Throughout the fast advancement of the cryptocurrency market over the last decade, the public has also been met with some of the biggest crypto hacks in history.Â
These incidents resulted in millions of dollars lost and highlighted the need for industries to revamp their security. Understanding these breaches provides valuable lessons learned from blockchain hacks, helping to shape the future of the digital asset space.
In this article we’ll share an in-depth look at some of the top blockchain and crypto hacks ever recorded, showcasing the scope of losses and the tactics hackers used to exploit weaknesses in cryptocurrency systems.
Ronin Network (March 2022)
The Ronin Network hack in March 2022 was a devastating blow, resulting in a loss of $625 million in Ethereum (ETH) and USD Coin (USDC). This attack is widely recognized as one of the top blockchain security breaches, attributed to the Lazarus Group, a North Korean state-sponsored hacking entity.
This incident provided great insight into how crypto hacks happen as the breach involved the exploitation of the Ronin bridge, a key component of the Ethereum-linked sidechain dedicated to the popular game Axie Infinity.
The Ronin Network, developed by Sky Mavis for Axie Infinity, is designed to facilitate faster and cheaper transactions than Ethereum’s main network. It operates with nine validator nodes, with a consensus of five required for approving transactions. In this incident, the attackers compromised four Sky Mavis validator nodes and one from the Axie DAO, allowing them to authorize two large withdrawals from the Ronin bridge. This consisted of 173,600 ETH and 25.5 million USDC, making it one of the largest thefts in the history of decentralized finance (DeFi).
Poly Network (August 2021)
Another major breach occurred in August 2021, when Poly Network suffered one of the largest crypto exchange hacks, losing over $610 million. The hack exploited a weakness in the protocol’s cross-chain functionality, enabling attackers to transfer massive amounts of assets across Ethereum, Binance Smart Chain, and Polygon.
The attacker used the EthCrossChainManager contract to take control of funds, moving them to wallets under their control. While most of the stolen assets were returned, the breach remains a prime example of how blockchain hacks impact the market and the importance of securing interoperability protocols. The stolen assets included cryptocurrencies, denominated in ETH, BSC, and MATIC coins.
Binance Bridge (October 2022)
In October 2022, hackers exploited vulnerabilities in the Binance Bridge smart contract, illegally creating 2 million BNB tokens. This event is a standout among the biggest losses in blockchain hacks, with hackers minting tokens and funneling them through various DeFi platforms.
The attackers used Venus, a lending protocol on the BNB Chain, using 900,000 BNB as collateral to borrow various stablecoins. These stablecoins were then routed to multiple EVM-compatible chains using different bridges and swapped between stablecoins and Ethereum using various liquidity providers and lending protocols.
Coincheck (January 2018)
The Coincheck hack in January 2018 was one of the most notable cryptocurrency hacks of all time, involving a loss of approximately $534 million. This attack targeted the Japanese crypto exchange Coincheck, and the stolen funds consisted entirely of NEM tokens, a cryptocurrency. In the early morning of January 26th, hackers transferred about 523 million NEM tokens from Coincheck’s hot wallet, which was less securely protected online, to external addresses. The breach went unnoticed until almost midday.
Coincheck’s vulnerability lay in its security practices at the time of the hack. The exchange stored a majority of its clients’ NEM tokens in an online hot wallet secured by a single private key, instead of using more secure cold storage or multi-signature wallets. This approach left Coincheck exposed to the risk of such a massive theft. Following the discovery of the breach, Coincheck froze all deposits and withdrawals on its platform.
Mt. Gox (2011–2014)
The Mt. Gox hack is often remembered as one of the top crypto heists ever recorded, spanning from 2011 to 2014. During this time, attackers siphoned off 744,000 bitcoins from customer accounts and 100,000 from the company itself.
This incident led to the collapse of the largest Bitcoin exchange of its era, shaking confidence in centralized exchanges and stressing the need for transparency and better security protocols.
Wormhole (February 2022)
The Wormhole hack, involving a loss of $325 million, is one of the famous DeFi exploits in history. It targeted a vulnerability in the platform’s cross-chain bridge, allowing attackers to mint fake wrapped Ether (wETH).
This breach revealed the risks of using experimental code in DeFi platforms. The incident also highlighted the growing need for rigorous testing and auditing to prevent similar exploits.
KuCoin (September 2020)
KuCoin suffered a $280 million hack in September 2020, cementing its place among the biggest crypto hacks in history. Hackers accessed private keys to drain funds from hot wallets.
Despite the severity, KuCoin’s swift response and collaboration with blockchain projects and law enforcement agencies led to the recovery of most stolen funds, offering a case study in effective crisis management.
PAID Network (March 2021)
The PAID Network fell victim to a devastating exploit in March 2021, where attackers minted new tokens, leading to a net loss of $180 million. This top blockchain security breach exposed weaknesses in token issuance controls, enabling bad actors to manipulate the system.
The incident stressed the importance of secure governance and decentralization in managing tokenized platforms.
Cream Finance (October 2021)
In October 2021, Cream Finance suffered a $130 million flash loan attack, marking one of the biggest losses in blockchain hacks. The attack leveraged weak collateral management systems, allowing hackers to drain liquidity pools.
Flash loan exploits like this demonstrate the evolving sophistication of DeFi attacks and the need for advanced protective measures.
Bitfinex (August 2016)
Bitfinex’s 2016 hack is among the most severe in history, with 119,756 bitcoins stolen, valued at $72 million at the time. As one of the largest crypto exchange hacks, it drew significant attention to the vulnerabilities in multi-signature wallets, which were considered secure at the time.
This incident caused a temporary drop in Bitcoin prices, underscoring the impact of crypto hacks on the market. Bitfinex’s eventual recovery efforts, including compensating users, helped rebuild trust in the platform.
Key Takeaways
The top blockchain and crypto hacks listed above serve as sobering reminders of the risks in the cryptocurrency space. These incidents have not only led to significant financial losses but also highlighted critical security gaps within the blockchain and cryptocurrency sectors.
As unfortunate as it is — the rapid development of digital assets has opened the door for hackers to try and steal crypto assets from investors and companies. From the famous DeFi exploits in history to the collapse of major exchanges, these events have shaped the evolution of blockchain security.Â
Learning from the lessons learned from blockchain hacks is essential to build a more resilient and secure future for the digital asset ecosystem.
