Bitcoin
The biggest cryptocurrency hacks so far
One of the obstacles to widespread adoption of digital currency has been hacking. Some high-profile thefts have occurred on several cryptocurrency exchanges and platforms, dissuading investors from using them.
It’s been argued that blockchain projects are secure, but attacks over the years have shown that this is only partially true. More than $1.7 billion worth of cryptocurrency was stolen in 2023 ($3.8 billion in 2022), according to blockchain analytics firm Chainalysis. Take a look at some of the biggest cryptocurrency hacks to date.
Main conclusions
- Hacking remains a major barrier to cryptocurrency adoption.
- Cryptocurrency exchanges are a major target for hackers, with over $1.7 billion stolen in 2023 and $3.8 billion stolen in 2022.
- The first major exchange to suffer a hack was Mt. Gox, which lost 7% of all bitcoins at the time.
- Decentralized finance applications and smart contracts are also favorite targets for hackers.
- Some of the most important security rules for long-term investors are to keep cryptocurrencies offline if you are not actively trading or spending them, and not to use custodial accounts unless they provide insurance.
Ronin Network: $625 million
The largest cryptocurrency hack to date was carried out in March 2022 and targeted the network that powers the popular Axie Infinite blockchain gaming platform. Hackers breached Ronin Network and made off with an estimated $625 million worth of Ethereum and USDC (a stable coin). Investigators said a North Korean state-backed hacking collective, the Lazarus Group, was linked to the theft. Sky Mavis (developer of Axie Infinity) recovered $5.7 million of the stolen funds a month later, but it remains the largest cryptocurrency hack in history.
Poly Network: US$611 million
In August 2021, a lone hacker targeted a vulnerability in Poly Network decentralized finance platform and made off with over $600 million. The project’s developers made an appeal on X (formerly Twitter) for the stolen funds, which included $33 million Mooring. Poly Network then set up multiple addresses for the funds to be returned to, and the unknown hacker began to cooperate. After just two days, around $300 million had been recovered, and it was discovered that the hacker had targeted the network “for fun” or as a challenge.
FTX: $600 million
In November 2022, FTX, one of the most influential companies in the crypto industry, filed for bankruptcy. On the day it filed for Chapter 11 bankruptcy, over $600 million was stolen from its crypto wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.
The cryptocurrency exchange confirmed the hack on its Telegram channel, saying: ”FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Do not enter FTX website as it may download trojans.”
In 2024, reports emerged of the arrest of a SIM card swapping gang that gained access to an FTX employee’s accounts and siphoned off millions in cryptocurrency.
Binance BNB Bridge: $569 million
In one of the most high-profile attacks in cryptocurrency history, the Binance exchange was hacked for an estimated $570 million in October 2022. A cross-chain bridge, BSC Token Hub, was exploited by hackers, who minted and withdrew an additional 2 million Binance Coins (BNB). A bug in a smart contract enabled the hack, highlighting the need for tighter blockchain security.
US$ 1.7 billion
The amount of cryptocurrency stolen from exchanges and other platforms in 2023 is down from $3.8 billion in 2022.
Coincheck: $532 million
In January 2018, Japanese cryptocurrency exchange Coincheck suffered a theft of $523 million worth of NEM coins valued at around $534 million. The vulnerability was created by a hot wallet, which is an active cryptocurrency wallet that is not as secure as an offline cold storage wallet. At the time, the Coincheck hack was larger than even the notorious Mt. Gox hack; NEM Foundation chairman Lon Wong described it at the time as “the biggest robbery in the history of the world.”
Coincheck survived the hack and continued to operate, despite being purchased a few months later by Japanese financial services company Monex Group.
Mt. Gox: $473 million
The first major crypto hack occurred in 2011 when the cryptocurrency exchange Mount Gox lost 25,000 bitcoins, worth approximately $400,000. At the time, the cryptocurrency exchange handled nearly 70% of all Bitcoin transactions.
The attacks didn’t stop, and Mt. Gox was hit again in 2014. It lost nearly 650,000 bitcoins from its customers and about 100,000 of its own. At the time, that was 7% of all bitcoins and worth approximately $473 million. The initial reason for the disappearance of the coins was unclear, but later evidence showed that the coins were stolen from the company’s hot wallet.
Wormhole: $325 million
The decentralized finance platform Worm hole was targeted in February 2022, with $325 million stolen by hackers. The attack was made possible by an update to the project’s GitHub repository, which was then not deployed to the active project. The popular cryptocurrency bridge had to plug the hole in the project’s finances after the funds were not recovered. This was also the largest theft that included Solana, one of the rivals to Ethereum’s dominance in the worlds of DeFi and NFTs. As much as $47 million was stolen from the blockchain’s native SOL token.
Mixin: US$200 million
Mixin Network is a peer-to-peer, cross-chain network that facilitates cryptocurrency transfers. In September 2023, the network was hacked through its cloud service provider’s database. The thieves made off with an estimated $200 million worth of bitcoin (BTC), ether (ETH), and tether (USDT).
Euler Finance: US$197 million
Euler Finance is a lending and borrowing protocol platform based on the Ethereum blockchain. On March 13, 2023, hackers conducted a flash loan attack, taking $197 million worth of wrapped Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staked Ether (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan — an uncollateralized loan that must be repaid in full in the same transaction, often used by arbitrage traders — to withdraw huge amounts, allowing thieves to manipulate prices.
However, in a strange twist, the hackers began returning the stolen funds in installments several days later, citing concerns over their security.
Bitmart: US$196 million
December 2021 saw a hack of centralized exchange Bitmart with losses of $196 million. The hack was first detected by a security analysis firm, which observed that BitMart addresses were being drained of their balance. Around $100 million worth of various cryptocurrencies were funneled via Ethereum, with another $96 million leaving via Binance Smart Chain. All of the tokens were moved to an address labeled by Etherscan as “BitMart Hacker.”
Nomad Bridge: $190 million
Just a month before the Wintermute breach, there was a more significant hack, an attack on Nomad Bridge. Hackers drained $190 million of the project’s funds. Nomad is a cryptocurrency bridge that allows users to exchange tokens between blockchains — bridges are a favorite of recent hackers. This is due to the considerable value of the assets they hold and the complexity of the smart contract code they run on. Nomad Bridge later recovered $37 million of the stolen funds.
Beanstalk: US$182 million
This hack involved exploiting a decentralized finance Platform (DeFi) using a quick loan. After borrowing $2.5 billion in different assets, the hacker took control of 67% of the project and approved a transfer of funds to his wallet before paying back the loan and disappearing with the profits.
Wintermute: $162 million
Wintermute, a leading cryptocurrency market makerwas attacked in September 2022. The project lost around $160 million in the hack, which made things worse for Wintermute because owed 200 million dollars to other market participants. The CEO offered a 10% reward to the hacker if he returned the funds.
Multichain: US$ 125 million
Multichain claimed to be a cross-chain router protocol, which would theoretically allow almost all blockchains to communicate with each other and transfer assets between them — something that was and is necessary for Web 3 to continue progressing.
Multichain CEO Zhaojun has reportedly been arrested in China and disappeared, leading analysts to believe the theft was the result of a rug pull, where system owners/developers create a product, attract funds, and then suddenly walk away with the money.
Other notable hacks
- BonqDAO: ~$120 million
- Poloniex: ~$132 million
- Atomic Wallet Users: ~$100M
- HTX Exchange Heco Bridge: ~$100 million
- Curve: ~$70 million
- CoinEx: ~$54 million
- KyberSwap: ~$56 million
- Stake.com: ~$41 million
- Orbit Chain: ~$81.5 million
Which cryptocurrency exchange was hacked?
Many cryptocurrency exchanges have been hacked. FTX, Mt. Gox, and Binance are some of the most well-known hacked exchanges.
What is the biggest cryptocurrency heist?
The 2022 Ronin Network hack remains the largest known cryptocurrency hack, totaling over $625 million in stolen crypto. However, the largest cryptocurrency-related theft is attributed to scams associated with the FTX cryptocurrency exchange, where $8.7 billion was stolen from customers.
What was the biggest Bitcoin hack in history?
Counting bitcoins alone, Mt. Gox is probably the largest bitcoin hack, with over 650,000 bitcoins stolen.
The bottom line
With the addition of new products, the cryptocurrency industry has grown rapidly since the mid-2010s. The industry may even be moving too fast, as the number of hacks and thefts has revealed exploitable weaknesses. The back-to-back hacks have exposed the vulnerability of the cryptocurrency industry and undermined investor confidence. To avoid further damage to sentiment, developers and companies need to exercise more caution and implement more security protocols for blockchain networks and supporting systems.
The comments, opinions and analyses expressed on Investopedia are for online informational purposes only. Read our disclaimer of warranty and liability for more information.
As of the date this article was written, the author does not own any cryptocurrency.