aware of it. 

10. Vanishing NFTs

Every NFT and its transactions are logged on a blockchain immutably. But inexplicably, people have reported that their NFTs have vanished from their wallets. No, they were not magical NFTs that were meant to disappear. They were just like any other NFT. But that didn’t stop them from vanishing without a trace.

So what happened to these NFTs? There’s a difference between an NFT and an NFT artwork or image. An NFT is a few lines of code that points to a piece of media stored somewhere else on the internet. NFT artworks or images are the media that the NFTs are based on and point to. So, when the actual media file gets relocated or removed, the NFT throws up an error code and your NFT seemingly disappears. Community manager for OpenSea, Ed Clements, explains it with an analogy: OpenSea and other NFT marketplaces are windows into a gallery that displays the NFT artworks. If and when the window closes, your NFT becomes useless.