๐Ÿ” Top 5 Biggest Hacks in Crypto History

The world of crypto has unlocked massive financial opportunities as it provides a space for everyone, anyone to showcase their innovativeness and woo large pool of investors all over the world. However,  in cyberspace it attracts threats from hackers globally as it also opened the door to some of the most devastating hacks ever seen. Sometimes, even those massive companies with the most secure cybersecurity system got penetrated and exploited. The outcome? these companies faces losses up to Billions of dollars, of which these monies are own by whales and even small fry- retail investor like me (Yes, even my investments were affected).

So what is the scoop? Perhaps let me share few - five (5) of the biggest crypto exploits that had happened, what they targeted, and why they matter.


1. Bybit – Approximate of $1.4–1.5 Billion Heisted (Feb 2025)

Bybit is a centralised cryptocurrency exchange known for derivatives and leverage trading. It’s one of the top global exchanges by trading volume.

So what had happened? The culprit are thought to be working with the North Korea regime. North Korea’s Lazarus Group allegedly exploited Bybit’s multisig cold wallet, draining 400,000 ETH (~$1.4B) during a routine transfer of which ByBit had thought their own wallet. The criminals were reported to secretly altered the digital wallet address that 401,000 Ethereum crypto coins were being sent to. Ouch!

The damage? From the analysis report of Crypto Investigators Elliptic which were tallied with ByBit analysis, 20% of the funds have now "gone dark", which translated of low probability to ever be recovered.

Emergency replenishment came from Galaxy Digital, FalconX, and Wintermute. Despite being a cold wallet breach, it exposed the vulnerability of operational workflows.

The firm assured the customers that their token are safe and not being taken. They then established Lazarus Bounty programme to encourage members of the public to trace the stolen funds and get them frozen where possible.

Source: https://www.bbc.com/news/articles/c2kgndwwd7lo

2. Ronin Network – $615 Million (Mar 2022)

Ronin is a sidechain created by Vietnam- based parent company - Sky Mavis to support Axie Infinity, a leading popular Web3 play-to-earn game that blooms since Covid-19. As you may have guessed, yes I played the game before and have some investments here. Anyway, Ronin Network helps in reduced transaction fees and speed up in-game interactions.

It was reported that $615 million were stolen. This is considered to be the second highest money heist in Crypto world. It was not officially known who is the real culprit of the hack. It is alleged that the curators are none other than The Lazarus Group of North Korea as well. Hackers compromised 5 of 9 validator nodes, using stolen keys to drain 173,600 ETH and 25.5 million USDC. Skymavis only realised on their situation that the hackers transferred the cryptocurrency to themselves when the company noticed customer was unable to withdraw their funds.

It was reported that the hack initiated in November 2021, when Axie Infinity's user base expanded to an unsustainable size, and the company were forced to loosen security procedures to cope with the increased demand. This created an open opportunity for the hackers to leverage on the relax security. The aftermath of the hack, Initially, Ronin Network put out one statement on its substack - a newsletter service - and taken its website offline. They then stated that they are working with law enforcement officials, forensic cryptographers, and intend to have their investors to make sure all funds are recovered or reimbursed. Personally, during the year, my tokens are not one of the hacked tokens. However, due to heavy negative sentiments towards the company during those time from the public along with the panic selling of investors causes my token to drop its value to more that 90%? Axie Infinity (the game) loss its aura causes it to drop much more faster. In short, I've lost around RM9,000 worth of investment.

It is a hell of a personal experience in crypto space that gives me the shock-real distorted truth. The faster they climb, the harder they fall. Nevertheless, I am amazed to the company's perseverance up till today, they have shown that they meant business and are here for long term through their slow progress and development overtime. Even Binance shows its support to the Ronin Network and now it climbs back to the top with better tier security. Its a good comeback story as they offer better solutions, more dApps and games, good staking and liquidation farming feature. Sky Mavis reimbursed users and redesigned Ronin’s validator structure. The event still stands as the biggest DeFi bridge exploit.

Source: https://www.bbc.com/news/technology-60933174

3. Poly Network – $610 Million (Aug 2021)

One of most bizarre yet ethical hacking stories that had happened in Crypto history crowned to Poly Network. Poly Network is a cross-chain protocol that facilitates asset transfers across different blockchains like Ethereum, Binance Smart Chain, and Polygon. Basically its another token swapping platform and perhaps currently can be considered as one of the main players among its peers.

In 2021, the security of Poly Network has been breached when the hackers were able to heist around $613 Million in crypto currency, only to have it returned within 48 hours after the heist. So how did it happened? This company actually operates on variance of network which include the Binance Smart Chain, Ethereum and Polygon blockchains. Tokens are swapped between the blockchains using a smart contract which contains instructions on when to release the assets to the counterparties. According to CipherTrace (Crytpto Intelligence), one of the smart contracts that Poly Network uses to transfer tokens between blockchains maintains large amounts of liquidity to allow users to efficiently swap tokens, The company then stated through their preliminary investigation after the heist, the hackers exploited the vulnerability in this smart contract which have resulted to stolen fund in more than 12 different crypto currencies, which include either and type of bitcoin based on the analysis of blockchain forensics company, Chainalysi. It has been claimed that the hackers override the contract instructions and diverted the funds to three wallet addresses, digital locations for storing tokens. 

Nevertheless, it has been reported that the attacker had returned nearly all of the heisted funds after being dubbed “Mr. White Hat.” The hackers started transferring assets back to Poly Network into a wallet which both parties controlled. By just few days later, the hackers had returned nearly all of the assets, with just $33 million tokens frozen earlier by cryptocurrency platform Tether outstanding, Poly Network said. We clearly do not know what is the real motive behind all of these acts. All of Blockchain companies should never overestimates their cyber security system as not all hackers have some sense of righteousness.

Source: How hackers stole $613 million in crypto tokens from Poly Network | Reuters


4. Binance (BNB Chain) – $570 Million (Oct 2022)

In October 2022, even crypto titan Binance was shaken when its native blockchain, the BNB Chain, suffered a massive breach. At the time, Binance was the largest crypto exchange globally, with its BNB token ranking among the top five by market cap. The exploit targeted the BSC Token Hub, a cross-chain bridge that connects the BNB Beacon Chain and BNB Smart Chain, allowing users to move assets between networks.

The attacker successfully forged a malicious proof — essentially tricking the bridge’s verification system — which allowed them to mint 2 million BNB tokens, worth roughly $570 million. The vulnerability lay in how the cross-chain bridge validated messages. Upon detection, Binance responded swiftly by pausing the entire chain and contacting validators to halt transactions, a move that prevented even greater losses.

Despite the swift containment, only about $430 million in assets were frozen in time, with the remainder moved and deemed unrecoverable. No user funds were directly affected, but the incident shook confidence in cross-chain bridge security. Binance later reinforced its bridge protocols, and the event served as a stark reminder that even giants in the blockchain world aren’t invincible when it comes to exploits.

Source: https://www.investopedia.com/binance-got-hacked-6748215


5. Mt. Gox – $473 Million to $500 Million (2011–2014)

Long before Binance or Coinbase dominated the scene, Mt. Gox was the world’s biggest Bitcoin exchange. Based in Tokyo, it once handled nearly 70% of all Bitcoin transactions globally. From its peak dominance to its eventual downfall, Mt. Gox has become a cautionary tale of crypto mismanagement. Its collapse in early 2014 was triggered by what is now considered one of the earliest and most significant thefts in crypto history.


The breach wasn’t the result of a single sophisticated attack, but rather a prolonged and silent drain of funds that allegedly began as early as 2011. Hackers exploited weaknesses in Mt. Gox’s wallet system and internal auditing, gradually siphoning off around 650,000 BTC (then worth approximately $473M to $500M). These BTC were stolen over years without detection, a testament to the lack of proper operational security, transparency, and internal controls.


The consequences were seismic. Mt. Gox filed for bankruptcy in 2014, leaving hundreds of thousands of users unable to access their funds. What followed was nearly a decade of legal disputes and civil rehabilitation efforts. To this day, affected users are still waiting to be compensated, with repayments slowly progressing through court-appointed trustees. The Mt. Gox saga stands as a grim reminder of how even foundational platforms can collapse without proper safeguards, and it marks one of the first major cracks in public confidence toward centralised crypto exchanges.



๐Ÿงพ Honorable Mentions:

These are some of the honorable mentions of hacking that had occur in the crypto space. This shows that not only giants were targeted, in which every chain and system in Blockchain world should have a neverending cyber security enhancement to break any malicious attempt to get breached.

  • Coincheck – $532 million stolen (2018, Japan)

  • Wormhole – $320 million cross-chain exploit (2022)

  • FTX – $477 million drained amid collapse (2022)

๐Ÿ’ก Key Takeaways for Every Crypto Newbi:

As for me and perhaps to the readers as well, there might be some key takeaways for each and every one of us through this article.

  • Cold wallets can fail if operational practices are weak. Ultimately there are no solid hack-proof system. Each system may have their own vulnerabilities.

  • It seems that the Cross-chain bridges remain one of the most exploited crypto features.

  • ALWAYS do your own research and spread your holdings. As they always say, never put all eggs in one basket. 

  • Never trust—always verify. If it is too good to be true, then there is a high percentage that it is. Try to resist any FOMO feelings and strategise your investments and holding, avoiding scams and frauds in Blockchain space.

  • And remember: "Not your keys, not your coins." 

Comments

Post a Comment

Popular posts from this blog

Crypto 101: Basic of Crypto and Blockchain

Image
Introduction to Crypto and Blockchain: A Beginner’s Guide As we are moving towards understanding the whole structures and the mechanisms of blockchain technology, let us first understand the basic concept of it. Welcome to the world of cryptocurrency and blockchain, the real-life Grand Line of technology where it has not been fully explored and utilised, filled with uncertainties yet mesmerizing potentials of human discoveries.  Whether you’re a seasoned investor or a curious newcomer, understanding the basics is crucial. This article post will walk you through the fundamental concepts and terms you need to know. To those whom already knows, well, it serves as a reminder if anyone wants to check. So what is Cryptocurrency? Cryptocurrency is a digital or virtual form of currency that uses cryptography for security. Unlike traditional currencies, cryptocurrencies operate on decentralized networks based on blockchain technology. The most well-known cryptocurrency is Bitcoin, but there...
Read more

Diving into the World of Crypto Gaming: Personal Experiment as a Seasoned Noob

Image
Crypto gaming has opened up a world where entertainment meets tangible rewards. At least this is the pill that the industry has been feeding us to swallow from its first inception. As we have already explored the basic terms of Blockchain, Crypto and NFTs, let us zoom in towards specific niche in Blockchain world and dive into the space of Crypto gaming. From humble beginnings to the intricate world of NFTs and blockchain, I must say it is intriguing to have the thought of owning the item that you have grind in games and even able to sell it or keep it as your own. The hardship that you have to endure and the time spent playing the game would be worth it and not left in vein as it can be considered as proof-of-work. However, if you expect that this could be a gateway to the riches, you might have to hold your horses as it may not be as easy as it seems. Let me share my personal journey through various games that has been nothing short of thrilling with its pros and cons along with its ...
Read more

Non Fungible Token : Digital Asset or Digital Liability?

Image
Yay or Nay? In the revolution of the Web 3.0 era, it seems that Non-Fungible Token (NFT) or you may say digital asset is gaining its popularity, and owning it gave the highest pride to the owner, well at least to us as crypto-geeks. Regardless of its function, utilities, some of us are willing to sell our kidney's to obtain it. Here is an interesting move, a twitter user claims that he sold his kidney just to obtain a Bored Ape NFTs. Whether its true or not, it shows the length that a person might be resolved in order to owning an NFT. Is it worth it? If we go about in many perspectives, i.e. monetary values, utilities, the pride of owning it, is one confirmed that it is a digital asset?or just another liability that disguised itself as an asset, being a perfect bait to those who have FOMO (Fear-Of-Missing-Out) syndrome? A person claimed sold his/her kidney for NFT Perhaps we can roll-out the term and see if it still fits. The basic crypto terms have been shared in the previous art...
Read more