Key Takeaways
- Crypto hacks have cost billions since 2012, with major exchanges, bridges, and DeFi protocols losing funds to sophisticated attackers.
- North Korea’s Lazarus Group carries out some of the largest heists by exploiting private keys, malware, and blockchain bridge flaws.
- Smart contract bugs, cross-chain bridge weaknesses, compromised private keys, and insider access represent the most exploited attack surfaces in crypto.
- DeFi protocols face unique risks from flash loan attacks, governance exploits, and collateral manipulation that bypass traditional auditing and safeguards.
- Hardware wallets, two-factor authentication, regular protocol audits, and limiting exchange balances form the strongest personal defense against crypto theft.
Cryptocurrency has redefined money, transforming it into a digital, decentralized, and borderless transaction medium. However, it has also become a target for crypto hackers. With billions of dollars coursing through blockchain networks, crypto platforms, and protocols often resemble digital vaults with flawed locks.
In 2023, hackers stole $1.7 billion worth of cryptocurrency—a stark improvement from 2022’s staggering $3.8 billion loss but still a painful reminder of the risks. However, Bybit’s $1.5 billion loss in February 2025 highlights why hackers still threaten the crypto ecosystem. These breaches have shaken trust in blockchain security, tarnishing the promise of a decentralized financial future.
In this article, we’ll explore the most significant crypto heists, uncover the controversies they sparked, and highlight the vulnerabilities hackers exploit.
14 Biggest Crypto Hacks in History
Cryptocurrency theft has a long history of brazen attacks and losses. Here’s a snapshot of some of the most infamous breaches:
| Platform | Year | Hacker (if known) | Vulnerability | Value Lost | Recovery Status | Type of Attack |
|---|---|---|---|---|---|---|
| FTX | 2022 | Internal misuse (alleged) | Poor governance | $8 billion | Funds not recovered | Internal theft/mismanagement |
| Silk Road | 2012 | James Zhong | Exploited a weakness in Silk Road’s withdrawal system, creating fake accounts to steal Bitcoin | Over 50,000 BTC (later valued at over $3.36 billion) | Recovered by federal agents through seizure operations | Unauthorized account creation and withdrawal manipulation leading to massive Bitcoin theft |
| Bybit Exchange | 2025 | Lazarus Group and TraderTraitor | Malware-laden cryptocurrency trading applications | $1.5 billion | Funds not recovered | Exchange hack |
| Ronin Bridge | 2022 | Lazarus Group | Private key compromise | $625 million | Funds not recovered | Bridge exploit |
| Poly Network | 2021 | White Hat Hacker | Cross-chain vulnerability | $610 million | Most funds recovered | Smart contract exploit |
| Binance BNB Bridge | 2022 | Unknown | Smart contract flaw | $570 million | Funds not recovered | Smart contract exploit |
| Mt. Gox | 2014 | Unknown | Hot wallet compromise | $450 million | Some funds recovered | Exchange hack |
| Coinbase | 2025 | Unknown | Bribing Coinbase employees | $180 – $400 million | Coinbase committed to reimbursing any customer losses | Insider-enabled data breach |
| DMM Bitcoin | 2024 | Likely compromise of private keys via a server-side breach | Smart contract flaw | $305 million | Exchange raised $320M to compensate users; $28.2M in transfers blocked by Tether | Server-side compromise and unauthorized wallet outflows, followed by multi-chain laundering |
| Drift Protocol | 2026 | Likely compromise of admin/multisig keys (possibly via durable nonce + delayed execution) | Privileged access / governance parameter manipulation | $270 – $285 million | Deposits and withdrawals suspended; coordinating with security firms, bridges, and exchanges; no confirmed user compensation yet | Rapid draining of multiple vaults, on-chain swaps to USDC, bridging to Ethereum, and partial conversion to ETH; funds moved to suspicious wallet |
| Aave (via Kelp DAO rsETH Exploit) | 2026 | Unknown | Stolen rsETH deposited as collateral on Aave V3 via a compromised LayerZero bridge; positions turned unliquidatable once the token lost its backing | $200 – $280 million (estimated bad debt) | rsETH market frozen; WETH reserves paused across Ethereum, Arbitrum, Base, Mantle, and Linea; bad debt resolution pending; rsETH on Ethereum mainnet confirmed backed | Bridge exploit leading to undercollateralized lending positions and protocol-wide liquidity crisis |
| Balancer | 2025 | Unknown | Vulnerability in Balancer V2 Composable Stable Pools; rounding precision loss exploited in batchSwap function | Over $120 million | Recovery mode initiated for pausible pools; other funds affected | Price manipulation and liquidity drain via sophisticated smart contract exploit |
| BtcTurk | 2025 | Unknown | Attackers accessed private keys controlling hot wallets in two breaches, draining funds across multiple blockchains | Approximately $103 million (combined 2024 and 2025 losses) | Funds consolidated into attacker-controlled accounts; deposits and withdrawals halted | Repeated hot wallet compromises caused by exposed private keys and inadequate key management |
| Nobitex | 2025 | Predatory Sparrow | Unknown – likely internal infrastructure breach; no confirmed technical details released | Over $90 million | Irrecoverable — funds sent to vanity addresses with no known private key | Data breach and wallet drain with funds effectively “burned” |
1. FTX
FTX’s dramatic collapse in 2022 wasn’t due to external hacking but internal chaos and alleged fraud. Once valued at over $32 billion, the exchange left an $8 billion gap in customer funds, sparking outrage and panic across the crypto world. Allegations of mismanagement centered on founder Sam Bankman-Fried, who allegedly commingled customer deposits with Alameda Research, FTX’s affiliated trading firm. The misuse of funds, lavish spending, and poor risk management painted a picture of systemic dysfunction.
Sam Bankman-Fried quickly became a polarizing figure. Once hailed as a crypto visionary, he faces multiple criminal charges, including fraud and conspiracy.
The scandal increased debates about governance and transparency in the crypto space. Critics pointed to the lack of regulation as a breeding ground for such misconduct. FTX’s implosion eroded public trust and spurred global calls for stricter regulation to protect investors and ensure accountability.
2. Silk Road
The Silk Road marketplace represented a pivotal chapter in crypto history, embodying blockchain technology’s revolutionary potential and darker implications. Operating on the dark web from 2011 to 2013, it was an illegal Amazon-like platform for illicit transactions, with Bitcoin as one of its main currencies. The site’s promise of anonymity attracted thousands of users, ranging from drug dealers to legitimate privacy advocates.
Working under the pseudonym Dread Pirate Roberts, Ross Ulbricht created and maintained the platform until his dramatic arrest in a San Francisco library in October 2013. The FBI’s seizure of 144,000 BTC, worth millions at the time and billions today, marked one of the largest cryptocurrency confiscations in history.
In September 2012, James Zhong exploited a weakness in Silk Road’s withdrawal system, creating fake accounts to execute Bitcoin theft worth over 50,000 Bitcoin. Zhong consolidated the stolen funds and later benefited from a cryptocurrency split in 2017, increasing his holdings to over 53,500 BTC.
In November 2021, federal agents uncovered 50,491 Bitcoin hidden in Zhong’s Georgia home, including a popcorn tin and an underground safe. This marked one of the largest cryptocurrency seizures in US history, valued at over $3.36 billion. Zhong later surrendered additional Bitcoin, bringing the total seized to over 51,351 BTC.
3. Bybit Exchange
In February 2025, Bybit, a centralized cryptocurrency exchange based in Dubai, experienced a significant security breach resulting in the theft of approximately $1.5 billion in Ethereum. The FBI attributed this theft to North Korean-backed hacking groups, specifically the famous Lazarus Group and TraderTraitor. These groups employed malware-laden cryptocurrency trading applications to infiltrate systems and exfiltrate assets.
Following the breach, the stolen assets were rapidly converted into Bitcoin and other virtual currencies, dispersed across numerous blockchain addresses, and laundered to be exchanged for fiat currency eventually. Bybit’s CEO, Ben Zhou, acknowledged the incident and assured stakeholders of the company’s solvency, even without asset recovery.
4. Ronin Bridge
Ronin Bridge, a core part of the Axie Infinity gaming platform, suffered a catastrophic attack in 2022. The Lazarus Group compromised private keys, gaining control of validators and draining $625 million in Ethereum and USDC.
Controversy swirled around the bridge’s security setup. With only nine validators managing billions of dollars, critics questioned the platform’s overreliance on centralized control points. Axie Infinity also faced a backlash from its user base, many of whom were small-scale investors in developing countries.
5. Poly Network
In 2021, the Poly Network hack made headlines as the largest cryptocurrency heist in history. A hacker exploited a vulnerability in the platform’s cross-chain protocol to siphon $610 million in crypto. However, nearly all the funds were returned within 48 hours in a surprising turn of events. The hacker claimed they intended to expose security flaws rather than profit, earning the nickname “Mr. White Hat.”
Poly Network, a decentralized finance (DeFi) platform, facilitates token swaps across Ethereum, Binance Smart Chain, and Polygon. Its cross-chain protocols rely on smart contracts to manage token transfers, but one was flawed. The hacker exploited this to override its instructions and drain funds into three wallet addresses. These wallets were quickly traced, forcing the hacker to return the assets.
The incident sparked debate. Was the hacker an ethical white hat exposing weaknesses or a criminal who found laundering $610 million too risky? Regardless of intent, the breach highlighted ongoing risks in DeFi platforms, especially cross-chain protocols.
For the crypto industry, this was a wake-up call to prioritize security. As technologies evolve, so must measures to protect against increasingly sophisticated threats.
6. Binance BNB Bridge
The October 2022 attack on Binance’s BNB Bridge is one of cryptocurrency’s most significant security incidents, exposing critical vulnerabilities in blockchain infrastructure.
Attackers exploited a flaw in the bridge’s intelligent contract verification system, allowing them to forge proof-of-deposit transactions and artificially mint BNB tokens they never owned. This sophisticated breach resulted in approximately $570 million in losses, positioning it among the largest cryptocurrency heists in history.
Binance’s response to the incident drew mixed reactions from the crypto community. While the company acted swiftly to freeze portions of the stolen funds and halt bridge operations, critics pointed to the breach as evidence of inadequate security auditing in critical blockchain infrastructure.
7. Mt. Gox
Before its downfall, Mt. Gox was the kingpin of crypto exchanges, handling 70% of Bitcoin transactions globally. However, in 2014, the platform revealed it had lost 850,000 Bitcoin due to years of hacks and mismanagement.
While some funds were later recovered, the collapse sparked chaos, leaving thousands of users in financial ruin. Controversy ensued over the exchange’s handling of customer funds, with many accusing Mt. Gox of negligence. To this day, the exchange is a cautionary tale about the importance of robust security measures and transparent operations.
8. Coinbase
Hackers bribed employees based abroad to breach Coinbase’s internal systems, compromising the personal data of roughly 97,000 users, around 1% of its monthly active customers. The company projects potential losses from the incident to fall between $180 million and $400 million. Although they didn’t obtain passwords, crypto keys, or two-factor codes, they accessed names, addresses, masked Social Security numbers, and bank details, which could enable sophisticated phishing attacks.
The attackers demanded a $20 million ransom, which Coinbase rejected. Instead, it offered that amount as a reward for helping identify the criminals. Coinbase has committed to covering user losses, fired employees, and announced new fraud prevention measures. Yet, the incident highlights how digital asset platforms must improve their security measures.
9. DMM Bitcoin
On May 29, 2024, Japanese exchange DMM Bitcoin reported unauthorized outflows totaling 4,502.9 BTC, about $305 million. While the breach’s technical specifics remain undisclosed, leaked crypto wallet keys are suspected. Based on laundering patterns and wallet activity, investigators believe North Korea-linked Lazarus Group is responsible.
Over $35 million was funneled through Huione Guarantee, a Cambodia-based platform tied to illicit financial services and allegedly linked to Cambodia’s ruling elite. The attackers used privacy mixers, cross-chain tools like THORChain, and stablecoin bridges to move funds across Bitcoin, Ethereum, Tron, and Avalanche. Fortunately, Tether blocked $28.2 million in one attempted transfer. DMM raised $320 million via its parent firm for user compensation and submitted a recovery report to Japan’s Financial Services Agency.
10. Drift Protocol
On April 1, 2026, Solana-based Drift Protocol, a leading decentralized perpetuals exchange, suffered a major exploit, with approximately $270–285 million drained from its vaults, wiping out over 50% of its TVL.
The attack began with massive outflows, including ~$155M in JLP tokens, SOL, stablecoins, and other assets funneled to a suspicious wallet. Funds were swiftly swapped to USDC, bridged to Ethereum, and partially converted to ETH. Drift’s team confirmed an “active attack,” suspended deposits and withdrawals, and coordinated with security firms, bridges, and exchanges while stressing it was “not an April Fools joke.”
The exploit appeared rooted in a governance/admin-level compromise, likely involving a weak multisig, compromised admin keys or misuse of durable nonces, allowing manipulation of protocol parameters, collateral values, and withdrawal guards rather than a classic smart contract bug. This sophisticated vector bypassed safeguards despite prior audits. The DRIFT token plunged over 40% following the attack.
11. Aave – Kelp DAO rsETH Exploit
The Kelp DAO rsETH exploit ranks as the biggest DeFi attack of 2026. An attacker stole 116,500 rsETH from Kelp DAO’s LayerZero bridge. This haul carried a market value of roughly $292 million.
The thief deposited these tokens into Aave V3 and borrowed about 82,600 ETH against them. rsETH then lost its collateral backing quickly. These positions became impossible to liquidate. Aave now faces a debt gap between $200 million and $280 million.
The chaos hit the markets within hours. Data from Lookonchain confirms Aave’s total value locked fell from $26.4 billion to $20.1 billion during the day. Large players exited the platform immediately. MEXC took out $431 million and Abraxas Capital pulled $392 million. Justin Sun also moved about 65,584 ETH away from the protocol.
Demand for ETH, USDT and USDC hit maximum capacity. This 100% utilization rate blocked depositors from accessing their cash. The Aave team reacted by freezing the rsETH market. They also paused WETH reserves on Ethereum, Arbitrum, Base, Mantle, and Linea to find solutions. The AAVE token price dropped 19% during the crisis. This event put the Aave Umbrella safety module through its first high-pressure test.
12. Balancer Cyber Heist
Balancer, a major Ethereum-based DeFi protocol, suffered a cyber-attack that drained over $120 million in digital assets. The breach targeted Balancer V2 Composable Stable Pools, exploiting a flaw in the Balancer Vault’s rounding precision. Each calculation rounded token values down, and the batchSwap function magnified the error, allowing attackers to manipulate prices through tailored parameters.
The company confirmed that pools outside the pause window remained exposed, while those that could be halted were moved into recovery. Security experts highlighted how even minor computational inaccuracies can create large-scale financial losses.
Following the incident, phishing messages posing as the Balancer Security Team began circulating, attempting to exploit affected users. Despite Balancer’s extensive audits and bug bounty programs, the attack revealed how intricate vulnerabilities still evade established defenses.
13. BtcTurk
In August 2025, BtcTurk, a Turkish centralized exchange, experienced its second major hack in just over a year, losing approximately $48 million from hot wallets. Attackers gained access to private keys managing these wallets and consolidated funds across seven blockchains. The 2025 incident mirrored a 2024 breach, which resulted in $55 million stolen, highlighting persistent vulnerabilities in key management.
BtcTurk quickly halted deposits and withdrawals and confirmed that cold wallets and user funds remained safe. The attacks underscore the importance of private key security, including multi-sig wallets, distributed fund storage, and independent key safeguarding. Even exchanges with prior security audits remain vulnerable if backend processes and off-chain controls are weak.
14. Nobitex
In June 2025, a hacking group known as Predatory Sparrow claimed responsibility for a high-profile cyberattack on Nobitex, Iran’s largest cryptocurrency exchange. The operation siphoned over $90 million in crypto, later rendered permanently inaccessible. The stolen funds were stored in “vanity” addresses featuring anti-IRGC slogans, with no known private keys, effectively destroying them.
The move came just a day after the group claimed to have wiped data at Iran’s Bank Sepah. Nobitex acknowledged a breach and launched a recovery effort.
Who Is the Lazarus Group?
The Lazarus Group is a North Korean hacking group, a legend in cybersecurity circles, and not in a good way.
Known for its cyber-espionage and cybercrime activities, Lazarus has been involved in some of the biggest crypto hacks. They’ve targeted financial institutions, media organizations, and government agencies worldwide. The Lazarus Group’s cyber activities are thought to be directly funded by North Korea’s regime, and their operations are often linked to the country’s efforts to finance its missile and nuclear programs. Their attacks are carried out with precision and often exploit weaknesses in financial systems, companies, and governments to further their national interests.
These hackers have pulled off some of history’s most audacious crypto heists, including the $625 million Ronin Bridge theft in 2022. But they’re not just after the big fish. The Lazarus group is equally comfortable targeting individual crypto users through clever phishing schemes that can make traders fall for their tricks.
What makes them particularly fascinating and concerning is their versatility. One day, they might exploit complex vulnerabilities in blockchain bridges; the next, they could send convincing job offers to developers on LinkedIn. One of their famous non-crypto targets was Sony Pictures in 2014. Sensitive data was stolen and released to the public as a form of retaliation against the film The Interview. They’ve also been known to create fake companies with websites and social media presence just to lure potential victims.
The cybersecurity community has learned to recognize its distinctive patterns, but its tactics constantly evolve. It’s like a high-stakes game of digital cat and mouse, where the stakes involve both personal fortunes and international security.
Types of Crypto Hacks
Crypto attacks tend to fall into a handful of recurring patterns. Hackers exploit bugs in smart contract code, manipulate asset prices through flash loan tactics, or drain funds moving across blockchain bridges. Others take a more direct route, tricking users into surrendering their private keys through phishing. Rug pulls sit in their own category, since project founders deliberately abandon investors and exit with the funds. Recognizing each type helps you assess the risk before putting capital into any protocol.
| Attack Type | How It Works | Common Targets |
|---|---|---|
| Smart Contract Exploit | Attacker abuses a code flaw on-chain | DeFi protocols |
| Flash Loan Attack | Attacker manipulates prices within a single transaction | DEXs, lending platforms |
| Bridge Exploit | Attacker drains assets crossing between blockchains | Cross-chain bridges |
| Phishing | Attacker deceives users into revealing keys or credentials | Wallets, exchanges |
| Rug Pull | Founders exit a project and take all investor funds | New tokens, DeFi projects |
| Exchange Hack | Attacker breaches a centralized platform’s hot wallet | Centralized exchanges |
What These Security Breaches Reveal About Crypto
The scale of these hacks points to two persistent problems. Code quality matters more than marketing claims. Many protocols launch with minimal auditing, then pay expensive consequences when attackers find the gaps developers left behind. Bridges between blockchains account for billions in losses over recent years, making cross-chain infrastructure one of the most targeted areas in the ecosystem.
Human behavior also creates openings for attackers. Phishing campaigns succeed because users move fast and skip verification steps. Centralized exchanges hold enormous sums in hot wallets, turning them into worthwhile targets for sophisticated attackers.
Bug bounty programs, formal verification tools, and multi-sig treasury management also raise the bar for attackers year by year. The industry is learning, just at a slower pace than attackers tend to adapt.
How to Safeguard Your Crypto Assets
Protecting your crypto starts with a few habits most people overlook. Hardware wallets store your private keys offline, keeping them out of reach from attackers targeting internet-connected devices. For any account holding funds, two-factor authentication adds a second layer of defense beyond your password.
Take time to audit the protocols you use. Before depositing into a DeFi platform, check for recent security reviews from reputable firms. Platforms with multiple independent audits carry a lower risk profile. Keeping large amounts on centralized exchanges for extended periods raises your exposure, because most hacks target hot wallets that stay permanently online.
Stay alert to phishing. Attackers clone legitimate websites and send fake support messages. Type URLs manually rather than clicking links in emails or social messages. Keep your software and firmware updated, because many exploits target known vulnerabilities in outdated versions. A cold wallet paired with a solid security routine puts you ahead of most crypto users today.
Always stay up-to-date with the latest crypto hack news. For instance, modern scams now target hardware wallet users through supply chain fraud. Counterfeit Ledger Nano S Plus units have appeared across online marketplaces, running compromised firmware that transmits seeds and PINs to attacker-controlled servers. A separate fake Ledger Live app drained over $9.5 million from more than 50 victims. Buy hardware wallets directly from the manufacturer. Any app requesting your 24-word recovery phrase on screen is a scam.
Closing Thoughts
A look back at just a few of the biggest crypto hacks in history shows that no system is completely safe. Blockchain is powerful but can still have flaws, and hackers are always finding new ways to exploit its weaknesses.
For users, caution is essential. Stick to trusted platforms, use cold wallets, and enable two-factor authentication. Developers should focus on building secure systems and learning from past mistakes.
While the industry is making progress, various security risks remain. The challenge is to make crypto safer without slowing innovation. Security must stay a top priority as more people use cryptocurrencies.
