In This Article
- 1. Bybit — $1.5 Billion (2025)
- 2. Poly Network — $610 Million (2021)
- 3. Ronin Network — $615 Million (2022)
- 4. Binance BNB Bridge — $569 Million (2022)
- 5. Wormhole Bridge — $325 Million (2022)
- 6. Mt. Gox — ~$460 Million (2014)
- 7. Coincheck — $534 Million (2018)
- 8. FTX — $477 Million (2022)
- 9. DMM Bitcoin — $305 Million (2024)
- 10. WazirX — $234.9 Million (2024)
Cryptocurrency was built on the promise of decentralization, transparency, and security. Yet, as digital assets have grown into a multi-trillion-dollar ecosystem, they’ve also become prime targets for cybercriminals. Over the past decade, some hacks have led to billions of dollars in losses, shaking investor confidence and forcing industry-wide improvements in security.
This article explores the 10 biggest crypto hacks of all time — analyzing how they happened, what vulnerabilities were exploited, and how the industry responded.
1. Bybit — $1.5 Billion (2025)
The largest crypto hack in history occurred on Feb. 21, 2025, when attackers siphoned off roughly 401,000 Ethereum (ETH) — worth about $1.4–1.5 billion at the time — from the Dubai-based exchange Bybit.
How It Happened
A routine transfer from a cold wallet (offline storage that’s normally safer) to an active wallet was manipulated during the signing process. The attackers cleverly masked their malicious contract logic behind a seemingly legitimate transaction, allowing them to redirect the funds to their own addresses without detection.
Impact
This heist shed some light on a critical risk: even offline storage mechanisms aren’t immune if transaction signing and interface processes are compromised. The FBI later linked the attack to North Korean state-sponsored hackers.
2. Poly Network — $610 Million (2021)
In August of 2021, the Poly Network exploit saw more than $610 million in crypto assets move illicitly across its Ethereum, Binance Smart Chain, and Polygon bridges.
How It Happened
Hackers identified and exploited a vulnerability in Poly Network’s cross-chain smart contracts, which coordinate asset transfers between different blockchains. By forging approvals across chains, the attacker moved large sums of tokens into addresses they controlled.
The Unusual Twist
Unlike most hacks, the attacker contacted the Poly team afterward and eventually returned the vast majority of the funds.
3. Ronin Network — $615 Million (2022)
The Ronin Network hack in March of 2022 affected the play-to-earn blockchain behind Axie Infinity, one of the most popular blockchain games.
How It Happened
Attackers gained access to private validator keys needed to sign transactions on the Ronin sidechain. With those keys, they bypassed security controls and transferred approximately 173,600 ETH and 25.5 million USDC to their own wallets.
Consequences
This exploit exposed a major risk in validator-based systems and decentralized gaming ecosystems, where compromised credentials can lead to catastrophic losses. The incident forced Ronin to raise bridge security and internal key protections.
4. Binance BNB Bridge — $569 Million (2022)
Bridges — tools that allow assets to move between blockchains — have been frequent targets due to their complexity. In 2022, the Binance BNB Bridge was struck by a major exploit that resulted in about $569 million in lost assets.
How It Happened
Hackers took advantage of weaknesses in the bridge’s verification logic, allowing unauthorized transfers between chains without proper confirmations.
Key Takeaway
This attack revealed the difficulty of safeguarding interoperability features — complex systems with many moving parts are especially vulnerable if any component lacks strong validation.
5. Wormhole Bridge — $325 Million (2022)
Another cross-chain exploit targeted the Wormhole bridge, which connects Ethereum with other networks for token transfers.
How It Happened
Vulnerabilities in Wormhole’s contract validation allowed hackers to forge messages and withdraw funds from the system without authorization, leading to losses totaling approximately $325 million.
Impact
This incident reinforced the importance of rigorous bridge auditing and security testing, especially for protocols that hold large amounts of pooled liquidity.
6. Mt. Gox — ~$460 Million (2014)
One of the most infamous early cryptocurrency hacks, the Mt. Gox breach ultimately led to the collapse of what was once the world’s largest Bitcoin exchange.
How It Happened
Between 2011 and 2014, hackers gradually siphoned Bitcoin from Mt. Gox’s hot wallets — wallets connected to the internet — exploiting lax internal security and poor auditing. In total, around 850,000 BTC were lost (though some were later partially recovered).
Legacy
At the time, this was a catastrophic loss — amounting to a big portion of all Bitcoin in circulation. It also revealed the dangers of centralized custodial control without rigorous separation of duties or security checks.
7. Coincheck — $534 Million (2018)
In January of 2018, Japanese exchange Coincheck was hacked, resulting in a loss of over $534 million worth of NEM tokens.
How It Happened
Attackers infiltrated the exchange’s hot wallets using malware after gaining access through phishing and other social engineering methods. Once inside, they moved the assets out of the platform before defenses could activate.
Industry Effect
The scale of the hack shook regulatory confidence in exchange security worldwide and prompted more stringent oversight of how platforms safeguard user assets.
8. FTX — $477 Million (2022)
After the collapse of FTX — one of the largest crypto exchanges — a suspected post-bankruptcy hack saw around $477 million in assets drained from the platform’s wallets in November of 2022.
How It Happened
Though the exact mechanism remains debated, this hack was widely believed to involve compromised internal controls and the absence of proper safeguards after the exchange’s operations failed, leaving wallets exposed to unauthorized movements.
Broader Implications
This incident blurred the line between mismanagement and malicious exploitation, and pointed out that weak governance can be as dangerous as external hacks.
9. DMM Bitcoin — $305 Million (2024)
In May 2024, Japanese exchange DMM Bitcoin lost approximately $305 million in Bitcoin after attackers withdrew 4,502.9 BTC from its systems.
Attack Details
Preliminary investigations pointed to a compromise of the exchange’s private key storage or server access that allowed unauthorized wallet withdrawals.
Aftermath
Authorities and analysts later linked this theft to sophisticated North Korean hacking groups.
10. WazirX — $234.9 Million (2024)
In July of 2024, Indian crypto exchange WazirX suffered a serious breach, with hackers withdrawing around $234.9 million in crypto assets.
What Occurred
The attackers managed to compromise wallet controls, sending funds to new addresses before the exchange froze operations. Lazarus Group — a North Korean state-linked hacking unit — was subsequently tied to the incident.
Industry Response
WazirX’s incident highlighted how even smaller centralized platforms remain lucrative targets — especially those that fail to segment wallet authority and strengthen key management.
