76 Entries to date. Last updated in Aug 2022.

With more than 40 hacks and breaches reported in 2021 alone, we are witnessing a continuous rise in crypto fraud-related incidents each year.
Over $3 billion in total losses have been recorded in 2021 and on average, the number of offenses grows 41% every year, according to Markets Insider.

Exchanges get hacked all the time, which is why I always advise my friends and followers to keep their long term holdings in HD wallets (cold storage) instead of risking their hard-earned money being stolen.

In this post, I collected data from various sources to compile a comprehensive list of all the hacks that we know of, from the early days of crypto, to most recent times.

This list is updated regularly and new entries are added accordingly.

9 August 2022 – Curve.Finance

DeFi protocol Curve Finance gets hacked and approx $570,000 in ETH is stolen. 3 days later, Binance freezes wallets associated with the hack and recovers almost 80% of the funds.

8 June 2022 – Osmosis DEX

Osmosis, a decentralized exchange built on Cosmos, was hacked for roughly $5 million, forcing developers to halt the network.

30 April 2022 – Saddle Finance Exchange

Saddle Finance, a decentralized exchange for trading stablecoins, was hacked in a DeFi exploit. Saddle Finance confirmed the incident, saying its team was investigating a “possible exploit.” BlockSec was able to rescue $3.8 million from the exploiters with an “internal system” that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. Still, the hacker made off with more than $10 million in ETH from Saddle’s liquidity pools. Saddle Finance said it was in the process of recovering the $3.8 million from BlockSec.

25 March 2022 – Ronin Network

This was at the time, the second biggest crypto hack ever: $600 Million in ETH was stolen from NFT gaming blockchain Ronin Network – an Ethereum-linked blockchain platform for non-fungible token-based video game Axie Infinity. The incident greatly affected many users of the platform and tanked the AXS token in the aftermath of this exploit.
According to Ronin, 173,600 Ether tokens and 25.5 million USD coins.

2 February 2022 – Wormhole

Wormhole Portal, a bridge between Solana (SOL) and other blockchains, was exploited for approximately 120k wrapped ETH. The total value of the stolen crypto assets stands at around $320 million at the time.

17 January 2022 – Crypto.com

More than $30 million was stolen by hackers from wallet and exchange app Crypto.com. The company said that 4,836 ETH and 443 BTC were taken. According to the report released by the company, 483 users had their accounts compromised.

18 December 2021 – Grim Finance

DeFi protocol Grim Finance lost $30 million in 5x re-entrancy hack.. This security flaw in the Grim Finance protocol allowed the attacker to fake five additional deposits.

12 December 2021 – AscendEX

Crypto exchange AscendEX — formerly known as BitMax — has been hacked for an estimated $77.7 million. That’s according to the exchange, which acknowledged the hack, and security researchers PeckShield who have estimated its losses. Coins and tokens stolen include USDT, USDC, TARA, SHIB, AAVE, COMP.

5 December 2021 – Bitmart

Reportedly, close to $200 million worth of crypto was stolen in this hack according to security firm Peckshield. Bitmart promised to use its own money to reimburse users and claims the hack is worth $150 million.

2 December 2021 – BadgerDao

$120 million was stolen from the BadgerDAO decentralized finance protocol by a hacker targeting the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107 .
One user’s account suffered a $90 million loss and later it was confirmed that the account belongs to crypto lending platform Celsius.

September 2021 – pNetwork

The Defi protocol, pNetwork alerted the community of a 277 Bitcoin (BTC) hack, which amounts to 12.67 million in USD. The network revealed that the attacker installed a bug on the Binance Blockchain codebase of pNetwork. However, the protocol confirmed safety for other funds as no more bridges had to bear the burn of the attack.

August 2021 – Liquid Exchange (Japan)

On August 18th 2021, Japanese exchange Liquid reportedly suspended asset deposits and withdrawals as its hot wallets have been hacked in a security breach. Affected coins in this hack were Bitcoin, Ethereum, Tron and XRP to the total amount of approximately $97 million (according to Elliptic’s analysis)

August 2021 – Poly Network

Reportedly, over $600 million was stolen on August 10, 2021 by a ‘white hat’ hacker making this the biggest single crypto hack to date. Ethereum, Binance Smart Chain and Polygon tokens were stolen but the claim is that this hack was only committed in order to highlight the vulnerabilities of the Poly Network platform and most of the funds were later returned. Around $200 million is still outstanding and Poly Network reportedly promised the hacker a $500,000 bounty for the restoration of user funds, and even invited them to become its “chief security advisor.”

April-May 2021 – Coinbase

As reported by Reuters in October 2021, this hack took place between March and May 20th 2021. At least 6000 customers have been victims of unauthorized third parties exploiting a flaw in the company’s SMS account recovery process to gain access to multiple accounts, and transfer funds to crypto wallets not associated with Coinbase. The amounts are undisclosed.

April 2021 – EasyFi

This is a decentralized finance (DeFi) Polygon Network-powered protocol, which has reported suffered a hack of over $80 million.

April 2021 – Thodex 

The largest Turkish crypto exchange vanished after reports about suspicious transactions. Allegedly, the founder took off with $2 billion USD of customers money and fled to Albania.

February 2021 – Cryptopia

Even as it is being liquidated following a previous breach that stole NZ$24 million (US$15.5 million), this exchange gets hacked again.
According to a Stuff report Thursday, a creditor, U.S. firm Stakenet, has been told that about NZ$62,000 (US$45,000) in the XSN cryptocurrency had been transferred out of its cold wallet on Feb. 1.

December 2020 – Livecoin

This exchange is now shut down, after this hack it never recovered and court proceedings are in place to supposedly recover some of the users funds but so far not much has come out of this.

November 2020 – Liquid Exchange

Although not a hack of funds, this was a data breach, so I am still adding it to this list.
In an official statement about this hack, the CEO shared the following:

“On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage…
We can confirm client funds are accounted for, and remain safe and secure. MPC-based and cold storage crypto wallets are secured and were not compromised.”

September 2020 – Kucoin Exchange

The total amount originally was amounting to $280 million in various coins but with the help of the developers of some of these projects and combined efforts of other exchanges, almost than half of this sum was recovered (around $130 million) and Kucoin did not suffer major disruptions to its trading activity. One of the least detrimental hacks to the customers and as long as I know, users were reimbursed.

September 2020 – Eterbase Hack

The total amount lost due to this hack was reportedly around $5.4 million worth in crypto.

July 2020 – Cashaa

Cashaa shared that it lost 336 bitcoin to hackers. The attacker may have implanted malware into one of the exchange’s computers. As an employee accessed the affected machine to make two transfers, the attack was launched.

June 2020 – Balancer

An attacker stole over $500,000 in Ether, Wrapped Bitcoin, Chainlink, and Synthetix tokens.

Balancer CTO Mike McDonald explains that the attacker had borrowed $23 million in WETH tokens in a flash loan from dYdX. They then traded against themselves with Statera (STA), a token that uses a transfer fee model and burns 1% when traded. The attacker repeated this back and forth 24 times, draining the STA liquidity pool. Because Balancer thought it had the amount of STA remained unchanged, it released WETH in the amount of the original balance, giving the attacker a larger margin for every trade.

The attacker repeated this attack with WBTC, LINK and SNX, all against Statera tokens.

May 2020 – Coincheck

In an official statement, the Tokyo-based organization shared that attackers hijacked one of Coincheck’s domains to carry out spear-phishing attacks on customers.

Coincheck stated that certain personal information like names, registered addresses, birth dates, phone numbers, and ID Selfies was exposed in the incident. Digital assets, however, were not affected.

In 2018, Coincheck lost $500 million in NEM coins after hackers compromised the exchange platform.

April 2020 – Uniswap

Hacker(s) deployed two reentrancy attacks, made possible by a known vulnerability found in the ERC777-token of Uniswap Exchange, to steal $300,000 and $1.1 million in imBTC tokens. Tokenlon, the company behind the imBTC token that runs on the Uniswap platform, provides a timeline of the events:

“8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack. For technical details please refer to Open Zeppelin’s explanation here. 12:12 on April 18th. The Tokenlon team observed the anomaly, defined the incident as a P0-level security issue and established an emergency response team. 12:49 on April 18th. After evaluating the situation, Tokenlon suspended the transfer of imBTC and notified imBTC partners including Lendf.Me to evaluate potential security risks. 17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to do so. 09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack, similar to the one happened to Uniswap, resulting in a large number of abnormal borrowing on the platform. 10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack, Tokenlon suspended the transfer of imBTC.”

February 2020 – Altsbit

According to Altsbit, hackers were responsible for the theft of a large number of coins. The exchange cannot compensate losses but intends to return untouched amounts as some percentage to users.

Verified losses include:

BTC Lost 6.929 coins out of 14.782 – 7.853 will be returned to users. 53.10% (Refunded)

ETH Lost 23.21 out of 32.262 – 9.052 will be returned to users. 28.06% (Refunded)

ARRR Lost 3924082 out of 9619754 – 5695672 will be returned to users 59.20% (Refunded)

VRSC Lost 414154 out of 852726 – 438572 will be returned to users 51.24% (Refunded)

KMD Lost 1066 out of 48015 – 46949 will be returned to users. 97.77% (Refunded)

November 2019 – Upbit

On November 27, 2019, hackers made off with 342,000 ETH (nearly $50 million at the time of the hack). Upbit promised users that it would cover the losses.

November 2019 – VinDAX

Viet Nam-based VinDAX lost half a million U.S. dollars’ worth of funds in various cryptocurrencies.

July 2019 – Bitpoint

On July 12, BITPoint revealed the loss of 3.5 billion yen, 2.5 billion of which belonged to customers. In a followup, the company found that actual losses from the breach came to around 3.02 billion yen (US$28 million) – roughly $500 million less than originally thought. The company told reporters that the 50,000 customers affected will receive refunds on a 1:1 basis.

June 2019 – Bitrue

In a series of tweets, Bitrue announced the loss of 9.3 million XRP and 2.5 million ADA (~$4M at the time of the hack). For the 90 users affected, Bitrue has promised to repay them in full.

June 2019 – GateHub

Early June, GateHub admitted to a hack that may have resulted in the loss of an estimated $10 million in Ripple.

May 2019 – Binance

In a statement, Binance shared that hackers used a variety of techniques, including phishing, viruses and other attacks to withdraw 7000 BTC in a single transaction. Binance announced it would use the #SAFU fund to cover the incident in full.

March 2019 – Bithumb

Reportedly around 3 million EOS and 20 million XRP were stolen in this heist.
In an official statement, Bithumb shared that the stolen funds were owned by the exchange.

March 2019 – DragonEx

Hackers made off with nearly $7 million worth of cryptocurrency. DragonEx has shared that it intends to repay those who were directly affected.

March 2019 – CoinBene

Following a maintenance announcement and signs of assets moving to new addresses, suspicions that CoinBene fell victim to hackers rose among the public. While it’s believed that over $100 million worth of cryptocurrency was stolen, CoinBene denies a hack occurred.

February 2019 – Coinmama

Coinmama shared publicly that 450,000 email addresses and hashed passwords were leaked. The breach was part of a global attack that affected 30 companies and a total of 841 million user records.

January 2019 – Cryptopia

Cryptopia experienced two back-to-back hacks within a single month. The exchange estimated the losses totaled at most 9.4% of total holdings.

December 2018 – QuadrigaCX

While technically not a hack, QuadrigaCX’s sensational story is simply too controversial to ignore. The largest bitcoin exchange in Canada lost $190 million in crypto following the death of its founder and CEO Gerald Cotten, the sole controller of the exchange’s cold storage wallets.

October 2018 – MapleChange

Following a hack that lost the exchange nearly $6 million, MapleChange announced it could not refund customers and was closing its doors.

September 2018 – Zaif

According to Zaif’s investigation, $60 million in Bitcoin, Bitcoin Cash, and MonaCoin was stolen from the exchange.

July 2018 – Bancor

According to Bancor, “A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH. (~$1.25M). The same wallet also stole ~$1M in other alts and 3,200,000 BNT (~$10M)”
Bancor was able to freeze its tokens to mitigate some of the damage. The exchange claimed that no user wallets were compromised.

June 2018 – Bithumb

Roughly $31 million in cryptocurrency was stolen by hackers from the South Korea-based exchange with XRP being the main target.

June 2018 – Coinrail

Hackers allegedly stole over $40 million worth of altcoins and assorted tokens. Coinrail shared:

“Seventy percent of total coin and token reserves have been confirmed to be safely stored and moved to a cold wallet [not connected to the internet]. Two-thirds of stolen cryptocurrencies were withdrawn or frozen in partnership with related exchanges and coin companies. For the rest, we are looking at it with an investigative agency, related exchanges and coin developers.”

April 2018 – CoinSecure

Indian bitcoin exchange Coinsecure lost 438.318 BTC, allegedly due to the actions of its former Chief Security Officer.

February 2018 – Bitgrail

Hackers made off with roughly 17 million units of Nano (XRB), the coin formerly known as RaiBlocks amounting to about $195 million (USD).
In 2019, Owner and Founder Francesco Firano was sentenced to return as much of the assets to customers as possible.

January 2018 – Coincheck

Hackers stole nearly $530 million in NEM coins from Coincheck, then the leading exchange in Japan. One of Coincheck’s major security lapses, it admits, is that the exchange kept customer assets in a hot wallet.

December 2017 – EtherDelta

Hackers hijacked EtherDelta’s DNS server and diverted traffic to a malicious duplicate of the site. The scam netted the hackers 308 ETH and a number of ERC20 tokens.

December 2017 – Youbit

Following a hack that cost 17% of the exchange’s holdings, Youbit announced it was closing down.

September 2017 – Coinis

$2,190,000 was stolen in this hack. South Korea’s spy agency alleges that North Korea is behind this and other hacking attacks on this crypto-currency exchange in the South.

June 2017 – Bithumb

The personal details of 30,000 people were stolen, leading to the subsequent theft of their funds. While the company did not disclose the total amount it would reimburse customers, the losses are estimated to be over $1 million.

April 2017 – Yapizon

Before becoming Youbit, Yapizon was hacked for the first time, losing 3,831 BTC in the process. Yapizon shared that it would dock remaining customer balances by the same amount to spread the burden of the losses.

October 2016 – Bitcurex

Hackers were able to perform an automated data collection on the site, resulting in the loss of over 2300 BTC.

This is not the first time Bitcurex was targeted. In 2014, the exchange temporarily shut down its site following a hack that targeted its users’ funds. An official amount was not disclosed.

August 2016 – Bitfinex

The exchange lost nearly 120,000 Bitcoin in the breach. To compensate users, Bitfinex generalized the losses across all accounts and credited customers with BFX tokens at a ratio of 1 BFX to every dollar stolen.

In 2019, Bitfinex shared that 27.66270285 BTC, 0.023 percent of the total taken in the attack, had been recovered by US law enforcement efforts. As promised, the returned funds were converted to US dollars and paid to holders of its RRT token.

In 2021 two individuals were captured and charged in relation to this hack. US officials seized $3.6 billion in relation to this hack – their biggest seizure of cryptocurrencies ever. However, it remains unclear how these funds will be shared with customers who were forced to share the losses and were only compensated via the RRT token and to the amounts of their fiat value, rather than the crypto they initially lost.

May 2016 – GateCoin

In a breach that took place between the night of May 9, 2016 (HKT) and the evening May 12, 2016, Gatecoin lost 250 BTC and 185,000 ETH, 15% of its crypto asset deposits.

April 2016 – ShapeShift

Over the three incidents that spanned the course of a month, ShapeShift lost as much as $230,000 in what it believed was an inside job.

February 2015 – KipCoin

KipCoin claims to have lost over 3000 BTC in the hack. The announcement also shared that the hacker had gained access to Kipcoin’s server and downloaded the wallet.dat file months before the attack. The hacker laid low and did nothing with the funds before beginning to move them in December 2014.

February 2015 – BTER

According to BTER, 7,170 BTC were stolen from a cold storage wallet. BTER shared that they were working with law enforcement to resolve this matter, and outlined a plan to pay back users after inking a deal with security firm Jua.com.

January 2015 – LocalBitcoins

LocalBitcoins Vice President Nikolaus Kangas acknowledged a hack and loss of 17 BTC in a forum post. Kangas shared that the attacker used LiveChat to spread undetected malware to access the various accounts of victims.

January 2015 – Bitstamp

Hackers stole just under 19,000 BTC from the Slovenia-based company. The hack followed repeated phishing attempts aimed at Bitstamp employees.

January 2015 – 796

Hackers targeted a server vulnerability 796 and attacked during a transaction, stealing 1,000 BTC in the process. The exchange’s major shareholders covered the loss with unpaid dividends.

October 2014 – MintPal “2.0”

Following an earlier breach, MintPal was purchased by Moolah. After a failed relaunch of MintPal, Moolah announced it was shutting down but MintPal would remain in operation following an offline period to address infrastructure security. However, 3,700 BTC soon went missing along with Moolah’s CEO.

July 2014 – MintPal

Using a vulnerability in the exchange’s withdrawal system, the hacker was able to withdraw 8 million VRC from the Vericoin wallet. At the time, this amounted to around $1,933,000 in USD value.

July 2014 – Cryptsy

In July 2014, Cryptsy was the target of a hack that cost the exchange approximately 13,000 BTC and 300,000 LTC. Three years later, US District Judge Kenneth Marra ordered Paul Vernon, the former CEO of Cryptsy, to pay $8.2M in damages to customers.

March 2014 – Poloniex

According to Poloniex owner Tristan D’Agosta, 97 BTC were taken in the following method:

“The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.”

The company has since reimbursed its customers.

March 2014 – CryptoRush

Following the loss of up to 950 BTC and 2500 LTC, the exchange issued a “Debt Management Plan” which outlined plans and potential refunds for victims.

February 2014 – Mt.Gox

The victim of a massive and prolonged hack, Mt. Gox lost about 740,000 BTC. An additional $27M was also missing from the company’s bank accounts. 200,000 bitcoins have since been recovered.

Investigations revealed that the hack may have begun as early as September 2011. Prior to September 2011, Mt. Gox’s unencrypted private key appears to have been copied. The hacker(s) used the file to access and gradually steal funds associated with Mt. Gox’s private keys without detection. The shared keypool led to address re-use, with the Mt. Gox systems misinterpreting the transfers as deposits being moved. Whenever the wallets emptied, Mt Gox credited an additional 40,000 bitcoins to multiple user accounts.

November 2013 – Picostocks

Despite the loss of 5,875 BTC, Picostocks could not find signs of an intrusion.

November 2017 – BIPS

Hackers launched two DDoS attacks to overload BIPS servers and gain access to several online wallets, allowing them to steal 1,295 BTC.

November 2013 – BitCash

About $100,000 were stolen from 4,000 wallets. According to BitCash, their server was hacked and disabled. The hackers then used bitcash.cz email addresses to phish BitCash users.

October 2013 – Inputs

Inputs.io was compromised on October 23 and then again on October 26, with hackers making off 4,100 bitcoin total. The loss was a result of a social engineering attack that compromised a chain of email accounts. Eventually, the attacker gained access to reset the password for the Linode server.

January 2013 – Vicurex

Vicurex has not confirmed the amount lost in two hacks but reported that it was near insolvency in 2014. As a result of the hacks and subsequent fund withdrawals by spooked users, Vicurex froze withdrawals and declared mitigation plans. Several customers filed a lawsuit against the company for withholding their funds.

December 2012 – Bitmarket

BitMarket.eu was hacked several times with the most infamous incident taking place in 2012. Bitmarket developer Maciej Trębacz announced the exchange had lost 18,787 BTC as a result of his using Bitcoinica to set up a Bitcoin hedge fund. Unfortunately, Bitcoinica had also gotten hacked (see below), losing all of BitMarket’s funds along the way.

Three months following the announcement, Trębacz notified users that Yevgeniy Nikulin, a Russian national who was arrested for hacking Dropbox, Formspring, and LinkedIn, had stolen 620 BTC from the exchange by using an SQL injection to gain access to BitMarket’s servers.

September 2012 – BitFloor

Following an attack that lost the exchange over $250,000 in cryptofunds, BitFloor Founder Roman Shtylman shared that hackers targeted the exchange’s servers. Although BitFloor encrypted the wallet keys needed to conduct transactions, it also kept an unencrypted backup. The attacker(s) likely gained access to this backup.

March 2012 – Bitcoinica

Three separate incidents led to Bitcoinica’s downfall. On March 1, Linode, a web hosting provider whose clients included Bitcoinica, was hacked. The unknown intruder successfully stole 43,000 BTC from Bitcoinica.

On May 11, attackers used a compromised email account to lift 18,500 BTC from Bitcoinica’s hot wallet.

On July 13, another attacker gained access to a LastPass account containing passwords needed to access the MtGox account. The LastPass account used the same password as the MtGox API key used by the Bitcoinica server when Bitcoinica was still live. The attacker withdrew 40,000 BTC and 40,000 USD.

October 2011 – Bitcoin7

The company reported a theft of 5,000 BTC and shared that attacks originating from Russia and Eastern Europe targeted Bitcoin7’s server, compromising wallets and user data.

June 2011 – Mt.Gox

A hacker accessed credentials from a Mr. Gox auditor’s breached computer to send a large number of bitcoins to himself, causing the price of Bitcoin to fall below one cent. The hacker then created a massive ask order for any price and made a small fortune as the prices corrected in minutes.

Related Posts:

Security must come first…

Online hacking is a big risk for everyone making an income on the internet and it’s not only the big earners and businesses that are targeted. Many recent hacking attacks were directed toward the online marketing community and even those with little experience and new to this marketplace were under threat. Since we are working … Continue reading Security must come first…

38 thoughts on “All Crypto Exchange Hacks – Complete List (2011-2022)

  1. What’s the safest wallet to use to store and secure your crypto Currency?

    I liked your video on Hacked Crypto Exchanges. I Need help. Thanks


  2. Wow, awesome weblog structure! How long have you been blogging for? you make blogging look easy. The whole look of your website is excellent, as well as the content!!


  3. It’s a sad experience to lose your money to these wallets…I lost mine to Paxful in Dec 2021. A huge amount was stolen but I was lucky to recover it back after weeks of mails with no positive response from Paxful. I finally met a tech guy who tracked and recovered my trading $ with my stolen coin. If you have a similar issue, you can reach out: Jimfundsrecovery at consultant dot com.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s