The biggest cryptocurrency hacks so far

One of the obstacles to the mainstream adoption of digital currency has been hacking. Some high-profile thefts have occurred on various cryptocurrency exchanges and platforms, deterring investors from putting their money into them.

Blockchain projects have been argued to be secure, but attacks over the years have shown this to be only partially true. More than $3.8 billion worth of cryptocurrency was stolen from users in 2022, according to blockchain data platform Chainalysis. Check out some of the biggest crypto hacks to date.

Ronin Network: $625 million

The largest cryptocurrency hack to date was carried out in March 2022 and targeted the network supporting the popular Axie Infinity blockchain gaming platform. Hackers breached the Ronin network and got away with about $625 million worth of Ethereum and the USDC stablecoin. The U.S. officials said a North Korean state-backed hacking collective, the Lazarus Group, was linked to the theft. Binance recovered $5.8 million of the stolen funds a month later, but it would still be the largest hack in history as of December 2, 2023.

Poly Network: $611 million

In August 2021, a lone hacker exploited a vulnerability in the Poly Network decentralized finance platform and made off with more than $600 million. The project’s developers issued an appeal on X (formerly Twitter) for the stolen funds, which included $33 million in Tether. The Poly Network then established several addresses to which the funds could be returned, and the unknown hacker began to cooperate. After only two days, about $300 million was recovered, and it appeared that the hacker had targeted the network “for fun” or as a challenge.

FTX: $600 million

In November 2022, FTX, one of the most influential players in the crypto industry, declared bankruptcy. On the day it filed for Chapter 11 bankruptcy, more than $600 million was stolen from its crypto wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.

The crypto exchange confirmed the hack on its Telegram channel, saying: “FTX has been hacked. FTX applications are malware. Delete them. Chat is open. Do not go to the FTX site as it may download Trojans.” Ryne Miller, general counsel of FTX, later tweeted that the crypto exchange “makes every effort to secure all assets, wherever.

Binance BNB Bridge: $586 million

In one of the most high-profile attacks in cryptocurrency history, the Binance exchange was hacked for $570 million in October 2022. A cross-chain bridge, BSC Token Hub, was exploited by hackers, who created and mined 2 million extra Binance coins ( BNB ). A flaw in a smart contract enabled the hack, highlighting the need for tighter blockchain security.

Coin check: $534 million

In January 2018, Japanese exchange Coincheck suffered a theft of $523 million NEM coins worth about $534 million. The vulnerability was created by a hot wallet, which is a live cryptocurrency wallet and not as secure as an offline cold storage wallet. At the time, the Coincheck hack was even bigger than the infamous Mount Gox hack; The president of the NEM Foundation, Lon Wong, described it at the time as “the biggest theft in the history of the world.”

Coincheck survived the hack and continued to operate despite being bought out by Japanese financial services company Monex Group a few months later.

Mount Gox: $473 million

The first major crypto hack occurred in 2011 when the crypto exchange Mount Gox lost 25,000 bitcoins worth about $400,000. At that time, the crypto exchange handled nearly 70% of all bitcoin transactions.

The attack did not stop, and Mount Gox was attacked again in 2014. It lost almost 650,000 of its customers’ bitcoins and about 100,000 of its own. At the time, it was 7% of all bitcoins and was worth about $473 million. The initial reasons for the coins’ disappearance were unclear, but later evidence showed that the coins were stolen from the company’s hot wallet.

Wormhole: $325 million

The decentralized finance platform Wormhole was targeted in February 2022, with $325 million taken by hackers. The attack was made possible by an upgrade to the project’s GitHub repository, which was not then deployed to the live project. The popular cryptocurrency bridge had to plug the hole in the project’s finances after the funds were not recovered. It was also the biggest theft involving Solana, one of the rivals to Ethereum’s dominance in the worlds of DeFi and NFTs. Up to $47 million was taken in the blockchain’s native SOL token.

Euler Finance: $197 million

Euler Finance is a lending and lending protocol platform based on the Ethereum blockchain. On March 13, 2023, hackers carried out a flash loan attack and grabbed $197 million in wrapped Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staketer (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan – an uncollateralized loan that must be paid in full in the same transaction, often used by traders in arbitrage – to withdraw massive amounts, allowing the thieves to manipulate prices .

However, in a strange twist, the hacker(s) began returning the stolen funds in increments a few days later, citing they were concerned about their safety.

Bitmart: $196 million

December 2021 saw a hack of the Bitmart centralized exchange with losses of $196 million. The hack was first noticed by a security analysis firm, which noticed that BitMart addresses were drained of their balance. About $100 million in various cryptocurrencies has been withdrawn via Ethereum, with another $96 million going through Binance Smart Chain. All the tokens were moved to an address marked by Etherscan as the “BitMart Hacker”.

Nomad Bridge: $190 million

Just one month before the Wintermute breach was a more significant hack, an attack on Nomad Bridge. The hackers drained $190 million of the project’s funds. Nomad is a cryptocurrency bridge that allows users to exchange tokens between blockchains, but it has become the latest target for hackers. This is due to the significant value of assets they own and the complexity of the smart contract code they run on. Nomad Bridge later recovered $36 million of the stolen funds.

Beanstalk: $182 million

This hack involved mining a decentralized finance platform (DeFi) using a flash loan. After borrowing $1 billion, the hacker took a controlling 67% stake in the project and approved a transfer of funds to their wallet before repaying the loan and disappearing. The entire process of performing the hack took only 13 seconds.

Wintermute: $162 million

Wintermute, a leading cryptocurrency market maker, was attacked in September 2022. The project lost around $160 million in a hack, which made things worse for Wintermute as they owed $200 million to other market participants. The CEO offered a 10% reward to the hacker if they returned the funds.

Multichain: $125 million

Multichain claimed to be a cross-chain router protocol, which would theoretically allow almost all blockchains to communicate with each other and transfer assets across them – something that was and is necessary for Web 3 to continue to progress.

Multichain’s CEO, known as Zhaojun, is believed to have been arrested in China and disappeared, leading analysts to believe the theft was the result of a scam, where system owners/developers create a product, attract funds and suddenly leave with the money.

The Bottom Line

With the addition of new products, the cryptocurrency industry has grown rapidly since the mid-2010s. The sector may even progress too quickly, as the number of hacks and thefts reveal exploitable weaknesses. Back-to-back hacks have exposed the vulnerability of the crypto industry and undermined investor confidence. To avoid further damage to sentiment, developers need to bring more security to the blockchain networks.

The comments, opinions and analyzes expressed on Investopedia are for informational purposes online. Read our warranty and liability disclaimer for more information.