Top 10 biggest crypto hacks of all time

As the cryptocurrency market continues to grow, so do hacker attacks and crypto theft. Despite blockchain’s strong reputation for security, the past decade has seen some jaw-dropping attacks, with billions of US dollars in digital assets stolen. Let’s dive into the 10 biggest cryptocurrency hacks that shook the crypto world and see what they teach us.

1. ByBit heist: US$1.5 billion

On February 21, 2025, hackers stole 400,000 ETH (Ether) — worth around US$1.5 billion — from the Dubai-based crypto exchange ByBit, making this the largest heist in the cryptocurrency industry thus far. The attack was linked to the Lazarus Group — a well-known, state-sponsored hacking organization from North Korea. They exploited ByBit’s cold wallet software to siphon off the funds.

2. Ronin Network hack: US$615 million

On March 23, 2022, hackers broke into the Ronin Network (which powers the popular play-to-earn game Axie Infinity) and managed to steal 73,600 ETH and 25.5 million USDC (USD Coin), totaling about US$615 million. The same North Korean hackers — the Lazarus Group — took advantage of weak security on the system that was supposed to check and approve transactions.

3. The Poly Network hack: US$610 million

On August 10, 2021, Poly Network, a DeFi (Decentralized Finance) platform connecting different blockchains, was hacked for roughly US$610 million. The digital assets were drained from the Ethereum, Binance Smart Chain, and MATIC (now known as Polygon) blockchains. However, in a surprising twist, the hacker, who called themselves “Mr. White Hat,” returned almost all the stolen funds and even helped Poly Network fix its security flaws.

4. Binance BNB bridge exploit: US$570 million

In October 2022, an unidentified hacker or hackers found a bug in the BNB Smart Chain bridge’s code and used it to mint and withdraw about US$570 million worth of BNB (Binance Coin) tokens. Binance and the crypto community reacted quickly and were able to freeze most of the stolen money. However, around US$100 million worth of stolen assets were moved off-chain.

5. The Coincheck breach: US$534 million

On January 26, 2018, after a phishing attack on the users of Japan-based exchange Coincheck, hackers were able to access their hot wallets, stealing 523 million NEM (XEM) tokens. The stolen crypto assets were valued at approximately US$534 million. After the attack, Coincheck temporarily suspended trading and eventually repaid all the affected customers.

6. The FTX hack: US$477 million

In the chaos of FTX’s bankruptcy filing on November 11, 2022, hackers stole about US$477 million from the cryptoasset exchange. Initially suspected to be an inside job, it was later revealed that the theft was carried out by a US-based SIM swapping ring. 

In early 2024, federal prosecutors indicted three individuals who allegedly impersonated an FTX employee to hijack their phone number, intercept authentication codes, and access the exchange’s crypto wallets. While some of the stolen funds were frozen, the hackers managed to launder a lot of the money.

7. The Mt. Gox hack: US$460 million

Back in 2014, Mt. Gox — the biggest bitcoin exchange at the time, handling over 70% of all global bitcoin transactions — collapsed after about 850,000 BTC (Bitcoin) went missing. It was worth around US$460 million back then, and would be nearly US$70 billion today. The hack happened slowly over the years due to serious internal security failures, and became a symbol of early crypto’s risks.

8. The Wormhole exploit: US$320 million

On February 2, 2022, an unknown attacker broke into Wormhole, a major bridge protocol connecting different blockchains, and stole about 120,000 ETH, worth US$320 million. The hacker found a vulnerability in the platform’s smart contract system and used it to mint and cash out unbacked tokens.

Wormhole offered a US$10 million bounty to the hacker to return the stolen funds, but the offer was declined. A major crypto company, Jump Crypto, had to step in to replace the stolen funds and keep the system running.

9. DMM Bitcoin hack: US$305 million

On May 5, 2024, hackers hit the Japanese exchange DMM Bitcoin, stealing 4,500 BTC worth about US$305 million. Using social engineering, the attackers had tricked an employee months earlier with a fake job offer and a malicious file, which gave them access to the system and let them pull off the theft.

Investigations by the FBI, Japan’s police, and the US Department of Defense later confirmed that the perpetrators were TraderTraitor, a subgroup connected to the notorious Lazarus Group of North Korea.

10. The KuCoin hack: US$275 million

On September 25, 2020, Singapore-based KuCoin fell victim to a major hack, losing roughly US$275 million worth of BTC, ETH, and several other cryptocurrencies. However, KuCoin managed to recover a significant amount of the stolen funds later.

The breach was traced back to compromised private keys that controlled KuCoin’s hot wallets. While it is speculated that the aforementioned North Korean hackers are behind this attack as well, no criminals have been officially identified by law enforcement.

What can these hacks teach us?

Over the past decade, the digital asset world has seen its fair share of high-profile hacks, costing crypto platforms and users billions. From exchange breaches to smart contract flaws, these incidents show that even in a decentralized space, vulnerabilities still exist.

However, these hacks have helped shine a light on the risks and shown both users and companies how to better protect themselves moving forward. So, let’s see what we can learn from it all.

Dangers of crypto

Cryptocurrency was built on the idea of decentralization, security, and a new era of financial freedom. However, as the crypto industry grows, so do the risks.

Here’s what you should watch out for:

Centralized platforms

While blockchains themselves are pretty secure, some centralized exchange platforms might not be. They are businesses that offer simplified cryptocurrency transactions as a service. While they provide convenience, centralized exchanges store huge amounts of crypto in hot wallets — online wallets that are much easier for hackers to break into. So, even if you do everything right to protect your accounts, a breach on the platform can wipe you out.

Trusting someone else with your keys

In crypto, your keys are your money. Essentially, if someone else controls your private keys, they control your funds. When you leave your crypto on a centralized platform, you’re trusting that company to keep your keys safe. 

But it’s not just exchanges — sharing your private keys with friends, family, or anyone else can be just as risky. Even well-meaning people can lose them, accidentally expose them, or fall for scams. And scammers often trick users into handing over keys by pretending to be tech support, investment advisors, or even government officials.

Losing your private keys

While decentralized exchanges and non-custodial wallets are better protected against hacks, they come with a different risk: full responsibility for your own keys. Your private key is the only way to access your cryptocurrency, and if you lose it or the recovery phrase, your funds are pretty much gone forever.

So, it’s not only theft or hacker attacks you should worry about. Accidents happen, too — people have lost millions simply by misplacing hardware wallets (small devices designed to store private keys offline), forgetting seed phrases, or failing to back them up properly.

Easy-to-miss theft

Crypto theft doesn’t look like a bank robbery. It’s usually silent, invisible, and over in seconds. All it takes is one wrong click on a phishing link, a fake website, or a malicious app to hand your private keys or wallet access over to a scammer.

Unlike stolen credit cards or hacked bank accounts, there’s no fraud department to call, and blockchain transactions can’t be reversed. Once your crypto is stolen and moved off-exchange, it’s likely gone for good.

Types of crypto hacks

Cryptocurrency hacks can happen in a variety of ways, and attackers have come up with numerous creative methods to exploit vulnerabilities in both technology and human behavior. Here are some of the most common types of crypto hacks:

• Bridge attacks. These hacks happen when hackers target cross-chain bridges — the systems that allow you to move crypto between different blockchains. If there’s a vulnerability in the bridge’s code, hackers can steal your crypto while it’s in transit;
• Wallet hacks. These types of attacks occur when someone gets into your crypto wallet by gaining your private keys. If your money is in a hot wallet, hackers might use phishing, malware, fake apps, or exploit other network vulnerabilities to steal your private keys;
• Exchange exploits. Crypto exchanges — online platforms where people buy, sell, and store their cryptocurrency — are attractive targets for hackers. Exchanges store large amounts of crypto in online wallets, so if attackers find a weakness in the platform’s code or security systems or even trick employees, they can break in and steal huge sums in a single attack.

How to stay safe

Staying safe in the crypto world means being proactive and cautious. Here are some simple but important steps to help protect your assets:

1. Use cold wallets

One of the safest ways to store your crypto is offline in a hardware or other kind of cold wallet. Since cold wallets aren’t connected to the internet, they’re much harder for hackers to access.

2. Enable 2FA (Two-Factor Authentication)

While 2FA isn’t foolproof, it adds an extra layer of protection. Even if a hacker gains access to your password, they still need to bypass the second authentication.

3. Avoid centralized exchanges for long-term storage

Centralized exchanges are convenient for trading, however, they should not be used for storing large amounts of crypto long term. If you plan holding your crypto for an extended period, move it somewhere more secure, like a hardware wallet or a reputable, decentralized wallet you control.

4. Be aware of phishing and social engineering

Be wary of unsolicited messages, especially those that seem urgent or offer something too good to be true. Scams can come through email, messaging apps, or even fake job offers. Never click on suspicious links, and make sure you’re dealing with legitimate sites when entering your crypto wallet details.

5. Keep your private keys safe

Store your keys in a secure place, preferably offline, and don’t share them with anyone. If you’re using a paper wallet, make sure it’s stored safely.

6. Use a VPN and antivirus

A VPN (Virtual Private Network) encrypts your internet traffic and hides your IP address, making it harder for hackers or snoopers on public Wi-Fi to spy on your activity. While it won’t stop phishing or malware, it’s a smart extra layer of protection, especially on untrusted networks.

Pair that with good antivirus software to block keyloggers, clipboard hijackers, and other malware that target crypto users. Just make sure your software is up to date.

Together, VPNs and antivirus software can help you maintain a safer environment when accessing your wallets or exchanges. You can find both in the Surfshark One cybersecurity suite — a convenient all-in-one package that includes a VPN, antivirus, and other tools to help you stay protected online.

Bottom line: stay alert — stay in control

As bad as some crypto hacks can be, there are some valuable lessons to be learned. These incidents remind us that while blockchain technology is innovative, it’s not immune to human error, poor security practices, or smart attackers. The good news is that many of these risks can be reduced with the right tools and habits. Staying alert, informed, and in control of your own assets is the best defense in the ever-evolving world of crypto.

Keep your connection private and secure with a VPN

Take this small step to add serious protection to your crypto habits

Get Surfshark

References:

1. ByBit heist
2. Ronin Network hack
3. The Poly Network hack
4. Binance BNB bridge exploit
5. The Coincheck breach
6. The FTX hack
7. The Mt. Gox hack
8. The Wormhole exploit
9. DMM Bitcoin hack
10. The KuCoin hack