The Largest Cryptocurrency Hacks in History: From Mt. Gox to Bybit’s $1.4 Billion Breach

The Biggest Crypto Hacks in History: A Chronicle of Major Security Breaches

The cryptocurrency industry has been marred by significant security breaches that have shaken investor confidence and highlighted vulnerabilities within the ecosystem. This article delves into some of the most substantial crypto hacks in history, detailing each event, its impact on the platforms and their users, and the broader effects on the cryptocurrency market.

1. Bybit Exchange Hack (2025): A Record-Breaking Breach

In February 2025, Bybit, a prominent cryptocurrency exchange, suffered a catastrophic security breach resulting in the theft of $1.4 billion in Ethereum tokens. This incident stands as the largest theft in the digital asset industry’s history. The hackers managed to compromise Bybit’s offline “cold” wallet, traditionally considered more secure than online “hot” wallets. The stolen Ethereum was swiftly dispersed across multiple accounts and sold, complicating recovery efforts. Bybit’s CEO, Ben Zhou, assured users that the platform remained solvent and that a bridge loan from partners would be utilized to compensate for any unrecovered assets. This event not only resulted in significant financial losses for Bybit and its users but also sent shockwaves throughout the crypto market, underscoring the pressing need for enhanced security measures.

2. Mt. Gox Hack (2011): The Early Alarm

In 2011, Mt. Gox, then the world’s leading Bitcoin exchange, experienced a security breach where approximately 25,000 bitcoins were stolen from 478 accounts. This early incident exposed the nascent industry’s vulnerabilities and led to increased scrutiny of exchange security protocols. The hack significantly damaged Mt. Gox’s reputation, leading to a loss of user trust and eventually contributing to its bankruptcy in 2014. The broader cryptocurrency market faced heightened skepticism, emphasizing the necessity for robust security measures.

3. Bitfinex Hack (2016): A Major Bitcoin Heist

In August 2016, the Bitfinex cryptocurrency exchange was hacked, resulting in the theft of 119,756 bitcoins. The breach led to a substantial loss of user funds and prompted Bitfinex to implement a unique approach to address the shortfall: issuing BFX tokens to affected users, which could later be redeemed or exchanged for equity in the company. This incident highlighted the risks associated with centralized exchanges and spurred discussions about alternative security measures, such as decentralized platforms and improved custodial solutions.

4. Poly Network Exploit (2021): A DeFi Wake-Up Call

In August 2021, the Poly Network, a decentralized finance (DeFi) platform, suffered an exploit resulting in the transfer of over $610 million in digital assets to the hackers. Remarkably, the attacker eventually returned the stolen funds, claiming the hack was executed to highlight security flaws. This event underscored the vulnerabilities inherent in smart contract code and prompted many DeFi projects to conduct comprehensive security audits and implement stricter safeguards.

5. WazirX Hack (2024): A Blow to India’s Crypto Scene

In July 2024, WazirX, a leading India-based cryptocurrency exchange, was hacked, leading to the loss of approximately $234.9 million in investor funds. The breach not only affected the platform’s users but also had broader implications for India’s burgeoning crypto industry, intensifying calls for regulatory oversight and improved security protocols across exchanges operating in the region.

6. Coincheck Hack (2018): A Massive NEM Token Theft

In January 2018, Japanese exchange Coincheck suffered a hack resulting in the loss of $530 million worth of NEM tokens. The attackers exploited vulnerabilities in Coincheck’s hot wallet system, leading to one of the largest heists in cryptocurrency history at the time. The incident prompted Japanese regulators to tighten oversight of crypto exchanges, enforcing stricter security standards to protect user assets.

7. KuCoin Hack (2020): A Multi-Currency Breach

In September 2020, the KuCoin exchange experienced a security breach where hackers stole over $280 million in various cryptocurrencies. The swift response from KuCoin, including collaboration with other exchanges and blockchain projects, led to the recovery of a significant portion of the stolen assets. This event highlighted the importance of industry cooperation in addressing security incidents and recovering illicitly obtained funds.

8. PancakeBunny Exploit (2021): DeFi’s Flash Loan Vulnerability

In May 2021, a flash loan attack on the DeFi platform PancakeBunny led to losses of approximately $200 million. The attacker manipulated the platform’s price oracle mechanisms, causing a significant price fluctuation and enabling the draining of funds. This exploit emphasized the need for DeFi platforms to implement robust safeguards against flash loan attacks and ensure the integrity of their price oracles.

9. Bitmart Hack (2021): A Security Breach Across Blockchains

In December 2021, Bitmart exchange was compromised, resulting in the theft of around $196 million in various cryptocurrencies. The attackers managed to breach Bitmart’s hot wallets on both the Ethereum and Binance Smart Chain networks. In response, Bitmart suspended withdrawals and initiated a security review, pledging to compensate affected users. The incident highlighted the challenges exchanges face in securing assets across multiple blockchains.

10. Nomad Bridge Hack (2022): Cross-Chain Vulnerabilities

In August 2022, the Nomad token bridge suffered an exploit, leading to losses of about $190 million. The vulnerability allowed multiple users to drain funds without significant technical expertise, resulting in a chaotic free-for-all. This event underscored the complexities and risks associated with cross-chain bridges, prompting developers to prioritize security in interoperability solutions.

11. Ronin Network Hack (2022): A Gaming Ecosystem Targeted

In March 2022, hackers exploited the Ronin Network, associated with the popular blockchain game Axie Infinity, stealing over $600 million in Ethereum and USDC. The attackers gained access through compromised private keys, highlighting vulnerabilities in validator nodes. The incident had a profound impact on the gaming community and raised concerns about the security of blockchain-based gaming platforms.

12. Cream Finance Exploit (2021): Repeated DeFi Vulnerabilities

In October 2021, decentralized finance (DeFi) protocol Cream Finance experienced a major exploit resulting in a loss of $130 million in available liquidity. This incident marked the third major attack on the platform within the same year, highlighting persistent vulnerabilities in its smart contract code. The repeated breaches led to a significant decline in user confidence and trading volumes on Cream Finance, underscoring the critical need for rigorous security audits and robust protective measures in DeFi platforms.

13. Vulcan Forged Hack (2021): NFT Platform Compromise

In December 2021, Vulcan Forged, a play-to-earn NFT platform, suffered a security breach where hackers stole approximately $140 million worth of PYR tokens. The attackers gained access to the private keys of 96 wallets, enabling them to drain funds. In response, Vulcan Forged promptly refunded the affected users and transitioned to a more secure, decentralized wallet system. This incident highlighted the vulnerabilities in centralized storage solutions and prompted a shift towards decentralized security measures in the NFT and gaming sectors.

14. Liquid Global Hack (2021): A Japanese Exchange Breach

In August 2021, Japanese cryptocurrency exchange Liquid Global was compromised, resulting in losses of approximately $97 million. The attackers exploited vulnerabilities in the exchange’s hot wallets, leading to unauthorized transfers of various digital assets. Liquid Global responded by suspending deposits and withdrawals, enhancing security measures, and working with other exchanges to track and freeze the stolen assets. This breach underscored the ongoing risks associated with hot wallet storage and the importance of proactive security practices.

15. AscendEX Hack (2021): Multi-Blockchain Asset Theft

In December 2021, AscendEX, a Singapore-based cryptocurrency exchange, was hacked, leading to the loss of over $82.89 million in crypto assets. The stolen funds included more than $61 million of Ethereum-based assets and over $9 million on the Binance Smart Chain. The breach highlighted the challenges of securing assets across multiple blockchain networks and prompted exchanges to reassess their security protocols to prevent similar incidents.

16. bZx Protocol Hack (2021): DeFi Exploit via Phishing

In November 2021, the bZx DeFi protocol suffered a security breach resulting in losses of about $55 million. The attack was initiated through a phishing scheme that compromised a developer’s private key, allowing the attacker to access and drain funds from the protocol. This incident emphasized the importance of comprehensive security practices, including safeguarding personal credentials and implementing multi-factor authentication, to protect DeFi platforms from social engineering attacks.

17. Harvest Finance Exploit (2020): Flash Loan Attack

In October 2020, Harvest Finance, a DeFi platform, experienced a flash loan attack leading to losses of approximately $34 million. The attacker manipulated the prices of stablecoins on the platform, enabling them to withdraw funds at artificially inflated values. In response, Harvest Finance implemented measures to prevent similar exploits in the future, such as adjusting their pricing oracles and enhancing security protocols. This event highlighted the susceptibility of DeFi platforms to flash loan attacks and the need for robust safeguards.

18. Lendf.me Hack (2020): Reentrancy Vulnerability Exploited

In April 2020, the Lendf.me DeFi platform was compromised, resulting in a loss of $25 million. The attacker exploited a reentrancy vulnerability in the platform’s smart contracts, allowing them to repeatedly withdraw funds. Remarkably, the majority of the stolen funds were returned after the attacker revealed themselves and engaged in discussions with the platform’s team. This incident underscored the critical importance of thorough smart contract audits and the implementation of security best practices in DeFi platforms.

19. NiceHash Hack (2017): Mining Marketplace Breach

In December 2017, NiceHash, a cryptocurrency mining marketplace, suffered a security breach resulting in the theft of approximately 4,700 bitcoins, worth about $64 million at the time. The attackers infiltrated the company’s payment system, leading to a significant loss of user funds. NiceHash temporarily suspended operations to address the security vulnerabilities and later resumed services, implementing enhanced security measures. This event highlighted the risks associated with centralized platforms in the cryptocurrency mining sector.

20. Linode Hack (2012): Early Bitcoin Theft

In March 2012, hackers breached the server of web hosting provider Linode, accessing several cryptocurrency wallets and stealing approximately 46,000 bitcoins, valued at around $228,000 at the time. The incident targeted accounts associated with Bitcoin exchanges and users, leading to significant financial losses. This early hack in the cryptocurrency space underscored the necessity for robust security measures and the potential vulnerabilities of third-party service providers.

21. Gate.io Hack (2019): 51% Attack on Ethereum Classic

In January 2019, Gate.io, a cryptocurrency exchange, lost about $200,000 worth of Ethereum Classic (ETC) due to a 51% attack on the network. The attackers gained majority control over the ETC blockchain’s hashing power, allowing them to double-spend transactions. Gate.io reimbursed the affected users and increased confirmation times for ETC deposits and withdrawals to mitigate future risks. This event highlighted the vulnerabilities of smaller blockchain networks to majority attacks and the need for exchanges to implement protective measures.

22. Coinrail Hack (2018): South Korean Exchange Breach

In June 2018, Coinrail, a South Korean cryptocurrency exchange, suffered a security breach leading to the theft of approximately $37 million worth of altcoins and tokens. The incident led to a temporary suspension of services as the exchange worked to enhance its security infrastructure. The hack contributed to a broader market downturn, reflecting how security breaches