Cryptocurrency was built on the promise of decentralization, transparency, and security. Yet, as digital assets have grown into a multi-trillion-dollar ecosystem, they’ve also become prime targets for cybercriminals. The largest crypto hack in history occurred on Feb. 21, 2025, when attackers siphoned off roughly 401,000 Ethereum (ETH) — worth about $1.4–1.5 billion at the time — from the Dubai-based exchange Bybit. In August of 2021, the Poly Network exploit saw more than $610 million in crypto assets move illicitly across its Ethereum, Binance Smart Chain, and Polygon bridges.
Hackers identified and exploited a vulnerability in Poly Network’s cross-chain smart contracts, which coordinate asset transfers between different blockchains. By forging approvals across chains, the attacker moved large sums of tokens into addresses they controlled. Unlike most hacks, the attacker contacted the Poly team afterward and eventually returned the vast majority of the funds. The Ronin Network hack in March of 2022 affected the play-to-earn blockchain behind Axie Infinity, one of the most popular blockchain games.
Attackers gained access to private validator keys needed to sign transactions on the Ronin sidechain. With those keys, they bypassed security controls and transferred approximately 173,600 ETH and 25.5 million USDC to their own wallets. This exploit exposed a major risk in validator-based systems and decentralized gaming ecosystems, where compromised credentials can lead to catastrophic losses. The incident forced Ronin to raise bridge security and internal key protections. In 2022, the Binance BNB Bridge was struck by a major exploit that resulted in about $569 million in lost assets. Hackers took advantage of weaknesses in the bridge’s verification logic, allowing unauthorized transfers between chains without proper confirmations. Wormhole’s contract validation flaws allowed hackers to forge messages and withdraw funds from the system without authorization, leading to losses totaling approximately $325 million. Between 2011 and 2014, hackers gradually siphoned Bitcoin from Mt. Gox’s hot wallets — wallets connected to the internet — exploiting lax internal security and poor auditing. In total, around 850,000 BTC were lost (though some were later partially recovered). It also revealed the dangers of centralized custodial control without rigorous separation of duties or security checks. In January of 2018, Japanese exchange Coincheck was hacked, resulting in a loss of over $534 million worth of NEM tokens. Attackers infiltrated the exchange’s hot wallets using malware after gaining access through phishing and other social engineering methods. Once inside, they moved the assets out of the platform before defenses could activate. FTX — after the collapse of FTX — a suspected post-bankruptcy hack saw around $477 million in assets drained from the platform’s wallets in November of 2022. Though the exact mechanism remains debated, this hack was widely believed to involve compromised internal controls and the absence of proper safeguards after the exchange’s operations failed, leaving wallets exposed to unauthorized movements. In May 2024, Japanese exchange DMM Bitcoin lost approximately $305 million in Bitcoin after attackers withdrew 4,502.9 BTC from its systems. Preliminary investigations pointed to a compromise of the exchange’s private key storage or server access that allowed unauthorized wallet withdrawals. Authorities and analysts later linked this theft to sophisticated North Korean hacking groups. In July 2024, Indian crypto exchange WazirX suffered a serious breach, with hackers withdrawing around $234.9 million in crypto assets. The attackers managed to compromise wallet controls, sending funds to new addresses before the exchange froze operations. Lazarus Group — a North Korean state-linked hacking unit — was subsequently tied to the incident.
Leave a Reply