One of the obstacles to the mainstream adoption of digital currency has been hacking. Some high-profile thefts have occurred on various cryptocurrency exchanges and platforms, deterring investors from using them.
It has been argued that blockchain projects are secure, but attacks over the years have demonstrated that this is only partially true. An estimated $2.2 billion in cryptocurrency was stolen in 2024, a 21% increase from 2023, according to blockchain analysis firm Chainalysis. The year with the most stolen crypto is 2022, with $3.7 billion in funds. Take a look at some of the largest crypto hacks to date.
Key Takeaways
- Hacking remains a major barrier to cryptocurrency adoption.
- Cryptocurrency exchanges are a major target for hackers, with more than $2.2 billion stolen in 2024.
- The first major exchange to suffer from a hack was Mt. Gox, which lost 7% of all bitcoins at the time.
- Decentralized finance applications and smart contracts are also a favorite target for hackers.
- Some of the most important safety rules for long-term investors are keeping cryptocurrencies offline if you are not actively trading or spending them and not using custodial accounts unless they provide insurance.
Bybit: $1.5 Billion
The largest cryptocurrency hack to date was conducted in February 2025 and far surpasses previous heists. One of Bybit's cold wallets was hacked, and $1.5 billion in ether was stolen. The theft has been attributed to North Korea’s Lazarus Group, a state-sponsored hacking collective that has previously stolen billions of dollars from the cryptocurrency industry for years. Bybit stabilized the breach and is offering a recovery bounty of up to 10% of the recovered amount to anyone who helps retrieve the stolen crypto.
Ronin Network: $625 Million
The second largest cryptocurrency occurred in March 2022 and targeted the network that supports the popular Axie Infinity blockchain gaming platform. Hackers breached the Ronin Network and made off with around $625 million worth of Ether and USDC (a stablecoin). Investigators said that a North Korean state-backed hacking collective, the Lazarus Group, was linked to the theft. Sky Mavis (Axie Infinity's developer) recovered $5.7 million of the stolen funds a month later, but it remains the largest cryptocurrency hack in history.
Poly Network: $611 Million
On August 10, 2021, a lone hacker pounced on a vulnerability in the Poly Network decentralized finance platform and made off with over $600 million. The project’s developers issued a formal letter to the hacker, appealing for the stolen funds, which included $33 million in Tether. They also requested crypto exchanges to blacklist tokens coming from the hacker's addresses. Shortly thereafter, the hacker returned $260 million. The hacker stated they had targeted the network “for fun” or as a challenge.
The Poly Network then established several addresses for the funds to be returned to, and the unknown hacker began cooperating. After only two days, around $300 million had been recovered, and it emerged that the hacker had targeted the network “for fun.” By August 23, Poly Network regained all stolen assets.
Binance BNB Bridge: $569 Million
In one of the most high-profile attacks in cryptocurrency history, the Binance exchange was hacked for about $570 million in October 2022. A cross-chain bridge, BSC Token Hub, was exploited by hackers, who created and withdrew 2 million extra Binance Coins (BNB). A bug in a smart contract enabled the hack, highlighting the need for tighter blockchain security.
$2.2 billion
The amount of cryptocurrency stolen from exchanges and other platforms in 2024, up 21% from 2023's $1.7 billion.
Coincheck: $532 Million
In January 2018, the Japanese exchange Coincheck suffered a theft of $523 million in NEM coins valued at about $534 million. The vulnerability was created by a hot wallet, which is a live cryptocurrency wallet and not as safe as an offline cold storage wallet. At the time, the Coincheck hack was larger even than the notorious Mt. Gox hack; NEM Foundation president Lon Wong described it at the time as "the biggest theft in the history of the world."
Coincheck survived the hack and continued operating despite being bought out a few months later by the Japanese financial services company Monex Group.
FTX: $477 Million
In November 2022, FTX, at one time an influential player in the crypto industry, declared bankruptcy. On the day it filed for Chapter 11 bankruptcy, more than $477 million was stolen from its crypto wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.
The crypto exchange confirmed the hack on its Telegram channel, saying, ''FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go to the FTX site as it might download Trojans.''
In 2024, reports emerged about the arrest of a SIM card-swapping ring that gained access to an FTX employee's accounts and siphoned off millions in crypto.
Mt. Gox: $473 Million
The first major crypto hack occurred in 2011 when the crypto exchange Mt. Gox lost 25,000 bitcoins worth approximately $400,000. At that time, the crypto exchange handled nearly 70% of all Bitcoin transactions.
The attacks didn't stop, and Mt. Gox was hit again in 2014. It lost almost 850,000 of its customers' bitcoins and about 100,000 of its own. The company later found 200,000 bitcoin in an old wallet, reducing the loss to about 650,000. At the time, that was 6% of all bitcoins and was worth approximately $473 million. Initial reasons for the coins' disappearance were unclear, but later evidence showed that the coins were stolen from the company's hot wallets.
Wormhole: $325 Million
The decentralized finance platform Wormhole was targeted in February 2022, with $325 million taken by hackers. The attack had been made possible by an upgrade to the project's GitHub repository, which was not then deployed to the live project. The popular cryptocurrency bridge had to plug the hole in the project's finances after the funds were not recovered. This was also the largest theft that included Solana, one of the rivals to Ethereum's dominance in the worlds of DeFi and NFTs. Up to $47 million was taken in the blockchain's native SOL token.
DMM Bitcoin: $308 million
Japanese cryptocurrency exchange DMM Bitcoin was attacked in May 2024, resulting in a theft of 4,500 BTC (about $308 million at the time). How the exchange was hacked remains unknown, but the Lazarus Group is thought to be behind the theft. In December 2024, the company was liquidated and transferred all of its accounts to SBI VC Trade.
PlayDapp: $290 Million
PlayDapp is a South Korean NFT and game development platform that experienced a loss of $290 million. On February 9, 2024, the company noticed a loss of 200 million PLA tokens, valued at $36 million. After a failed attempt to negotiate with the hacker, on February 12, the hacker stole another 1.59 billion PLA, valued at $254 million.
KuCoin: $281 million
A popular cryptocurrency exchange based in Asia, KuCoin, was compromised in September 2020. The hackers stole over $281 million in various cryptocurrencies, mostly in Ethereum and Stellar tokens.
Tokens are different from traditional cryptocurrencies like Bitcoin or Ether. While regular crypto cannot be retrieved, tokens are issued by organizations with the power to freeze accounts in an effort to recover stolen tokens. In response to the KuCoin theft, token issuers froze balances and even moved funds so the assets could be retrieved by KuCoin. To get around this block, the hacker sold some assets on decentralized exchanges, but the buyers are now at risk of having the stolen assets frozen in their accounts.
By November, KuCoin managed to recover 84% of the stolen assets.
BitMart: $225 Million
Bitmart, a crypto exchange, suffered a security breach in December 2021, losing $225 million. The theft took about an hour, stealing $110 million of Ethereum assets and $115 million of assets on Binance Smart Chain. The hacker managed to gain access to the private keys for two of the exchange’s hot wallets. BitMart pledged to use its own funds to compensate those affected by the theft.
Mixin: $200 Million
The Mixin Network is a peer-to-peer, cross-chain network that facilitates cryptocurrency transfers. In September 2023, the network was hacked through the database of its cloud service provider. Thieves made off with about $200 million worth of bitcoin (BTC), ether (ETH), and tether (USDT).
Euler Finance: $197 Million
Euler Finance is a borrowing and lending protocol platform based on the Ethereum blockchain. On March 13, 2023, hackers conducted a flash loan attack, grabbing $197 million in wrapped Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staked ether (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan—a loan without collateral that must be paid in full in the same transaction, often used by traders in arbitrage—to withdraw massive amounts, letting the thieves manipulate prices.
However, in a strange twist, the hacker(s) began returning the stolen funds in increments several days later, citing concerns over their safety.
Nomad Bridge: $190 Million
Nomad is a cryptocurrency bridge that lets users swap tokens between blockchains. Bridges are one of the hacker favorites due to the considerable value of their assets and the complexity of the smart contract code on which they run.
In August 2022, the hackers drained $190 million of the project’s funds. While it may not be the largest bridge attack, there were over 300 unique addresses that participated, making it "unprecedented in scale." Nomad Bridge later recovered $37 million of the stolen funds.
Beanstalk: $182 Million
This April 2022 hack involved the exploitation of a decentralized finance (DeFi) platform using a flash loan. After borrowing about 1 billion in different assets, the hacker took a 67% controlling stake in the project and approved a transfer of funds to their wallet before repaying the loan and disappearing with the profits.
Wintermute: $162 Million
Wintermute, a leading cryptocurrency market maker, was attacked in September 2022. The project lost about $160 million in the hack, which made things worse for Wintermute because it owed $200 million to other market participants. The CEO offered a 10% bounty to the hacker if they returned the funds.
Multichain: $125 Million
Multichain claimed to be a cross-chain router protocol, which theoretically would allow nearly all blockchains to communicate with each other and transfer assets across them—something that was and is needed for Web 3 to continue progressing.
In July 2023, Multichain's CEO, Zhaojun, was reportedly arrested in China and disappeared, leading analysts to believe the theft was the result of a rug pull, where system owners/developers create a product, attract funds, and suddenly leave with the money.
Other Notable Hacks
- BonqDAO (February 2023): ~ $120 million
- Poloniex (November 2023): ~ $132 million
- Atomic Wallet Users (June 2023): ~$100 million
- HTX Exchange Heco Bridge (November 2023): ~$110 million
- Curve (July 2023): ~$70 million
- CoinEx (September 2023): ~$54 million
- KyberSwap (November 2023): ~$56 million
- Stake.com (September 2023): ~$41 million
- Orbit Chain (January 2024): ~$81.5 million
Which Cryptocurrency Has Been Hacked?
Many cryptocurrencies have been hacked, such as Bitcoin Satoshi Vision, Bitcoin Gold, and Ethereum Classic.
What Is the Most Secret Crypto?
Monero remains one of the most secretive cryptocurrencies in terms of traceability. Its developers pride themselves on making it nearly impossible to trace. In fact, updates to the Monero blockchain will further decrease the odds of discovering transaction participants.
Is There Any Way to Get Free Crypto?
New projects release "free" tokens all the time in airdrops and promotions, but these should be approached with caution, as they tend to be used in scams. That said, nothing in life is free, especially cryptocurrency.
The Bottom Line
The cryptocurrency industry has grown rapidly since the mid-2010s and may even be advancing too fast, as the number of hacks and thefts demonstrates exploitable weaknesses.
Continuous hacks have exposed the vulnerability of the crypto industry and undermined investors' confidence. To avoid further damage to sentiment, developers and businesses need to exercise more caution and implement more security protocols for blockchain networks and supporting systems.