Top 10 Cryptocurrency Hacks Ranked and Reviewed

Author: Anfei Source: Blockcast

Cryptocurrency prices began to fall sharply on Friday night, and the decline continued until Saturday afternoon when the article was written. The main reason for the decline is believed to be related to the hack of Bybit Exchange. The exchange suffered a $1.46 billion hacker attack on the evening of February 21, 2025, becoming one of the largest security vulnerabilities in the industry in the first quarter of 2025. The attack targeted one of the exchange's Ethereum multi-signature cold wallets.

Bybit hack amount becomes the highest in history

This incident has also been labeled as one of the largest hacker attacks in the history of cryptocurrency exchanges, accounting for more than 50% of the total value loss of the cryptocurrency market in 2024. The amount of losses from hacker attacks in the cryptocurrency market in 2024 reached $2.2 billion, up from $1.8 billion in 2023. The incident also resulted in the liquidation of approximately $100 million in the market, further leading to a sharp decline in the value of major cryptocurrencies.

Bitcoin (BTC) and Ethereum (ETH) fell significantly after the news broke, with Ethereum falling nearly 4% in less than four hours after the hack was confirmed. Bybit CEO Ben Zhou said the exchange detected unauthorized activity in its Ethereum cold wallet, which was attacked during the transfer to the hot wallet. The hackers manipulated transactions by masking them so that they looked legitimate but contained malicious code that changed the logic of the wallet's smart contract, enabling the theft of funds.

Blockchain analysts reported that more than $1 billion in funds flowed out of Bybit, with a significant portion of the assets being transferred and sold, which has raised alarms in the crypto community. The stolen funds were mainly Ethereum and staked Ethereum (stETH and mETH), and were dispersed to multiple addresses to evade tracking. The hackers have begun exchanging the stolen funds for other Ethereum tokens on decentralized exchanges. The security breach highlights concerns about the integration of cryptocurrencies with traditional financial institutions and the need for stronger regulation. It also highlights the vulnerability of even so-called secure cold wallets (which are not connected to the internet). The incident has sparked a debate in the cryptocurrency space about centralization versus decentralization, with some arguing that well-regulated markets are essential to preventing losses of this magnitude.

Highest-value hacking incidents in history

This article will take a closer look at the largest cryptocurrency losses from hacking or security breaches in history. The ranking below is based on the amount of money lost at the time of the attack. The analysis covers the details of each incident, the method of attack, the responsible party (if publicly known), the recovery, and the broader impact on the cryptocurrency industry. Sources include global news platforms, blockchain analysis reports, and official announcements from affected entities.

Detailed event analysis:

1. Bybit hacker attack (February 21, 2025, $1.46 billion)

The Bybit hacker attack occurred on February 21, 2025, setting a record for the highest loss in history. Hackers stole more than $1.46 billion from the exchange's ETH cold wallet. The attack involved complex phishing techniques, manipulating the signature interface to display a legitimate UI, while changing the underlying smart contract logic to transfer funds to unknown addresses. Bybit CEO Ben Zhou confirmed in a post that only one ETH cold wallet was affected, other wallets were safe, and withdrawals were carried out normally. He claimed that even if the losses could not be recovered, the exchange was still solvent and customer assets were 1:1 reserved. This incident highlighted the vulnerabilities of cold wallet management and Safe (formerly Gnosis Safe) multi-signature wallets.

2. Ronin network hack (March 2022, $625 million)

The Ronin network hack occurred in March 2022 and involved an attack on the sidechain validation node of the Axie Infinity game. The hacker controlled four validation nodes and authorized two unauthorized withdrawals, stealing 173,600 ether (about $595 million) and 25.5 million USDC (25.5 million), with a total loss of $625 million. The incident was attributed to the North Korean Lazarus Group, and Sky Mavis promised to compensate affected users and strengthen security measures.

3. Poly Network hack (August 2021, $611 million)

The Poly Network hack occurred on August 10, 2021. Hackers exploited a cross-chain bridge smart contract vulnerability to steal approximately $611 million in various assets, including cryptocurrencies, stablecoins, and other tokens, involving Ethereum, Binance Smart Chain, and Polygon. Tether froze $33 million in USDT to mitigate losses. The hacker later negotiated with the platform to return most of the funds, and his identity is unknown.

4. Binance BNB Bridge hack (October 6, 2022, $569 million)

The Binance BNB Bridge hack occurred on October 6, 2022. Hackers exploited a vulnerability in the BNB Smart Chain cross-chain bridge to steal 2 million BNB tokens, with a total loss of approximately $569 million. The attack involved forging proofs to withdraw funds. Binance quickly suspended the bridge service and froze part of the stolen funds. The final loss was controlled at approximately $100 million, and the remaining funds were recovered. Binance offered a bounty to track down the hacker.

5. Coincheck hack (January 2018, $534 million)

The Coincheck hack occurred on January 26, 2018. Hackers exploited a hot wallet vulnerability and stole 523 million NEM coins, with a total value of approximately $534 million. The price of NEM coins was approximately $1.02 at the time. The funds were not recovered, and Coincheck used its own resources to compensate customers. It was later acquired by Monex Group in 2018.

6. Mt. Gox hack (2014, $473 million)

The Mt. Gox hack occurred in 2014, with hackers stealing nearly 750,000 customer bitcoins and 100,000 of the exchange's own bitcoins, totaling 750,000 bitcoins, worth about $473 million at the time, or 7% of the total circulation, causing the exchange to go bankrupt in 2014.

7. FTX hack (November 2022, $473 million)

The FTX hack occurred after the bankruptcy filing on November 11, 2022, with unauthorized transactions resulting in wallets being emptied, with a loss of approximately $473 million, mainly in stablecoins, which were quickly converted to Ethereum.

8. Wormhole hacker attack (February 2022, $320 million)

The Wormhole hacker attack occurred on February 2, 2022. Hackers exploited the token bridge vulnerability between Ethereum and Solana to steal 120,000 wETH tokens with a total value of $320 million. All funds were later recovered and Wormhole offered a $10 million bounty.

9. DMM Bitcoin hacker attack (May 31, 2024, $308 million)

The DMM Bitcoin hacker attack occurred on May 31, 2024. Hackers stole 4502.9 BTC, worth approximately $308 million. According to a joint statement by the FBI and the National Police Agency of Japan on December 23, 2024, North Korean TraderTraitor (a branch of the Lazarus Group) used social engineering attacks to disguise itself as a LinkedIn recruiter, tricking employees of Ginco Inc., which manages DMM transactions, into downloading malicious code, thereby controlling transaction requests and transferring funds to hacker wallets. DMM promised to compensate customers, but closed in December 2024 due to financial pressure.

10. KuCoin hack (September 2020, $285 million)

The KuCoin hack occurred on September 25, 2020, and hackers stole $285 million in various cryptocurrency assets. The attack involved a hot wallet vulnerability. KuCoin worked with law enforcement and blockchain companies to recover approximately $240 million, with the remaining loss of $45 million. KuCoin compensated users through insurance and its own funds.