The 10 Biggest Crypto Hacks of All Time

Cryptocurrency was built on the promise of decentralization, transparency, and security. Yet, as digital assets have grown into a multi-trillion-dollar ecosystem, they’ve also become prime targets for cybercriminals. Over the past decade, some hacks have led to billions of dollars in losses, shaking investor confidence and forcing industry-wide improvements in security.

This article explores the 10 biggest crypto hacks of all time — analyzing how they happened, what vulnerabilities were exploited, and how the industry responded.

1. Bybit — $1.5 Billion (2025)

The largest crypto hack in history occurred on Feb. 21, 2025, when attackers siphoned off roughly 401,000 Ethereum (ETH) — worth about $1.4–1.5 billion at the time — from the Dubai-based exchange Bybit.

How It Happened

A routine transfer from a cold wallet (offline storage that’s normally safer) to an active wallet was manipulated during the signing process. The attackers cleverly masked their malicious contract logic behind a seemingly legitimate transaction, allowing them to redirect the funds to their own addresses without detection.

Impact

This heist shed some light on a critical risk: even offline storage mechanisms aren’t immune if transaction signing and interface processes are compromised. The FBI later linked the attack to North Korean state-sponsored hackers.

2. Poly Network — $610 Million (2021)

In August of 2021, the Poly Network exploit saw more than $610 million in crypto assets move illicitly across its Ethereum, Binance Smart Chain, and Polygon bridges.

How It Happened

Hackers identified and exploited a vulnerability in Poly Network’s cross-chain smart contracts, which coordinate asset transfers between different blockchains. By forging approvals across chains, the attacker moved large sums of tokens into addresses they controlled.

The Unusual Twist

Unlike most hacks, the attacker contacted the Poly team afterward and eventually returned the vast majority of the funds.

3. Ronin Network — $615 Million (2022)

The Ronin Network hack in March of 2022 affected the play-to-earn blockchain behind Axie Infinity, one of the most popular blockchain games.

How It Happened

Attackers gained access to private validator keys needed to sign transactions on the Ronin sidechain. With those keys, they bypassed security controls and transferred approximately 173,600 ETH and 25.5 million USDC to their own wallets.

Consequences

This exploit exposed a major risk in validator-based systems and decentralized gaming ecosystems, where compromised credentials can lead to catastrophic losses. The incident forced Ronin to raise bridge security and internal key protections.

4. Binance BNB Bridge — $569 Million (2022)

Bridges — tools that allow assets to move between blockchains — have been frequent targets due to their complexity. In 2022, the Binance BNB Bridge was struck by a major exploit that resulted in about $569 million in lost assets.

How It Happened

Hackers took advantage of weaknesses in the bridge’s verification logic, allowing unauthorized transfers between chains without proper confirmations.

Key Takeaway

This attack revealed the difficulty of safeguarding interoperability features — complex systems with many moving parts are especially vulnerable if any component lacks strong validation.

5. Wormhole Bridge — $325 Million (2022)

Another cross-chain exploit targeted the Wormhole bridge, which connects Ethereum with other networks for token transfers.

How It Happened

Vulnerabilities in Wormhole’s contract validation allowed hackers to forge messages and withdraw funds from the system without authorization, leading to losses totaling approximately $325 million.

Impact

This incident reinforced the importance of rigorous bridge auditing and security testing, especially for protocols that hold large amounts of pooled liquidity.

6. Mt. Gox — ~$460 Million (2014)

One of the most infamous early cryptocurrency hacks, the Mt. Gox breach ultimately led to the collapse of what was once the world’s largest Bitcoin exchange.

How It Happened

Between 2011 and 2014, hackers gradually siphoned Bitcoin from Mt. Gox’s hot wallets — wallets connected to the internet — exploiting lax internal security and poor auditing. In total, around 850,000 BTC were lost (though some were later partially recovered).

Legacy

At the time, this was a catastrophic loss — amounting to a big portion of all Bitcoin in circulation. It also revealed the dangers of centralized custodial control without rigorous separation of duties or security checks.

7. Coincheck — $534 Million (2018)

In January of 2018, Japanese exchange Coincheck was hacked, resulting in a loss of over $534 million worth of NEM tokens.

How It Happened

Attackers infiltrated the exchange’s hot wallets using malware after gaining access through phishing and other social engineering methods. Once inside, they moved the assets out of the platform before defenses could activate.

Industry Effect

The scale of the hack shook regulatory confidence in exchange security worldwide and prompted more stringent oversight of how platforms safeguard user assets.

8. FTX — $477 Million (2022)

After the collapse of FTX — one of the largest crypto exchanges — a suspected post-bankruptcy hack saw around $477 million in assets drained from the platform’s wallets in November of 2022.

How It Happened

Though the exact mechanism remains debated, this hack was widely believed to involve compromised internal controls and the absence of proper safeguards after the exchange’s operations failed, leaving wallets exposed to unauthorized movements.

Broader Implications

This incident blurred the line between mismanagement and malicious exploitation, and pointed out that weak governance can be as dangerous as external hacks.

9. DMM Bitcoin — $305 Million (2024)

In May 2024, Japanese exchange DMM Bitcoin lost approximately $305 million in Bitcoin after attackers withdrew 4,502.9 BTC from its systems.

Attack Details

Preliminary investigations pointed to a compromise of the exchange’s private key storage or server access that allowed unauthorized wallet withdrawals.

Aftermath

Authorities and analysts later linked this theft to sophisticated North Korean hacking groups.

10. WazirX — $234.9 Million (2024)

In July of 2024, Indian crypto exchange WazirX suffered a serious breach, with hackers withdrawing around $234.9 million in crypto assets.

What Occurred

The attackers managed to compromise wallet controls, sending funds to new addresses before the exchange froze operations. Lazarus Group — a North Korean state-linked hacking unit — was subsequently tied to the incident.

Industry Response

WazirX’s incident highlighted how even smaller centralized platforms remain lucrative targets — especially those that fail to segment wallet authority and strengthen key management.