The 10 Biggest Crypto Hacks in History

Crypto was built on the promise of decentralization and trustless systems — yet its history is marked by some of the largest financial breaches ever recorded.

From centralized exchanges to cross-chain bridges and DeFi protocols, billions of dollars have been lost due to security failures, governance weaknesses, and human error.

Understanding these events is not about fear — it’s about education. Each major hack leaves behind lessons that help investors, builders, and users make better decisions in an increasingly complex Web3 ecosystem.

1) ByBit — ~$1.5 B Heist (2025)

Project: ByBit (Centralized Exchange)

Network/Assets: Ethereum cold wallet (ETH + derivatives)

Amount Stolen: ~US$1.4–1.5 billion — the largest hack ever in crypto history.

What Happened: Attackers exploited security weaknesses in ByBit’s cold wallet software to drain huge amounts of ETH-based assets.

Outcome/Lesson: Even “offline” storage can be compromised if governance and third-party tooling aren’t airtight. Security is not static — it must be audited and re-audited continuously.

2) Ronin Network — ~$615 M (2022)

Project: Ronin Network (Axie Infinity bridge)

Network/Assets: Ethereum / USDC

Amount Stolen: ~$615 million.

What Happened: Hackers gained control of validator nodes to authorize fraudulent withdrawals, draining large amounts of ETH and USDC.

Outcome/Lesson: Centralized validator control is a risk. Decentralized infrastructure must guard against single points of failure.

3) Poly Network — ~$610 M (2021)

Project: Poly Network (cross-chain DeFi protocol)

Network/Assets: Ethereum, BSC, Polygon

Amount Stolen: ~$610 million.

What Happened: Exploit on cross-chain smart contract allowed transfer of massive assets to hacker-controlled addresses.

Resolved?: Most funds returned by the attacker after negotiation.

Outcome/Lesson: Security flaws in cross-chain bridges are high-risk; multi-sig and cross-chain checks must be robust.

4) Coincheck — ~$533 M (2018)

Project: Coincheck (Japanese exchange)

Network/Assets: NEM (XEM)

Amount Stolen: ~$533 million.

What Happened: Hackers accessed hot wallets and withdrew large amounts of NEM.

Outcome/Lesson: Exchanges must segregate funds and enforce multi-factor signature security. Better compensation structures helped reimburse users in part.

5) Mt. Gox — ~$470 M (2011–2014)

Project: Mt. Gox (once the largest Bitcoin exchange)

Network/Assets: Bitcoin

Amount Stolen: ~US$470 million (historic value then); much higher in BTC terms today.

What Happened: Long-term security failures allowed massive BTC theft over years, eventually leading to bankruptcy.

Outcome/Lesson: Custodial exchanges must earn and sustain trust through transparency, auditability, and fund security. Failure impacts entire market confidence.

6) Wormhole Bridge — ~$326 M (2022)

Project: Wormhole (cross-chain bridge)

Network/Assets: Ethereum/Solana

Amount Stolen: ~$326 million.

What Happened: Vulnerability in the bridge’s smart contract allowed minting of fake wrapped assets.

Outcome/Lesson: Smart contract audits are essential; cross-chain bridges are inherently riskier and must have fail-safes.

7) KuCoin — ~$280 M (2020)

Project: KuCoin (Centralized Exchange)

Network/Assets: Hot wallets of BTC, ETH, ERC-20 tokens

Amount Stolen: ~$280 million.

What Happened: Hackers accessed hot wallet private keys.

Resolution: Majority of funds recovered or frozen with help of blockchain monitoring.

Outcome/Lesson: Chain analytics can help track flows; cooperation between exchanges improves resilience.

8) Bitfinex — ~119,754 BTC (2016)

Project: Bitfinex (Exchange)

Network/Assets: Bitcoin

Amount Stolen: ~119,754 BTC (worth ~$72 M at the time).

What Happened: Security breach enabled unauthorized BTC transfers.

Resolution: Over 75 % of the stolen funds were later recovered by US authorities.

Outcome/Lesson: Blockchain transparency can empower law enforcement tracking when attackers don’t cover their tracks well.

9) PancakeBunny — ~$200 M (2021)

Project: PancakeBunny (DeFi on BSC)

Network/Assets: Binance Smart Chain

Amount Stolen: ~$200 million.

What Happened: Flash loan attack exploited price manipulation and pool logic.

Outcome/Lesson: Flash loans can be powerful tools for attackers; risk controls are crucial for DeFi protocols.

10) Gate.io — ~$230 M (2018)

Project: Gate.io (Exchange)

Network/Assets: BTC, ETH, ZEC, etc.

Amount Stolen: ~$230 million.

What Happened: Attack tied to sophisticated hacking; the exchange delayed disclosure until public detection.

Outcome/Lesson: Transparency matters for user trust; hidden breaches can cause reputational damage.

💡 Patterns Behind the Biggest Crypto Hacks

Security is not guaranteed by technology alone.

It must be paired with:

Strong governance
Secure key management
Multi-signature and audit controls
Real-time monitoring
Responsible disclosure
User education

Crypto’s vulnerabilities are not inevitabilities—they’re learning opportunities that push the ecosystem to build better, safer protocols and practices.