215 Entries to date. Last updated in Nov 2025.
In this post, I collected data from various sources to compile a comprehensive list of all the hacks that we know of, from the early days of crypto, to most recent times.
Crypto exchanges (both centralized and decentralized) get hacked all the time, which is why I always advise my friends and followers to keep their long term holdings in HD wallets (cold storage) instead of risking their hard-earned money being stolen.
According to a recent report by Chainalysis, crypto hacking remains a persistent threat, with four years in the past decade individually seeing more than a billion dollars’ worth of crypto stolen (2018, 2021, 2022, and 2023). As technology continues to evolve, so do the tactics employed by cybercriminals, making the digital landscape increasingly dangerous for investors and everyday users. 2024 marks the fifth year to reach this troubling milestone, highlighting how, as crypto adoption and prices rise, so too does the amount that can be stolen. In this year alone, the surge in interest surrounding cryptocurrencies and blockchain technology has unfortunately paved the way for more sophisticated hacking attempts, leading to vulnerabilities being exploited at an alarming rate. Recent reports from security firms like TRM Labs and CertiK indicate that crypto thieves collectively stole digital assets worth $2.1 billion during the first half of 2025, with a notable shift in attack patterns from smart contract vulnerabilities to exploiting human behaviour through phishing and wallet compromises.
This is why I feel it’s important to highlight the risks we are facing when investing in, and using cryptocurrencies.
(This list keeps being updated and new entries are added regularly.)
2025
NOVEMBER
Upbit Exchange ($37M)
Upbit exchange (which was also hacked for $50 million in Ethereum on the same date in 2019) suffered another major security breach on November 27, 2025, involving the unauthorized transfer of approximately $30-$37 million in Solana-based tokens (including SOL and USDC) from one of its hot wallets. In response, the South Korean exchange immediately suspended all deposits and withdrawals, transferred all remaining assets to secure cold wallets, and officially pledged to fully cover all customer losses using its own corporate reserves, ensuring no financial damage to users. The incident occurred just hours after Upbit’s parent company, Dunamu Inc., announced a major acquisition deal with Naver Financial.
GANA Payment DeFi Platform ($3.1M)
On 24 November 2025, GANA Payment DeFi platform, operating on the Binance Smart Chain (BSC), was compromised after an attacker likely stole the private key controlling the project’s smart contract. With contract ownership, the attacker manipulated the unstaking reward function to drain approximately $3.1 million in native GANA tokens and other assets, which were subsequently bridged and laundered via Tornado Cash.
Balancer Protocol ($128M)
On 03 November 2025, Balancer DeFi protocol suffered a sophisticated exploit that drained assets across multiple chains. The attacker leveraged a subtle precision-loss bug within the Balancer v2 Composable Stable Pools’ smart contract logic, executing carefully crafted batchSwap operations to accumulate tiny rounding errors and extract the substantial value, making it one of the largest DeFi hacks of the year.
OCTOBER
October 2025 was reportedly a slightly “quieter” month for overall crypto losses compared to September, but it was dominated by a handful of significant DeFi exploits.
Typus Finance ($3.4M)
On 23 October 2025, Typus Finance, an options trading protocol on the Sui blockchain, confirmed an exploit resulting in a loss of around $3.4 million. The breach was attributed to a vulnerability within a specific DeFi vault/liquidity pool designed for options trading. The exploit involved manipulating or bypassing the security checks on the vault’s withdrawal mechanism, allowing the attacker to deplete the underlying crypto assets.
Garden Finance ($11M)
The largest single exploit in October 2025 targeted the Garden Finance DeFi platform, which lost approximately $11 million in assets. The attack happened on 16 October and exploited a vulnerability within the platform’s smart contract architecture, likely involving improper input validation or a flaw in the asset management logic, allowing the attacker to bypass deposit limits and drain a large portion of the protocol’s liquidity pools.
Abracadabra.Money ($1.8M)
The Abracadabra.Money DeFi lending protocol, known for its Magic Internet Money (MIM) stablecoin, suffered a flash-loan exploit. On 01 October attackers took advantage of the protocol’s ability to calculate the collateral value of certain tokens, manipulating the pricing mechanism to over-borrow MIM tokens which were then quickly swapped and drained, resulting in a loss of approximately $1.8 million before the exploit was contained.
SEPTEMBER
September 2025 was marked by a high volume of incidents, setting a record for the count of million-dollar hacks, despite the total value stolen being lower than previous quarters. The attacks heavily focused on supply chain compromises and private key theft, affecting third-party services and multi-sig wallets.
HyperVault ($3.6M)
On 24 September 2025, HyperVault yield-farming protocol within the Hyperliquid ecosystem was exploited for approximately $3.6 million. This incident was characterized by security analysts as an apparent “rug pull” where the project’s developers or insiders, who had control over the smart contracts, executed a function that drained the liquidity pools of user deposits before quickly deleting their social media presence and going dark.
UXLINK ($44M)
On 22 September 2025, the AI-powered Web3 social platform UXLINK suffered the month’s largest confirmed breach, totaling approximately $44 million in losses. The initial attack involved the theft of private keys for the project’s multi-signature wallet. Using this access, the attacker exploited a delegatecall function to seize administrative control, enabling them to perform unauthorized minting of billions of new UXLINK tokens on the Arbitrum network, causing the token’s price to crash over 70%.
SwissBorg / Kiln Supply Chain ($41.5M)
On 16 September 2025, Swiss wealth management platform SwissBorg recorded significant losses totaling approximately $41.5 million due to a supply chain compromise involving a third-party service provider named Kiln. Kiln, which managed SwissBorg’s Solana staking operations, was compromised, allowing malicious logic to be hidden within routine unstaking transactions. This malicious code successfully handed over control of a large volume of the platform’s staked SOL tokens to the attacker.
Shibarium Bridge ($2.4M)
On 09 September 2025, Shibarium Bridge, which facilitates transfers between the Ethereum and Shibarium blockchains, was hit by an exploit resulting in a loss of roughly $2.4 million in tokens (SHIB, ETH, and BONE). The attack was executed via a flash-loan attack combined with the manipulation of the bridge’s validator signing process, allowing the attacker to authorize a malicious state update that drained bridged assets without proper collateralization.
Venus Lending Protocol ($13M)
On 02 September 2025, the Venus lending protocol suffered a loss of approximately $13 million as a result of a phishing operation that targeted a high-value user or internal team member. The attack involved social engineering to compromise a victim’s private key or wallet signature permissions. Once access was gained, the attacker rapidly executed transactions to drain assets from the compromised account within the protocol.
August 2025
August 2025 saw a drop in the total number of large hacks compared to July, but it was marked by a highly costly centralized exchange breach, which accounted for the majority of the losses. Total confirmed losses for the month were approximately $65 million.
BetterBank Lending Protocol ($5M)
On 26 August 2025, The BetterBank lending protocol on the PulseChain network was exploited by an attacker who manipulated the protocol’s bonus reward system. By creating fake liquidity pairs and exploiting logical errors in the swapExactTokensForFavorAndTrackBonus function, the attacker was able to mint excessive ESTEEM tokens and drain approximately $5 million in digital assets. Crucially, the attacker later returned a significant portion of the funds, leaving a net loss of around $1.4 million
Odin.fun Memecoin Launchpad ($7M)
On 19 August 2025, Odin.fun memecoin launchpad and AMM was exploited for an estimated $7 million. The attackers took advantage of a vulnerability in the protocol’s Automatic Market Maker (AMM) code related to token valuation. By inflating the perceived value of deposited worthless tokens through specific transaction sequencing, the attackers were able to withdraw valuable assets, including Bitcoin, from the platform’s liquidity pools.
BtcTurk Exchange ($48M)
On 14 August 2025, the Turkish centralized exchange BtcTurk detected unusual outflows from its hot wallets on this date, resulting in the theft of approximately $48 million to $50 million in multi-chain assets (ETH, AVAX, ARB, MATIC, etc.). The breach was traced to compromised private keys controlling the exchange’s high-value hot wallets. The exchange halted crypto transactions and assured users that cold wallet assets were safe, confirming that corporate funds would be used to cover the loss.
CrediX DEX ($4.5M)
On 04 August 2025, decentralized exchange CrediX suffered a weak access control exploit about a month after its launch. The attacker was able to gain excessive administrative privileges, which they used to mint unbacked acUSDC tokens. They then used these illegitimate tokens to drain approximately $4.5 million in deposited assets from the protocol’s liquidity pools before bridging the stolen funds to Ethereum and laundering them.
July 2025
WOO X Exchange ($14M)
On 24 July 2025, centralized exchange WOO X was hit by a breach resulting in the theft of approximately $14 million from a small number of high-value user accounts. The attack originated from a phishing attack that compromised a team member’s device, granting hackers access to the project’s development environment. The attacker then executed coordinated withdrawals, converting a portion of the funds through token swaps. WOO X quickly paused activities and promised full reimbursement to affected users.
CoinDCX Exchange ($44M)
On 19 July 2025, CoinDCX, one of India’s largest cryptocurrency exchanges, disclosed a major security breach traced back to a compromised internal operational account used for liquidity provisioning. The incident was attributed to compromised employee credentials, possibly from a contractor working remotely. The breach resulted in the theft of approximately $44.2 million in various assets (including SOL and ETH). CoinDCX confirmed that customer funds held in cold storage were unaffected and that the exchange would use its corporate treasury to cover the entire loss.
BigONE Exchange ($27M)
On July 16 2025, the Seychelles-based centralized exchange BigONE was compromised in a sophisticated supply chain attack. Attackers reportedly exploited a vulnerability in the exchange’s Continuous Integration/Continuous Deployment (CI/CD) pipeline, allowing them to inject malicious code into the production environment. This malicious code modified the operating logic of account and risk control servers, enabling unauthorized withdrawals totaling approximately $27 million from the exchange’s hot wallet across assets like BTC, ETH, SOL, and USDT.
GMX Exchange ($43M)
On July 9, 2025, the decentralized exchange GMX suffered an exploit that resulted in the theft of approximately $42.8 million in Ethereum and stablecoins from its GLP liquidity pool. Following GMX’s offer of a 10% white-hat bounty, the hacker largely returned the stolen funds, with about $40.5 million being sent back, primarily in ETH and FRAX, leaving roughly $3 million unrecovered.
June 2025
AI Extension Crypto Heist
A Russian blockchain developer lost around $500,000 in crypto assets in June 2025 due to a malicious extension targeting the Cursor AI integrated development environment. This was a supply chain attack that manipulated search rankings to trick the developer into installing the fake “Solidity Language” extension.
Force Bridge ($3.6M)
Force Bridge, a cross-chain bridge, was exploited for an estimated $3.6 million. The incident occurred shortly after an announcement that the bridge would be sunset, and it’s believed the attacker used compromised private keys to access privileged functions and drain value.
Resupply DeFi Lending Protocol ($9.8M)
On June 24 2025, Resupply, a DeFi lending platform, was hit by a “malicious donation attack.” The attacker exploited a newly deployed vault and manipulated the exchange rate to take out approximately $9.8 million in loans with negligible collateral.
Nobitex Exchange ($90M)
Iran’s largest cryptocurrency exchange, Nobitex, suffered a politically motivated attack attributed to a pro-Israel hacking group. An estimated $90 million was stolen from hot wallets across multiple blockchains, likely due to compromised private keys. The attackers also leaked the protocol’s source code and sensitive documents.
ALEX Protocol ($8.3M)
On June 7 2025 ALEX Protocol experienced an $8.3 million hack due to weak access controls within the protocol. The attacker created a fake token and vault, tricking the protocol into calling a malicious transfer function, which bypassed access controls and allowed them to drain funds.
MAY 2025
Cetus Protocol ($230-500M)
On May 22 Cetus Protocol, the largest decentralized exchange and liquidity provider on the Sui blockchain, was exploited in a major security breach resulting in losses exceeding $230 million. The attacker exploited a structural vulnerability in Cetus’s internal oracle and pricing mechanism by introducing spoof tokens like BULLA, which had little to no real liquidity but were used to manipulate the protocol’s price curves and reserve balances. This manipulation caused the protocol to undervalue assets such as SUI and USDC, allowing the attacker to drain substantial amounts of these tokens from multiple liquidity pools without providing equivalent value. The breach caused a sharp spike in on-chain transaction volumes and a significant drop in Cetus’s total value locked (TVL). Cetus paused its smart contracts to prevent further losses and began collaborating with the Sui Foundation and security firms to investigate and recover stolen funds. Approximately $162 million of the compromised assets were successfully paused, while the attacker moved large sums across chains, converting stablecoins to ETH to obfuscate the trail. This incident is considered the second largest crypto hack of 2025 and severely impacted the SUI ecosystem’s token prices and liquidity. Cetus has received support from the broader crypto community, including Binance, as it works toward resolution.
Coinbase (Data Breach ~$400M)
In May 2025, the most notable crypto hack was the Coinbase cyberattack disclosed on May 15, where hackers bribed overseas contractors and employees to steal sensitive customer data. The breach affected less than 1% of Coinbase’s customers but led to social engineering scams that resulted in over $45 million in cryptocurrency theft. The attackers demanded a $20 million ransom, which Coinbase refused to pay, instead offering a $20 million bounty for information leading to their capture. The overall financial impact to Coinbase is estimated between $180 million and $400 million.
APRIL 2025
April 2025 was a particularly damaging month for the crypto industry overall, with total losses from hacks, exploits, and scams exceeding $357 million across 18 major incidents, highlighting persistent security challenges in the DeFi sector.
MorphoLabs ($2.6M)
On April 18, 2025, MorphoLabs, a prominent DeFi lending protocol, suffered a $2.6 million exploit when an attacker leveraged a vulnerability in its smart contract logic related to collateral liquidation. The attacker manipulated the liquidation process, allowing them to withdraw more assets than they had deposited by exploiting an edge case in the protocol’s accounting system. The team responded rapidly by pausing the affected contracts, notifying users, and initiating an investigation in collaboration with leading blockchain security firms.
KiloEx (7.5M)
On April 14 KiloEx, a decentralized exchange specializing in perpetual contracts, was hacked due to a vulnerability in its price oracle mechanism, resulting in a loss of approximately $7.5 million. The attacker exploited weak access controls in the KiloPriceFeed contract, using a publicly accessible Minimal Forwarder contract to manipulate token prices. By artificially setting the ETH/USD price low at the opening of a trade and then inflating it to an extremely high value at closing, the attacker drained funds from KiloEx’s vaults across multiple chains, including Base, opBNB, BNB Chain, and Taiko. The breakdown of losses was $3.3 million on Base, $3.1 million on opBNB, and $1 million on BNB Chain. After the exploit, KiloEx halted operations and offered a $750,000 bounty for the return of the stolen funds. In a positive turn, the hacker returned all stolen assets four days later, following the bounty offer, and KiloEx pledged not to pursue legal action, fully restoring user funds and resuming platform activities.
Loopscale ($5.8M)
On April 10 Loopscale, a decentralized finance platform, suffered an exploit targeting its token valuation mechanism, resulting in the theft of approximately $5.8 million. The attacker manipulated the valuation process to inflate the price of certain tokens, enabling them to withdraw excessive amounts from the protocol’s liquidity pools. In response, Loopscale promptly paused all platform operations and announced a bounty program offering a substantial reward to incentivize the return of the stolen funds. This strategy proved effective, as the team successfully recovered about 90% of the stolen assets within weeks.
UPCX ($70M)
On April 1, 2025, UPCX, an open-source crypto payments platform, was breached when an attacker gained unauthorized access to a privileged management address. Leveraging this access, the attacker performed a malicious upgrade to the platform’s ProxyAdmin smart contract and then executed the “withdrawByAdmin” function, enabling the withdrawal of 18.4 million UPC tokens—valued at approximately $70 million. The incident was quickly detected, prompting UPCX to halt all deposits and withdrawals and transfer remaining UPC tokens to a secure address as a precaution. UPCX acknowledged the breach, assured users that their funds were safe, and began an internal investigation.
MARCH 2025
In March the crypto space experienced 20 hacking incidents resulting in losses totalling approximately $33.46 million, a significant 97% drop from February’s losses. The largest hack occurred on March 25, when the decentralized finance protocol Abracadabra.Money was exploited for about $13 million, with 6,260 ETH drained. Another major breach took place on March 21, targeting the real-world asset restaking protocol Zoth, where $8.4 million was stolen and converted into stablecoins before being moved to other wallets. Additionally, zkLend suffered an $8.32 million attack, continuing the trend of DeFi lending platforms being targeted. There was also a notable incident on March 7 when a hacker returned 90% of the $5 million stolen from the decentralized exchange 1inch after being offered a bounty. Overall, March’s hacks were mostly concentrated in the DeFi sector, with partial recoveries helping to mitigate losses.
Abracadabra Finance ($13M)
On March 25 Abracadabra.Money, a decentralized lending platform, suffered a major hack resulting in the theft of approximately 6,260 ETH, valued at about $13 million. The attacker exploited state tracking errors in Abracadabra’s “cauldrons”—isolated lending pools where users borrow against GMX liquidity tokens—through a multi-stage attack involving a failed deposit, forced liquidation, and a bad loan taken out using the liquidated position as collateral. The stolen ETH was routed through the Tornado Cash mixer to obfuscate the funds’ origin. This was Abracadabra’s second major hack in just over a year, following a $6.5 million breach in January 2024.
Zoth Protocol ($8.4M)
On March 21 the real-world asset (RWA) restaking protocol Zoth was hacked when an attacker compromised the deployer wallet, which held critical admin privileges. This allowed the hacker to perform a malicious upgrade to the proxy contract “USD0PPSubVaultUpgradeable,” granting unauthorized control over user funds. The attacker drained approximately $8.4 million worth of USD0++ stablecoins from the protocol, which were quickly converted into DAI stablecoins and then swapped into about 4,223 ETH to obscure the trail. In response, Zoth announced a $500,000 bounty for information leading to the hacker’s identification and recovery of the stolen assets.
FEBRUARY 2025
ByBit Exchange ($1.46B)
On 25 February, the exchange’s cold wallet was compromised and the hackers stole a whopping $1.46 billion dollars’ worth of Ether. The FBI has attributed the attack to North Korea, specifically the Lazarus Group, a sophisticated cybercrime unit known for its involvement in previous major thefts. This is so far considered to be the biggest crypto heist to date (at least in fiat value) comparable only to the Mt.Gox from the early days of Bitcoin (see the oldest entries below for more details on this one).
ZkLend ($9.5M)
On February 12, zkLend, a Starknet-based decentralized lending protocol, was exploited for approximately $9.48 million (3,666 ETH) due to a decimal precision vulnerability in its smart contracts. The attacker manipulated the protocol’s lending accumulator through repeated deposits and withdrawals, exploiting rounding errors to artificially inflate their balance and drain tokens from other pools within zkLend. After the theft, the hacker bridged the stolen assets to Ethereum and attempted to launder them through the Railgun privacy protocol but failed. In a dramatic turn, while trying to launder 2,930 ETH (about $5.4 million) through Tornado Cash, the hacker mistakenly used a phishing site impersonating the mixer and lost all those funds to another scammer. Following the attack, zkLend paused deposits and withdrawals, offered a 10% bounty for fund returns, and later launched a Recovery Portal for affected users.
JANUARY 2025
AdsPower ($4.7M)
Between 21-24 January, AdsPower — a Singapore-based developer of an antidetect browser — was the target of a cyberattack. The attacker replaced the project’s browser extension with a malicious download, enabling them to steal an estimated $4.7 million in crypto from five of the plugin’s users.
Phemex ($73M)
On 23 January Phemex, a centralized exchange (CEX) based in Singapore, suffered a significant hack where attackers gained access to the exchange’s hot wallets, stealing an estimated $73 million in assets across sixteen blockchains, including Ethereum, Solana, Ripple, and Bitcoin. According to Hacken analysts, the unidentified hackers, believed to have ties to North Korea, moved quickly to convert stolen Tether and USD Coin (USDC) stablecoins into ETH, aiming to “bypass blacklisting risks.” The exchange promptly suspended deposits and withdrawals to ensure user safety and began addressing potential vulnerabilities.
Moby Trade ($2.5M)
On 3 January 2025, the DeFi platform Moby Trade suffered a hack where attackers stole approximately $2.5 million in USDC, WETH, and WBTC. The breach was caused by a leaked private key, which allowed the attackers to exploit an emergency withdrawal function.
2024
DECEMBER 2024
LastPass Breach ($5.36M)
In 2022 LastPass suffered a data breach which was used in Dec 2024 to attack customers’ cryptocurrency wallets. Hackers stole approximately $5.36 million from over 40 different crypto wallet addresses of LastPass users, and these funds were then swapped for Ethereum and transferred to various instant exchanges while being converted into Bitcoin. In January 2024, a $150 million theft from Ripple co-founder Chris Larsen’s wallet was traced back to the security lapse at LastPass, further highlighting the ongoing impact of the 2022 breach.
GemPad ($1.9M)
On 18 December GemPad, a no-code smart contract deployment platform, was the victim of a significant hack. The attacker exploited a reentrancy vulnerability in the project’s smart contracts across the Ethereum, BNB Chain, and Base networks, stealing an estimated $1.9 million of locked assets.
Reentrancy vulnerabilities occur when a contract transfers execution to an external smart contract without performing a full state update, allowing an attacker to reenter the vulnerable function and take advantage of the invalid state.
FEG ($1M)
In December 2024, the DeFi project Feed Every Gorilla (FEG) suffered a significant hack where an attacker exploited a vulnerability in FEG’s “SmartBridge,” a component designed to facilitate cross-chain token transactions. The attacker was able to withdraw FEG tokens from the bridge contract without depositing them in the source chain, leading to a loss of $1 million and a 99% drop in the token’s value. The vulnerability was reportedly due to an error in the FEG crosschain message verification process, which allowed unauthorized withdrawals of large amounts of FEG tokens. The stolen tokens were then sold off, causing the dramatic decline in the token’s value. FEG has faced multiple security breaches in the past, including two flash loan attacks in May 2022 and an issue with a token locking service that led to a $2 million loss, though approximately $1.9 million was eventually returned.
NOVEMBER 2024
Side Note:
- Crypto losses in November 2024 totalled $71 million.
- DeFi projects accounted for all reported losses, with no major CeFi incidents recorded.
- BNB Chain was the top target for attacks, hosting 46.7% of incidents, surpassing Ethereum.
- 99.96% of funds lost in November came from hacking, while rug pulls accounted for less than $26,000.
XT Exchange ($1.7M)
On 28 November cryptocurrency exchange XT.com has suffered a hack worth $1.7 million, according to blockchain security firm PeckShield.
Polter Finance ($12M)
Polter Finance suffered a $12 million flash loan hack on Nov 17. The team froze the protocol to prevent any further attacks and attempted to negotiate a bug bounty on-chain with the attacker. The vulnerability exploited in the Polter smart contract is a classic example of an oracle manipulation vulnerability.
DEXX Exchange ($30M)
The biggest hack in November 2024 was that of a memecoin trading platform DEXX on 16 Nov 2024, just a day after the Thala Labs exploit. According to MistTrack data, most users suffered losses under $10,000, but one individual lost over $1 million. The stolen assets were swiftly converted into Solana tokens, complicating recovery efforts. Blockchain security firm SlowMist, has identified more than 8,620 Solana wallets linked to the hack.
Thala Labs (DeFi) ($25.5M)
Thala suffered a “security breach” on Nov. 15 due to an “isolated vulnerability” related to its v1 farming contracts, which allowed the hacker to withdraw liquidity tokens to the tune of $25.5 million. Thala said it negotiated a $300,000 bounty with the hacker in exchange for the full return of user assets and the hacker handed the funds back six hours after the incident. Details of the attacker’s identity weren’t disclosed.
DeltaPrime ($4.8M)
Decentralized finance (DeFi) application Delta Prime, which operates on the Arbitrum and Avalanche networks, suffered an estimated $4.5 million hack on 11 Nov. In total, the attacker was able to steal approximately $4.8 million from DeltaPrime contracts across the Avalanche and Arbitrum blockchains. This is the second incident to hit the ‘yield farm’ in less than two months, bringing combined losses to approximately $10.5 million.
MetaWin ($4M)
MetaWin, an online casino that operates across multiple blockchains, including Ethereum and Solana experienced a hack on Nov 3, in which an estimated $4 million was stolen from the project.
OCTOBER 2024
M2 Exchange ($13.7M)
On October 31, 2024, M2 a cryptocurrency exchange based in the United Arab Emirates, experienced a cybersecurity incident that resulted in the loss of approximately $13.7 million in customer assets. The incident was resolved within 16 minutes. M2 took full responsibility for the incident and reimbursed all affected customers. The exchange has also implemented additional security measures to prevent future incidents.
US government-linked crypto wallet ($20M)
On October 24, 2024, a US government-linked crypto wallet was hacked, resulting in the loss of approximately $20 million in cryptocurrency. The stolen funds included various stablecoins and Ethereum. The malicious actor who drained the wallet returned $19.3 million to the government wallet less than 24 hours later. The circumstances surrounding the recovery remain unclear, but I suspect that the coins were stained. The wallet contained seized funds from the 2016 Bitfinex hack, so it is very likely that the coins were marked (stained), therefore any activity with these coins would have triggered AML alerts to various institutions and exchange platforms would detect and freeze them. This is just speculation on my part, as we don’t have any more details.
Tapioca Foundation ($4.7M)
The DeFi protocol Tapioca was targeted on Oct. 18 after its pseudonymous co-founder “Rektora” fell victim to an alleged social engineering attack. Such attacks rely on tricking victims into revealing sensitive information or misleading them into downloading malicious software or clicking on phishing links. In total, the attacker made off with approximately $4.4 million, including $2.8 million in USDC and $1.57 million in ETH, drained from the USDO/USDC liquidity pool. The stolen funds were quickly swapped for ETH, then USDT, and eventually bridged from Arbitrum to the BNB Chain, where they currently remain.
The Morpho PAXG/USDC Market ($230K)
On October 13, 2024, the Morpho PAXG/USDC Market was exploited, resulting in a loss of $230,000. The incident was caused by a vulnerability in the Morpho protocol, which allowed attackers to manipulate the market and profit from the price difference between PAXG and USDC. The Morpho team is currently investigating the incident and working on a fix to prevent future attacks.
Crypto Whale on a Blast Network ($35M)
On October 11, 2024, a crypto whale fell victim to a phishing attack on the Blast network, resulting in the loss of approximately $35 million worth of Few Wrapped Duo ETH (fwDETH) tokens. The attacker tricked the whale into signing a fraudulent permit signature, allowing them to drain funds from the victim’s wallet. This incident highlights the ongoing security challenges in the crypto space and the importance of staying vigilant against phishing attacks.
SEPTEMBER 2024
Onyx Protocol` ($3.8 M)
On September 26, 2024, Onyx Protocol, a decentralized finance (DeFi) platform, suffered a significant hack resulting in the loss of approximately $3.8 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Onyx Protocol is working to address the security breach, the stolen funds remain unclaimed.
BingX exchange ($43 M)
On September 20, 2024, BingX, a major cryptocurrency exchange, suffered a significant security breach. The attackers exploited vulnerabilities in the exchange’s hot wallets, stealing approximately $43 million worth of cryptocurrency.
Indodax exchange ($22 M)
On September 11, 2024, Indonesian cryptocurrency exchange Indodax suffered a major security breach, resulting in the loss of approximately $22 million in various cryptocurrencies. The attack targeted hot wallets and allowed the attackers to withdraw significant amounts of Bitcoin, Ethereum, Tron, and other tokens. Following the incident, Indodax temporarily suspended its operations to investigate the breach and implement necessary security measures.
Penpie Breach ($27 M)
On September 3, 2024, the Penpie decentralized finance (DeFi) protocol was exploited in a reentrancy attack, resulting in the loss of approximately $27,348,259 worth of Ethereum. The attack took advantage of a vulnerability in the protocol’s smart contracts, allowing the attacker to repeatedly call a function and manipulate the reward distribution mechanism to their benefit.
AUGUST 2024
NEXERA exchange ($1.5 M)
On August 7, 2024, NEXERA, a South Korean cryptocurrency exchange, suffered a significant security breach. The attack, believed to be perpetrated by North Korean hackers, involved the deployment of malicious malware. This malware allowed the attackers to steal approximately $1.5 million worth of cryptocurrency from the exchange’s hot wallets.
JULY 2024
MonoSwap ($1.3 M)
On July 24, 2024, the decentralized exchange and staking platform MonoSwap on the Blast chain was exploited, resulting in a significant loss of approximately $1.3 million. The Total Value Locked (TLV) for this protocol dropped significantly from approximately $1.5 million to $200,000 as a result of the exploit. Later all the bridged fund (371 $ETH) was transferred to the anonymous coin mixer Tornado Cash.
WazirX ($234.9 M)
On July 18, 2024, WazirX, a major Indian cryptocurrency exchange, suffered a significant security breach. The attackers exploited a vulnerability in the exchange’s multi-signature wallet, allowing them to steal approximately $234.9 million worth of digital assets. The stolen funds were subsequently laundered through various decentralized exchanges. Following the breach, the exchange suspended all crypto and cash withdrawals to conduct an internal investigation.
After using the exploit, the attacker quickly spent all of the money in the compromised wallet and distributed it among several addresses. A fraction of the stolen assets were secured when some of the cash was sent to exchanges including Binance and ChangeNOW, who quickly stopped accepting further transactions. Even with these precautions, it would be difficult to collect the entire amount because the majority of the money has already been distributed and changed into other cryptocurrencies. Three months later, WazirX has yet to issue any remediation plans to compensate affected users.
LIFI ($9.7 M)
On July 16th, 2024, LIFI Finance, a cross-chain bridge protocol, suffered a significant hack that resulted in the loss of approximately $10 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from the platform.
Minterest ($16 M)
On July 14, 2024, the cryptocurrency lending protocol Minterest experienced an attack, targeting the Ethereum-based version of Minterest, resulted in a loss of approximately $16 million.
DoughFina ($1.8 M)
On July 12, 2024, DoughFina, a decentralized finance (DeFi) protocol on the Ethereum blockchain, was exploited. The attack resulted in the loss of approximately $1.8 million worth of cryptocurrency. The vulnerability exploited in the attack was an access control issue in the ConnectorDeleverageParaswap contract, which allowed the attacker to manipulate the protocol and drain funds.
Bittensor Blockchain ($8 M)
On July 3rd, 2024, Bittensor, a decentralized artificial intelligence network, experienced a significant security breach. The attackers exploited vulnerabilities in the network’s smart contracts, allowing them to drain approximately $8 million worth of TAO tokens. The breach caused significant disruption to the network’s operations and impacted numerous users. Bittensor’s team is actively working to address the security issues and prevent future attacks.
JUNE 2024
BtcTurk Hot Wallet Hack ($55 M)
On June 22, 2024, BtcTurk, a major Turkish cryptocurrency exchange, suffered a significant hack. The attackers compromised several hot wallets, stealing approximately $55 million worth of cryptocurrency. While the majority of BtcTurk’s assets were safely stored in cold wallets (which are offline and less susceptible to attacks), the hack affected ten different cryptocurrencies stored in hot wallets, which are more vulnerable due to their constant online connectivity.
Kraken ($3 M)
On June 19, 2024, Kraken, a major cryptocurrency exchange, suffered a security breach. A security researcher exploited a critical zero-day vulnerability in the platform, allowing them to steal approximately $3 million in digital assets. The vulnerability enabled the attacker to initiate deposits and receive funds without fully completing the transaction. Kraken quickly addressed the issue within 47 minutes, but the stolen funds were not recovered.
Uwu Lend ($19.3 M + $3.5 M)
On June 10, 2024, UwU Lend, a decentralized finance (DeFi) protocol, suffered a significant hack resulting in the loss of approximately $19.3 million. The attacker exploited a vulnerability in the protocol’s pricing system, enabling them to manipulate token prices and drain funds from the platform. On June 13, 2024, UwU Lend was again targeted by the same attacker, who managed to steal an additional $3.5 million.
Loopring ($5 M)
On June 9, 2024, Loopring, a ZK-rollup based protocol built on Ethereum, experienced a security breach. The attack targeted the protocol’s two-factor authentication (2FA) based Guardian wallet recovery service. The hackers exploited a vulnerability in the 2FA service, allowing them to impersonate legitimate wallet owners and initiate unauthorized recoveries. This enabled them to gain access to private keys and drain funds from affected wallets. The total loss from the attack was estimated to be around $5 million.
Velocore ($10 M)
On June 2, 2024, Velocore, a decentralized exchange (DEX) protocol operating on zkSync and Linea blockchains, was exploited. The attack resulted in the loss of approximately $7 million in ETH. The vulnerability exploited in the attack was a flaw in the Balancer-style CPMM pool contract, which allowed the attacker to manipulate the protocol and drain funds. This incident highlights the importance of rigorous security audits and testing for DeFi protocols.
MAY 2024
DMM Bitcoin Private Key Hack ($305 M)
On May 31, 2024, DMM Bitcoin, a Japanese cryptocurrency exchange, suffered a significant security breach. The exchange lost approximately 4,502.9 Bitcoin, valued at around $305 million at the time. The incident was caused by an unauthorized leak of private keys, allowing the attacker to gain access to the stolen funds. The infamous Lazarus Group, a North Korean-linked hacking syndicate, is suspected of orchestrating the attack. The group reportedly began laundering the stolen funds, with over $35 million already processed through an online marketplace known as Huione Guarantee, a platform frequently associated with money laundering activities.
NORMIE ($881 K)
On May 26, 2024, the NORMIE protocol experienced a security breach, resulting in the loss of approximately $881,686 in cryptocurrency. The attack exploited vulnerabilities within the protocol’s smart contracts, allowing the attacker to drain funds from user accounts.
Gala Games ($212 M)
On May 20, 2024, Gala Games experienced a significant security breach. The hacker exploited a vulnerability in the platform’s smart contract – a hack that resulted from a private key (with administrator privileges) compromise. Using this unauthorized access, the attacker minted ~5B GALA tokens worth ~$212 million at the time of the hacks. However, the hacker was unable to fully capitalize on this exploit as Gala Games’ team quickly responded by freezing the hacker’s wallet and recovering a significant portion of the stolen funds.
Pump.fun ($1.9 M)
On May 16, 2024, Pump.fun, a Solana-based memecoin launchpad, suffered a significant security breach. A former employee, identified as Jarrett (also known as STACCOverflow), exploited their “privileged position” to drain approximately $1.9 million from the platform’s bonding curve contracts.
BlockTower Capital (Undisclosed)
On May 15, 2024, BlockTower Capital, a prominent crypto hedge fund, reported a security breach. While the exact amount of losses remains undisclosed, the incident involved the compromise of a private key, leading to the unauthorized transfer of funds. BlockTower Capital is actively investigating the matter and taking steps to enhance its security measures to prevent future incidents.
Sonne Finance on Optimism chain ($20 M)
Sonne Finance, a decentralized finance (DeFi) protocol on the Optimism network, was exploited in a flash loan attack on May 14, 2024. The attack resulted in a loss of approximately $20 million. The vulnerability exploited in the attack was a precision error in the protocol’s smart contracts. This allowed the attacker to manipulate the protocol’s token prices and drain funds.
Gnus.AI Discord Hack ($1.27 M)
The Gnus.AI artificial intelligence network lost approximately $1.27 million through a token-minting exploit on May 5, 2024. The team announced plans to release a new version of the Genius (GNUS) token and that users should no longer buy the old version. 100 million fake GNUS tokens were minted, bridged to Ethereum and sold into the market. The resulting price crash transferred the wealth of existing tokenholders to the attacker, as the attacker received real assets in exchange for tokens that were created out of thin air.
APRIL 2024
Rain Exchange ($14.8 M)
On April 29, 2024, the cryptocurrency exchange Rain was exploited, resulting in a loss of approximately $14.8 million. The exact details of the vulnerability exploited in the attack have not been publicly disclosed.
Xbridge SaitaChainCoin ($1.8 M)
The XBridge_ platform, associated with SaitaChainCoin, was exploited on April 24, 2024, resulting in a loss of approximately $1.8 million in cryptocurrency.
The vulnerability exploited in the attack was a smart contract flaw that allowed the attacker to manipulate the contract’s logic and drain funds.
Hedgey Finance Exploit ($44 M)
On April 19, 2024, Hedgey Finance was exploited. The attacker took advantage of a vulnerability in the project’s ClaimCampaigns contract, which allowed them to transfer tokens from the contract to themselves. Over $42.8 million worth of ARB tokens were successfully taken over by an attacker on the Arbitrum network. This incident highlights the importance of rigorous code audits and security practices in the DeFi space.
MARCH 2024
Prism Finance ($10 M)
On March 28, 2024, Prism Finance, a decentralized lending protocol, suffered a significant hack resulting in the loss of approximately $10 million. The attack exploited vulnerabilities in the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Prism Finance is working to address the security breach, the stolen funds remain unclaimed.
Curio ($16 M)
On March 23, 2024, the Curio DeFi project was exploited in a significant hack. The attack resulted in the loss of roughly $16 million worth of cryptocurrency.
The primary reason for the exploit is a permission access logic vulnerability in the smart contract based on. MakerDAO, which the attacker exploited to mint an additional 1B CGT.
The vulnerability exploited in the attack was a reentrancy attack, which allowed the attacker to repeatedly call a function and manipulate the protocol’s logic to drain funds. This incident highlighted the importance of rigorous security audits and testing for DeFi protocols, as well as the need for users to be cautious and conduct thorough research before interacting with any platform.
ParaSwap ($864 K)
On March 20, 2024, ParaSwap, a decentralized exchange aggregator, experienced a security breach. The attack exploited a vulnerability in the Augustus V6 contract, allowing the attacker to steal approximately $864,000 worth of cryptocurrency.
However, it’s important to note that ParaSwap quickly responded to the incident by pausing the vulnerable contract and taking steps to mitigate further damage. The platform also allocated funds to compensate affected users.
Mozaic Finance ($2.5 M)
On March 15, 2024, Mozaic Finance, a decentralized finance (DeFi) platform, suffered a security breach. The attack involved a compromise of the platform’s private key infrastructure, allowing the attacker to drain funds from the Mozaic vaults. Approximately $2.1 million was stolen and transferred to other exchanges. However, Mozaic Finance was able to recover a significant portion of the stolen funds due to prompt reporting to relevant exchanges.
WOOFi WooPPV2 contract on Woo Network ($10 M)
On March 5, 2024, the WOOFi WooPPV2 contract on the Woo Network was exploited in a significant hack. The attack resulted in the loss of approximately $10 million worth of cryptocurrency. The vulnerability exploited in the attack was a reentrancy attack, which allowed the attacker to repeatedly call a function and manipulate the protocol’s logic to drain funds.
FEBRUARY 2024
BitForex ($57 M)
On February 23, 2024, BitForex, a cryptocurrency exchange, abruptly halted operations after approximately $57 million was withdrawn from its hot wallets. The incident raised suspicions of an exit scam, as the exchange’s team became unresponsive to user inquiries. The stolen funds remain unclaimed, and the future of BitForex remains uncertain.
Last Pass ($6 M)
On February 19th and 20th, 2024, a significant number of LastPass users were targeted in a series of hacks. The attackers exploited a vulnerability in the platform to gain access to users’ encrypted vaults. While the exact number of affected users and the total amount of stolen funds is still being investigated, it’s estimated that over $6 million in digital assets were stolen from numerous victims. This incident highlights the importance of strong security practices, including using strong, unique passwords and enabling two-factor authentication.
PlayDapp ($290 M)
Between February 9 and 12, 2024, PlayDapp, a prominent South Korean crypto gaming and NFT platform operating on Ethereum, was exploited twice. The attacker, who gained access through a private key breach, minted over 1.79 billion PLA tokens, resulting in a total loss of approximately $290 million. Despite PlayDapp offering a $1 million reward for the return of the stolen funds, the attacker has refused and continues to launder the stolen tokens.
JANUARY 2024
Abracadabra ($6.5 M)
DeFi platform Abracadabra confirmed that it has been hit by a security attack, resulting in a loss of approximately $6.4 million. According to blockchain security firm Blocksec, the attack involved a malicious actor draining funds from the project’s smart contracts by taking advantage of a rounding issue, which resulted in what is known as a ‘precision loss’. The incident also caused the MIM stablecoin to depeg briefly to $0.7, and has since recovered to the $0.97 range.
Concentric ($1.8 M)
Concentric.fi fell victim to a social engineering attack on January 22, 2024, leading to losses exceeding $1.85 million. Attackers compromised an admin wallet and used it to deploy a malicious upgrade to the Concentric vault contracts. This upgrade drained liquidity from pools and user funds that had interacted with Concentric contracts. The attack highlights the dangers of social engineering and the importance of robust security protocols.
Unnamed Individual ($4.2 M)
On Jan 21, 2024, a phishing attack on Ethereum cost a victim around $4.2Million worth of aEthWETH and aEthUNI. The loss happened due to the victim’s signing of multiple ERC20 Permit signatures. (Source)
AttackTxn: https://etherscan.io/tx/0x93a0ce0711edaf7664c26b3654095f1052010bb7da62c135b6ef0c425c0c2f09
The addresses created to transfer these tokens are the temp addresses pre-computed by CREATE2 which is now increasingly being used by scammers to carry out phishing attacks.
Socket Tech ($3.3 M)
Socket.Tech was exploited on January 16, 2024 for around $3.3 million.
The attacker took advantage of a flaw in a newly deployed contract’s user input validation. Users who approved this vulnerable contract lost funds. The attack targeted USDC holdings and affected over 230 wallets, with the largest loss being $656,000. The stolen funds were converted to ETH and haven’t been recovered as of reports in late January 2024.
Gamma Strategies ($3.4 M)
On January 8, 2024, Gamma Strategies, a quantitative trading firm, suffered a significant cyberattack, resulting in the loss of approximately $3.4 million in digital assets.
The attack exploited vulnerabilities in the firm’s security systems, allowing the attacker to steal funds from user accounts. While Gamma Strategies is investigating the incident and working to recover the stolen funds, the details of the specific vulnerability exploited remain undisclosed.
CoinsPaid ($7.5 M)
On January 6, 2024, a cyberattack targeted CoinsPaid, a crypto payment processor, resulting in the theft of approximately $7.5 million in digital assets. The attack exploited vulnerabilities in the platform’s security systems, allowing the attacker to withdraw funds from user accounts.
Mango Farm ($2 M)
MangoFarm, a farming protocol on Solana, which promised unprecedented yield in the SOL space to its investors, stole away approx. $2Million of its investors’ wealth on Jan 7, 2024, in a well-orchestrated exit scam.
It had announced its MANGO token airdrop on Jan. 10, and to participate in the airdrop, users had to deposit their Solana SOL tokens in the protocol. This is a typical example of pre-orchestrated rug-pulls (another term for crypto scams that occur all the time). The developers of this project had the intention to do a quick money grab and this is exactly how it played out.
“Foobar,” a pseudonymous developer recently appointed as MangoFarmSOL’s security auditor, had warned users about MangoFarmSOL’s compromised front end on Jan 6 through a post on X. He also predicted that the protocol might be a potential rug pull.
Radiant Capital ($4.5 M)
On January 3, 2024, Radiant Capital, a decentralized lending protocol, suffered a major cyberattack, resulting in the loss of over $4.5 million in cryptocurrency. The attack exploited vulnerabilities within the protocol’s smart contracts, allowing the attacker to drain funds from user accounts. While Radiant Capital is working to address the security breach, the stolen funds remain unclaimed as of January 4, 2024.
Orbit Chain ($80 M)
On December 31, 2023, an unidentified attacker exploited a vulnerability in Orbit Bridge, a decentralized cross-chain protocol, stealing approximately $84.5 million worth of cryptocurrency. Orbit Chain is actively working with law enforcement and security experts to investigate the incident and recover the stolen funds.
2023
NovEMBER 2023
KyberSwap (47 M)
On November 23, 2023, KyberSwap, a decentralized exchange (DEX), was exploited in a significant security breach. The attack, which involved a complex series of actions, resulted in the loss of approximately $47 million in cryptocurrency. The attack exploited a vulnerability in KyberSwap’s smart contracts, allowing the attacker to manipulate the platform’s liquidity pools and withdraw funds.
Heco Bridge, HTX ($99 M)
On November 22, 2023, the Heco Bridge, a cross-chain bridge connecting the Heco chain to other blockchains, and HTX, a cryptocurrency exchange, were both victims of a significant security breach. The attack resulted in the loss of approximately $99 million in cryptocurrency. The hackers exploited vulnerabilities in the security protocols of both platforms, gaining unauthorized access to their hot wallets. The stolen funds were subsequently transferred to various cryptocurrency addresses.
OctOBER 2023
Stars Arena ($3 M)
On October 7, 2023, Stars Arena, a Web3 social media platform fell victim to a major security breach. The attack exploited a reentrancy vulnerability in the platform’s smart contracts, allowing the attacker to drain a substantial amount of funds, estimated at around $3 million. Luckily, in a surprising turn of events, the individual responsible for the exploit agreed to return the funds in exchange for a 10% bounty (approx. 27,610 AVAX tokens, which at the time amounted to nearly $257,000) resulting in the recovery of 90% of the stolen assets.
SepTEMBER 2023
Mixin Network ($200 M)
On September 23, 2023, Mixin Network, a blockchain-based peer-to-peer network for digital assets, was hacked. The attack resulted in the loss of approximately $200 million in cryptocurrency, including Ethereum, Bitcoin, and Tether. The hackers compromised the database of Mixin’s cloud service provider, gaining unauthorized access to the network’s hot wallets. This incident is one of the largest cryptocurrency heists of the year, highlighting the ongoing security challenges in the cryptocurrency industry.
CoinEx ($43 M)
On 12 September CoinEx hot wallets lost more than $43 million due to a hack. The hot wallets were drained of $19M worth of ETH, $11.5M in TRON and MATIC, amounting to $295,000. According to some reports, the total amount could be upwards of $50 million.
Stake ($41 M)
On 4 September crypto gambling site Stake suffered an attack with over $41million being withdrawn in confirmed hack. Withdrawals were reportedly made from Stake to an account with no previous activity, with funds stolen including Tether and Eth.
AugUST 2023
Exactly Protocol ($7.3 M)
On 18 August Exactly Protocol suffered a security exploit that resulted in approx. 4300 ETH (around $7.3 million) in losses. The EXA token also suffered from this hack and lost 20% of its value as a result.
JulY 2023
Curve Finance ($70 M)
On July 30, 2023, Curve Finance, a popular decentralized exchange (DEX), was exploited due to a vulnerability in the Vyper programming language. This attack resulted in the loss of approximately $70 million in cryptocurrency. The vulnerability allowed attackers to manipulate the exchange’s liquidity pools, leading to significant financial losses for users and the protocol itself. While some of the stolen funds have been recovered, the incident remains a significant setback for the DeFi ecosystem.
CoinsPaid ($37 M)
On 22 July 2023 hackers linked to Lazarus Group staged a sophisticated social engineering attack on the crypto payments provider CoinsPaid. The attack involved a six-month long social engineering campaign that culminated in a malicious software download that allowed the crooks to syphon $37.3 million, according to a report in DL News.
Multichain Bridge ($125 M)
On 6 July cross-chain bridge protocol Multichain suffered what appeared to be a hack or a rug pull. It caused losses of more than $125 million, making it “one of the biggest crypto hacks on record,” according to crypto research firm Chainalysis.
June 2023
Atomic Wallet ($50 M)
Reportedly $50 million (USD) in various crypto assets were drained from users accounts from the decentralized Atomic Wallet on 2 June 2023. Elliptic attributed the attack to cybercrime syndicate Lazarus Group, which is a state-sponsored North Korean hackers team. The company operating Atomic Wallet was slammed with a class-action lawsuit in the aftermath of the attack. Some sources claim the attack amounted to nearly $100 million in total.
AprIL 2023
Bitrue ($23 M)
On 14 April 2023 Singapore-based Bitrue’s hot wallets were hacked and around $23 million was stolen, an amount Bitrue claimed was less than 5% of its reserves.
Yearn ($11.5 M)
DeFi protocol Yearn had $11.5 million stolen on 13 April when someone discovered a vulnerability in an old version of one of the protocol’s contracts. Yearn lost $2.8 million to a different vulnerability in 2021 (see below.)
Sushi Swap ($3.3 M)
Decentralized exchange SushiSwap was exploited on 9 April 2023 allowing hackers to steal more than $3.3 million in crypto from wallets that had previously interacted with the platform. Reports indicate that only users who interacted with SushiSwap in the four days prior to the exploit were at risk.
GDAC ($13.9 M)
On April 9 users of the leading South Korean exchange GDAC woke up to the following message:
“Around 7 am, a hack occurred at Gdak Hot Wallet, where assets in the following quantities were transferred to an unidentified wallet: 60.80864074 BTC | 350.50 ETH | 10,000,000 WEMIX | 220,000 USDT. This is currently about 23% of total storage assets”. The exchange halted all deposits and withdrawals after the hack.
MarCH 2023
Euler Finance ($197 M)
DeFi lending platform Euler Finance lost roughly $197 million on March 13 in a flash loan attack. The incident was recorded as the biggest loss for crypto in Q1, 2023. As CryptoPotato reported, the exploiter stole $8.7 million worth of the decentralized stablecoin DAI, $34 million worth of USD Coin (USDC), $19 million wrapped bitcoin (WBTC), and $136 million worth of staked Ether (ETH). The attacker borrowed the assets through a flash loan and drained them from the protocol.
Days later, it was reported that majority of the funds were returned by the hacker (minus a few million bounty).
FebRUARY 2023
Opensea ($1.7 M)
On Feruary 18, NFT marketplace Opensea became a victim of an exploit causing the theft of non-fungible tokens worth over $1.7 million from its users. The NFT marketplace has been subject to numerous attacks over the past years. It was later determined that an attacker had successfully phished 17 OpenSea users into signing a malicious contract, which allowed the attacker to take the NFTs and then flip them. Bizarrely, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) from the attacker as well as some of his stolen NFTs back.
OpenSea users reportedly lost a total of $3.9 billion to fraudulent activities in 2022 alone.
BonqDAO ($120 M)
Decentralized borrowing protocol BonqDAO suffered $120M loss after oracle hack on February 1. This hack allowed the exploiter to manipulate the price of the AllianceBlock token, leading to an estimated $120 million loss, according to Peckshield. During the exploit a Polygon wallet accessed 112 million ALBT tokens, bridging them from the Polygon blockchain to the Ethereum blockchain. The hacker also got 500,000 USDC from dumping bonq euro (BEUR) tokens.
2022
OctOBER 2022
Mango Markets ($100 M)
Solana-based crypto exchange Mango Markets was hit with an exploit of over $100 million on October 12. The incident saw the hackers manipulate price oracle data, which enabled them to take out under-collateralized cryptocurrency loans. At the same time, the network has suffered several outages that appear to deter investors. The most recent outage was recorded on October 1, lasting at least six hours. Overall, in 2022 alone, the network suffered at least five significant outages all due to attacks on the network, with some running into days.
BNB Smart Chain ($586 M)
While this was not an exchange hack, I include it here as it is of huge magnitude, one of the biggest single hacks to date. BNB Smart Chain was hacked for 2 million BNB, its native cryptocurrency, worth approximately $586 million at the time of the incident (October 6). The attacker only managed to bridge a fraction of the stolen tokens (around 100 million USdollars’ worth) to other chains before validators halted the network, blocking access to the $430 million remaining in the hacker’s BNB chain address. The chain was promptly re-activated, but the incident sparked many complains about centralization of the blockchain network.
SeptEMBER 2022
Wintermute ($160 M)
Market-maker Wintermute has lost $160 million in a hack on September 20, relating to its decentralized finance (DeFi) operation. the company’s CEO confirmed the attack in this tweet.
AugUST 2022
Curve ($570 K)
On 9 August DeFi protocol Curve Finance gets hacked and approx $570,000 in ETH is stolen. 3 days later, Binance freezes wallets associated with the hack and recovers almost 80% of the funds.
Nomad Bridge ($200 M)
On 2 August the cross-chain token bridge Nomad suffered a hack amounting to nearly $200 million (USD). Nomad, like other cross-chain bridges, allows users to send and receive tokens between different blockchains. The company acknowledged the incident in a tweet.
June 2022
Harmony Bridge ($100 M)
On 24 June, the Horizon Bridge to the Harmony layer-1 blockchain was exploited for $100 million in altcoins which were swapped for Ether. Eleven transactions were made from the bridge for various tokens and then sent to different wallets for swaps into ETH on Uniswap. In January 2023, the FBI released a report, revealing that Lazarus Group, the North Korean state hacking group, was behind this operation and 11 addresses were identified. The criminal organization laundered more than $60 million worth of Ethereum (ETH) on January 13, 2023 via RAILGUN – a privacy protocol.
Osmosis DEX ($5 M)
On 8 June, Osmosis, a decentralized exchange built on Cosmos, was hacked for roughly $5 million, forcing developers to halt the network.
May 2022
Mirror Protocol ($2 M)
On 28 May, Mirror Protocol, a decentralized finance platform on the Terra network – had more than $2 million drained from it due to an issue affecting how its price-setting software reacted to the historic Luna cryptocurrency crash and the rushed decision to create a new version of it. This was not a hack per se, but an exploit of a bug in the system that allowed attackers to take out more than $1 million in loans with just $1,000 in collateral.
AprIL 2022
Saddle Finance ($10 M)
On 30 April Saddle Finance, a decentralized exchange for trading stablecoins, was hacked in a DeFi exploit. Saddle Finance confirmed the incident, saying its team was investigating a “possible exploit.” BlockSec was able to rescue $3.8 million from the exploiters with an “internal system” that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. Still, the hacker made off with more than $10 million in ETH from Saddle’s liquidity pools. Saddle Finance said it was in the process of recovering the $3.8 million from BlockSec.
Fei & Rari ($80 M)
On 28 April, DeFi platforms Rari Capital and Fei Protocol suffered more than $80 million loss due to a hack. The hacker exploited a reentrancy vulnerability in Rari’s Fuse lending protocol and according to a tweet from Blockchain security firm PeckShield, the same vulnerability has been used to attack other forks of the Compund DeFi protocol.
Beanstalk Protocol ($182 M)
On 17 April, Ethereum DeFi protocol Beanstalk was hacked for $182 Million in Ethereum, BEAN stablecoin, and other assets. The hacker used a flash loan, which allows people to borrow an asset to make a quick trade and then repay the asset—all in just one complex transaction that involves multiple protocols.
MarCH 2022
Ronin Network ($625 M)
This was at the time, the second biggest crypto hack ever: $600 Million in ETH was stolen from NFT gaming blockchain Ronin Network – an Ethereum-linked blockchain platform for non-fungible token-based video game Axie Infinity. The incident that took place on 23 March 2022, greatly affected many users of the platform and tanked the AXS token in the aftermath.
Cashio ($52 M)
On March 23, 2022, Cashio, a Solana-based stablecoin protocol, was exploited in an “infinite glitch” attack, allowing the hacker to manipulate Cashio’s smart contracts and mint an infinite supply of CASH without providing any liquidity in return. The hacker used the newly minted tokens to exchange them for stablecoins on Cashio’s liquidity pools, and blockchain data shows over 2 billion CASH were minted without any USDC or USDT backing. The hacker was able to steal around $52 million worth of assets, reportedly.
FebRUARY 2022
Wormhole ($320 M)
On 2 February, Wormhole Portal, a bridge between Solana (SOL) and other blockchains, was exploited for approximately 120k wrapped ETH. The total value of the stolen crypto assets stands at around $320 million at the time. Later, a Chicago trading firm Jump Crypto, in collaboration with Oasis and other whitehat hackers, counter-exploited the hacker and recovered around $140 million worth of assets that were stolen during the attack. The recovery was initiated via the Oasis Multisig, and the funds were returned to a court-authorized third party. This recovery has been described as setting a “very dangerous precedent” for decentralized finance, as it challenges the founding assumptions of DeFi, particularly the idea that all transactions are final and that no crypto can ever leave a user’s wallet.
JanUARY 2022
Qubit Finance ($80 M)
On 28 January DeFi protocol Quibit revealed in a tweet, that it had been exploited by an attacker who stole 206,809 BNB from its QBridge protocol. In total, the tokens were valued at $80 million.
Crypto.com ($30 M)
On 17 January more than $30 million was stolen by hackers from wallet and exchange app Crypto.com. The company said that 4,836 ETH and 443 BTC were taken. According to the report released by the company, 483 users had their accounts compromised.
2021
DecEMBER 2021
Grim Finance ($30 M)
On 18 December DeFi protocol Grim Finance lost $30 million in 5x re-entrancy hack. This security flaw in the Grim Finance protocol allowed the attacker to fake five additional deposits.
Vulcan Forged ($140 M)
On 13 December, a cyberattack on The NFT marketplace Vulcan Forged saw 96 wallets compromised and a loss of $140 million was reported.
AscendEX ($77 M)
On 12 December, Crypto exchange AscendEX — formerly known as BitMax — was hacked for an estimated $77.7 million. That is according to the exchange, which acknowledged the hack, and security researchers PeckShield who have estimated its losses. Coins and tokens stolen include USDT, USDC, TARA, SHIB, AAVE, COMP.
Bitmart ($200 M)
On 5 December 2021, reportedly, close to $200 million worth of crypto was stolen in this hack according to security firm Peckshield. Bitmart promised to use its own money to reimburse users and claims the hack is worth $150 million.
BadgerDao ($120 M)
$120 million was stolen from the BadgerDAO decentralized finance protocol by a hacker targeting the protocol on the Ethereum network on 2 December 2021. One user’s account suffered a $90 million loss and later it was confirmed that the account belongs to crypto lending platform Celsius. This was one of many heavy blows to Celsius, which later went into insolvency.
NovEMBER 2021
bZx ($55 M)
On November 5, the defi protocol bZx was hacked when its private key was compromised, allowing the attacker to steal $55 million. Both chains used by bZx : BSC and Polygon, were affected by the hack.
OctOBER 2021
Cream Finance ($130 M)
In October 2021, CREAM Finance was hacked in the third-largest DeFi hack to date with losses of over $130 million. The attacker used a flash loan attack to exploit vulnerabilities within the protocol. The attacker exploited a flash loan attack, draining over $260 million in funds. The attacker used a complex transaction that involved 68 different assets and cost over 9 ETH in gas.
SepTEMBER 2021
Compound ($147 M)
Compound Finance, an Ethereum-based lending and borrowing protocol, had an exploit and the protocol erroneously paid out vast sums in its native cryptocurrency COMP to some users who provided only miniscule levels of collateral in ETH, USDC, and DAI. An error in the protocol’s smart contract was suspected as the cause of the malfunction. It is rumoured that the total of funds amounted to $147 million. Other glitches were also reported around the same time. A faulty Compound Finance contract intended to disburse liquidity mining rewards over time was topped off with $66 million in tokens and the same bug drained $80 million in tokens throughout the month of September.
Vee Finance ($35 M)
Just a week after lending platform Vee Finance celebrated a milestone of $300 million in total value of assets locked, it suffered an exploit that remains one of the largest on the Avalanche network. A total of approx. $35 million was lost.
pNetwork ($12 M)
The Defi protocol, pNetwork alerted the community of a 277 Bitcoin (BTC) hack, which amounts to 12.67 million in USD. The network revealed that the attacker installed a bug on the Binance Blockchain codebase of pNetwork. However, the protocol confirmed safety for other funds as no more bridges had to bear the burn of the attack.
AugUST 2021
CREAM Finance ($19 M)
On August 30, 2021, decentralized lending protocol CREAM Finance was the victim of a flash loan hack. PeckShield specified that the hacker exploited the Amp token by reborrowing assets during its transfer before updating the first to borrow in 17 separate transactions. Providing an example transaction, the security firm stated, “The hacker makes a flashloan of 500 ETH and deposit the funds as collateral. Then the hacker borrows 19M AMP and makes use of the reentrancy bug to re-borrow 355 ETH inside AMP token transfer. Then the hacker self-liquidates the borrow.”
Liquid Exchange ($97 M)
On August 18th 2021, Japanese exchange Liquid reportedly suspended asset deposits and withdrawals as its hot wallets have been hacked in a security breach. Affected coins in this hack were Bitcoin, Ethereum, Tron and XRP to the total amount of approximately $97 million (according to Elliptic’s analysis)
Poly Network ($600 M)
Reportedly, over $600 million was stolen on August 10, 2021 by a ‘white hat’ hacker making this the biggest single crypto hack to date. Ethereum, Binance Smart Chain and Polygon tokens were stolen but the claim is that this hack was only committed in order to highlight the vulnerabilities of the Poly Network platform and most of the funds were later returned. Around $200 million is still outstanding and Poly Network reportedly promised the hacker a $500,000 bounty for the restoration of user funds, and even invited them to become its “chief security advisor.” In the end, all funds were recovered eventually.
May 2021
Belt Finance ($6.3M)
Belt Finance, a DeFi project based on the BNB Smart Chain (BSC) fell victim to a flash loan attack that netted the attacker about $6.3 million in cryptocurrency.
PancakeBunny ($200 M)
PancakeBunny, a yield management platform operating on BSC and Polygon, became a victim of a flash loan attack that resulted in $200 million loss. Originally it was thought that only $45 million of value were lost according to one source. The attack caused the price of its native BUNNY token to plummet by 95% in the aftermath.
Coinbase (Data Breach)
As reported by Reuters in October 2021, this hack took place between March and May 20th 2021. At least 6000 customers have been victims of unauthorized third parties exploiting a flaw in the company’s SMS account recovery process to gain access to multiple accounts, and transfer funds to crypto wallets not associated with Coinbase. The amounts are undisclosed.
AprIL 2021
Uranium Finance ($50 M)
In late April, Uranium Finance is a decentralized exchange (DEX) on Binance Smart Chain (BSC) suffered a loss of $50 million during its token migration process. Mostly BNB and BUSD tokens were targeted, but also USDT, BTC, ETH, DOT, ADA, and U92, Uranium’s native crypto.
Thodex ($2 B)
The largest Turkish crypto exchange vanished after reports about suspicious transactions. Allegedly, the founder took off with $2 billion USD of customers money and fled to Albania. He was later captured and was sentenced to 11,196 years in prison by a Turkish court on charges of “establishing, managing and being a member of an organization,” “qualified fraud,” and “laundering of property values.”
EasyFi ($81 M)
On April 19 EasyFi, a DeFi Polygon Network-powered protocol, was the victim of a hack. The attacker was able to extract 2.98 million EASY tokens and $6 million in USD, DAI, and USDT for a total value of about $81 million.
MarCH 2021
Paid Network ($100 M)
On March 5, 2021, the PAID Network smart contract was compromised. By exploiting flaws in how the smart contract was secured and managed, the attacker was able to extract approximately $100 million worth of $PAID tokens, and converted about $3 million of it to Ether before being blocked by the PAID Network team.
Meerkat Finance ($31 M)
Binance Smart Chain-based lending protocol Meerkat Finance lost $31 million in user funds just a day after it launched in March 2021.
FebRUARY 2021
Yearn ($11 M)
On Feb 4 a hack of the Yearn DAI v1 vault caused a loss of approx. $11 million to the vault that resulted in a $2.8 million profit for the hacker. Reportedly, by responding within eleven minutes, the team was able to protect the remaining $24 million stored in the vault from the attacker.
Cryptopia ($45 K)
Even as it is being liquidated following a previous breach that stole NZ$24 million (approx. US$15.5 million), this exchange gets hacked again.
According to a Stuff report a creditor, U.S. firm Stakenet, has been told that about NZ$62,000 (US$45,000) in the XSN cryptocurrency had been transferred out of its cold wallet on Feb. 1.
2020
Livecoin (Data Breach)
On Christmas Eve (23 December), Livecoin, a Russian cryptocurrency exchange, suffered a hack that resulted in the loss of control of some of its servers, warning customers to stop using its services. The attackers modified the price of BTC to $300,000, rather than the $24,000 market value at the time. This exchange is now shut down. It never recovered from this incident and court proceedings are in place to supposedly recover some of the users funds but so far not much has come out of this.
Liquid Exchange (Data Breach)
On 13 Nov 2020, Liquid, a cryptocurrency exchange based in Japan, suffered a hack that was mostly data breach that gave the attacker the ability to change DNS records and in turn, take control of a number of internal email accounts. No funds were stolen in this incident, but a year later the exchange was hacked again and a loss of $94 million was reported.
Kucoin ($281 M)
Singapore-based crypto exchange Kucoin suffered a hack that resulted in the loss of around $281 million worth of cryptocurrencies. KuCoin worked with international law enforcement to investigate the hack and recover the stolen funds and with the help of the developers of some of these projects and combined efforts of other exchanges and was able to recover about $239 million. The remaining losses of $45.55 million were covered by the exchange’s insurance fund.
Eterbase Hack ($5.4 M)
September 2020, Eterbase, a cryptocurrency exchange based in Bratislava, Slovakia, suffered a hack that resulted in the loss of $5.4 million worth of cryptocurrency. The incident involved the theft of various cryptocurrencies from the company’s hot wallets, including Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets.
Cashaa ($3.1 M)
On July 11, fraudsters hacked into digital payment platform Cashaa’s over-the-counter desk, which serves Indian customers, and stole 336 Bitcoin, worth about $3.1 million at the time. The attacker may have implanted malware into one of the exchange’s computers. As an employee accessed the affected machine to make two transfers, the attack was launched. It’s suspected to have been an inside job.
Balancer ($500 K)
An attacker stole over $500,000 in Ether, Wrapped Bitcoin, Chainlink, and Synthetix tokens. Balancer CTO Mike McDonald explains that the attacker had borrowed $23 million in WETH tokens in a flash loan from dYdX. They then traded against themselves with Statera (STA), a token that uses a transfer fee model and burns 1% when traded. The attacker repeated this back and forth 24 times, draining the STA liquidity pool. Because Balancer thought it had the amount of STA remained unchanged, it released WETH in the amount of the original balance, giving the attacker a larger margin for every trade. The attacker then repeated this attack with WBTC, LINK and SNX, all against Statera tokens.
Coincheck (Data Breach)
In May 2020, Coincheck, a Japanese cryptocurrency exchange, suffered a data breach after attackers accessed one of its domain name accounts and used it to impersonate the exchange. Coincheck stated that certain personal information like names, registered addresses, birth dates, phone numbers, and ID Selfies was exposed in the incident. Digital assets, however, were not affected.
In 2018, Coincheck lost $500 million in NEM coins after hackers compromised the exchange platform (see below).
Uniswap ($25 M)
On 18 April, Uniswap, a decentralized cryptocurrency exchange, and Lendf.me, a decentralized lending platform, were hacked, resulting in the loss of $25 million worth of cryptocurrency. The hacker(s) used an exploit published in July 2019 on GitHub by OpenZeppelin, a company that performs security audits for cryptocurrency platforms. The hackers first used the exploit against Uniswap and then used it again the next day against Lendf.me.
Altsbit ($70 K)
Altsbit, a small Italian cryptocurrency exchange, suffered a hack that resulted in the loss of almost all of its funds. On February 6, the exchange announced that it had lost 6.929 BTC and 23 ETH, among losses in other cryptocurrencies such as Pirate Chain (ARRR), VerusCoin (VRSC), and Komodo (KMD). The total amount lost was estimated to be only about $70,000 but Altsbit explained that it cannot compensate losses and intends to return untouched amounts as some percentage to users. Despite a significant part of Altsbit’s crypto funds being stored on cold storage, the exchange still terminated its services on May 8, 2020.
2019
Upbit ($49 M)
On November 27, 2019, hackers attacked Upbit (a South Korean exchange) and made off with 342,000 ETH (nearly $50 million at the time of the hack). Upbit promised users that it would cover the losses.
VinDAX ($500 K)
on 5 November 2019, Vietnam-based exchange VinDAX lost half a million U.S. dollars’ worth of funds in various cryptocurrencies. The exact details of the hack were not disclosed.
Bitpoint ($32 M)
On July 11, BitPoint (Japanese exchange) suffered a loss of 3.5 billion yen, 2.5 billion of which belonged to customers. In a followup, the company found that actual losses from the breach came to around 3.02 billion yen (US$32 million) – roughly $500 million less than originally thought. The company told reporters that the 50,000 customers affected will receive refunds on a 1:1 basis.
Bitrue ($4.2 M)
On 27 June 2019, Bitrue, a Singapore-based cryptocurrency exchange, suffered a hack that resulted in the loss of around $4.2 million in user assets. In a series of tweets, Bitrue announced the loss of 9.3 million XRP and 2.5 million ADA. For the 90 users affected, Bitrue has promised to repay them in full.
GateHub ($9.5 M)
In June 2019, GateHub, a cryptocurrency wallet service, suffered a hack that resulted in the loss of 23.2 million XRP, worth nearly $9.5 million, from its users’ wallets. The company announced the news on its website.
Binance ($40 M)
On 7 May 2019 Binance, one of the world’s largest cryptocurrency exchanges, suffered a hack that resulted in the loss of over $40 million worth of bitcoin. In a statement, Binance shared that hackers used a variety of techniques, including phishing, viruses and other attacks to withdraw 7000 BTC in a single transaction. Binance announced it would use the #SAFU fund to cover the incident in full.
Bithumb ($13 M)
Bithumb, a South Korean cryptocurrency exchange, suffered a hack that resulted in the loss of $13 million worth of EOS and $6 million worth of Ripple (XRP) from its wallets. In an official statement, Bithumb shared that the stolen funds were owned by the exchange and it’s alleged that it could have been an inside job.
CoinBene ($100 M)
Following a maintenance announcement and signs of assets moving to new addresses, suspicions that CoinBene fell victim to hackers rose among the public. While it’s believed that over $100 million worth of cryptocurrency was stolen, CoinBene (Singapore-based cryptocurrency exchange) denied the hack, but the exchange’s website remained in maintenance mode for an extended period.
DragonEx ($7 M)
Hackers made off with nearly $7 million worth of cryptocurrency. DragonEx has shared that it intends to repay those who were directly affected. DragonEx was able to recover from the hack and continued operating.
Coinmama (Data Breach)
Coinmama, an Israel-based cryptocurrency brokerage, suffered a major data breach that affected 450,000 of its users. The breach was part of a global attack that affected 24 companies including gaming, travel booking, and streaming sites and a total of 841 million user records. No financial losses, but a lot of personal data.
Cryptopia ($16 M)
In January 2019, Cryptopia, a New Zealand-based cryptocurrency exchange, experienced two back-to-back hacks within a single month. According to reports, as much as ~$16 million worth of Ethereum and ERC20 tokens were stolen, which the exchange estimated to be around 9.4% of total holdings. The exchange was hacked again in 2021 and closed doors as a result.
LocalBitcoins ($28 K)
On January 26, 2019, clients of peer-to-peer bitcoin trading service LocalBitcoins were the targets of a phishing scam which resulted in the theft of $28,200 worth of bitcoin. During a 5-hour window, users reported that when accessing the LocalBitcoins forum, they would be redirected to a page mimicking the LocalBitcoins login page. In the background, the hacker(s) would collect the login credentials from users.
2018
Dec 2018 – QuadrigaCX ($190 M)
While technically not a hack, QuadrigaCX’s sensational story is simply too controversial to ignore. The largest bitcoin exchange in Canada lost $190 million in crypto following the death of its founder and CEO Gerald Cotten, the sole controller of the exchange’s cold storage wallets.
Oct 2018 – MapleChange ($6 M)
In October 2018, MapleChange, a Canadian cryptocurrency exchange, experienced a hack that resulted in the loss of approximately $6 million worth of BTC. Following the incident MapleChange announced it could not refund customers and was closing its doors.
Sep 2018 – Zaif ($60 M)
In September 2018, Zaif, a Japan-based cryptocurrency exchange, suffered a hack that resulted in the loss of various cryptocurrencies, including 6,000 BTC. According to Zaif’s investigation, $60 million in Bitcoin, Bitcoin Cash, and MonaCoin was stolen from the exchange.
July 2018 – Bancor ($23.5 M)
In June 2018, Bancor, an Israeli-Swiss decentralized cryptocurrency exchange, suffered a hack that resulted in the loss of $23.5 million of cryptocurrency tokens belonging to its users. According to Bancor, “A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of 24,984 ETH. ($12.5M). The same wallet also stole ~$1M in other alts and 3,200,000 BNT ($10M)”
Bancor was able to freeze its tokens to mitigate some of the damage. The exchange claimed that no user wallets were compromised.
June 2018 – Bithumb ($31 M)
Roughly $31 million in cryptocurrency was stolen by hackers from the South Korea-based exchange with XRP being the main target. The personal details of 30,000 users were stolen, leading to the subsequent theft of their funds.
June 2018 – Coinrail ($40 M)
In June 2018, Coinrail, a cryptocurrency exchange based in South Korea, suffered a hack that resulted in the loss of cryptocurrencies totaling as much as $40 million. The hackers stole altcoins and ICO-issued tokens that weren’t Bitcoin or Ethereum. Coinrail was able to recover from the hack and continue operating.
Apr 2018 – CoinSecure ($3.4 M)
In April 2018, Coinsecure, an India-based cryptocurrency exchange, suffered a hack that resulted in the loss of 438.318 BTC, worth around $3.4 million at the time. The private keys of the wallet were leaked online, and all data logs were erased, indicating that it was an inside job. The exchange accused its Chief Strategy Officer (CSO), Dr. Amitabh Saxena, of being involved in the theft.
Feb 2018 – Bitgrail ($170 M)
Hackers made off with roughly 17 million units of Nano (XRB), the coin formerly known as RaiBlocks amounting to about $170 million (USD). The BitGrail hack was the second major cryptocurrency hack in 2018, following the $530 million hack of Japanese exchange Coincheck. In 2019, Owner and Founder Francesco Firano was accused of fraudulent activity related to the hack and was sentenced to return as much of the assets to customers as possible.
Jan 2018 – Coincheck ($530 M)
Hackers stole nearly $530 million in NEM coins from Coincheck, the then leading exchange in Japan. The hack was the largest in the history of cryptocurrencies at the time. One of Coincheck’s major security lapses, it admits, is that the exchange kept customer assets in a hot wallet. In January 2021, around 30 people were formally charged in Japan with trading almost $100 million worth of digital assets while knowing they had been stolen in the Coincheck hack.
2017
Youbit (N/A)
In December 2017, Youbit, a South Korean cryptocurrency exchange, suffered a hack for the second time in less than eight months. Following the hack that cost 17% of the exchange’s holdings, Youbit announced it was closing down. The exact amount of the theft was not disclosed.
EtherDelta ($1.4 M)
In December 2017, EtherDelta, a decentralized cryptocurrency exchange, suffered a hack that resulted in the theft of at least $1.4 million worth of cryptocurrency. Hackers hijacked EtherDelta’s DNS server and diverted traffic to a malicious duplicate of the site. The scam netted the hackers 308 ETH and a number of ERC20 tokens. A UK and a US individuals were later indicted on this offence. EtherDelta was able to recover from the hack and continue operating.
NiceHash ($64 M)
In December 2017, a Slovenian-based cryptocurrency mining platform NiceHash, suffered a hack that resulted in the loss of 4,736.42 BTC (over $64 Million at the time).
Coinis ($2.2 M)
$2,190,000 was stolen in this hack. South Korea’s spy agency alleges that North Korea is behind this and other hacking attacks on Coinis, a crypto-currency exchange in South Korea.
DragonEx ($7 M)
In September 2017, DragonEx, a Singapore-based cryptocurrency exchange, suffered a hack that resulted in the loss of nearly $7 million worth of cryptocurrencies. The lost funds include 135 BTC | 2,738.12 ETH | 247,000 XRP | 1,464,319.32 USDT | 64,121.00 XEM | 426,314.70 EOS, among others.
LiteBit (N/A)
In September 2017, LiteBit, a Dutch Bitcoin exchange, suffered two hacks in two months. The first hack occurred in August 2017, and the second hack took place in September 2017. The details of the hacks are unclear from the available search results. However, the exchange stated that no user funds were lost in either hacks.
CoinDash ($7 M)
In July 2017, CoinDash, an Israeli start-up, suffered a hack during its initial coin offering (ICO), resulting in the loss of more than $7 million worth of Ethereum in about half an hour. The hacker altered the Ethereum address that CoinDash was using to solicit funds, resulting in the ETH going to another source.
Yapizon ($5 M)
Before becoming Youbit, Yapizon a South Korean Bitcoin exchange, suffered a hack that resulted in the loss of 3,831 BTC, equivalent to $5 million at the time. The hack occurred during the early hours of April 22, 2017, and the unknown hackers were able to compromise the security of the platform. Yapizon shared that it would dock remaining customer balances by the same amount to spread the burden of the losses.
2016
Bitcurex ($1.5 M)
Hackers were able to perform an automated data collection on the site, resulting in the loss of over 2300 BTC. Bitcurex promised to refund its users, but the exchange never resumed services, and people lost all their money. This is not the first time Bitcurex was targeted. In 2014, the exchange temporarily shut down its site following a hack that targeted its users’ funds.
Bitfinex ($72 M)
On August 2, 2016, the Bitfinex cryptocurrency exchange, based in Hong Kong, announced that it had suffered a security breach. Around 2,000 approved transactions were sent to a single wallet from users’ segregated wallets. As a result, the trading price of Bitcoin plunged by 20%. The exchange lost 119,756 Bitcoin, worth about US$72 million at the time. To compensate users, Bitfinex generalized the losses across all accounts and credited customers with BFX tokens at a ratio of 1 BFX to every dollar stolen.
In 2019, Bitfinex shared that 27.66270285 BTC or 0.023% of the total taken in the attack, had been recovered by US law enforcement efforts. As promised, the returned funds were converted to US dollars and paid to holders of its RRT token.
In 2021 two Israeli individuals were captured and charged in relation to this hack. US officials seized $3.6 billion in relation to this hack – their biggest seizure of cryptocurrencies ever. However, it remains unclear how these funds will be shared with customers who were forced to share the losses and were only compensated via the RRT token and to the amounts of their fiat value, rather than the crypto they initially lost.
GateCoin ($2.1 M)
In a breach that took place between the night of May 9, 2016 (HKT) and the evening May 12, 2016, Gatecoin lost 250 BTC and 185,000 ETH, an amount worth roughly $2.14 million at the time. It was 15% of its crypto asset deposits. 3 years later, in March 2019, Gatecoin received a liquidation order following banking problems and was declared dead.
ShapeShift ($230 K)
In April 2016, ShapeShift, a digital currency exchange, suffered a hack that resulted in the loss of $230,000 in three separate thefts over the course of a month. The hack was believed to be an inside job by a former employee, whose name and position was not disclosed. ShapeShift was able to recover from the hack and continue operating.
2015
BTER ($1.7 M)
According to BTER, a China-based digital currency exchange, a hack on its cold wallets resulted in the loss of roughly $1.75 million in Bitcoin (7,170 BTC). BTER shared that they were working with law enforcement to resolve this matter, and outlined a plan to pay back users after inking a deal with security firm Jua.com.
KipCoin ($720 K)
In February 2015, KipCoin, a Chinese Bitcoin exchange, shut down after claiming that it had lost 3,000 BTC to hackers. The announcement also shared that the hacker had gained access to Kipcoin’s server and downloaded the wallet.dat file months before the attack. The hacker laid low and did nothing with the funds before beginning to move them in December 2014.
Bitstamp ($5 M)
Hackers stole just under 19,000 BTC from the Slovenia-based company Bitstamp. The hack followed repeated phishing attempts aimed at Bitstamp employees. The hackers used Skype and email to communicate with the employees and distribute files containing malware, appealing to their personal histories and interests.
796 ($230 K)
In January 2015, Chinese Bitcoin exchange 796 was hacked resulting in the loss of 1,000 BTC, worth around $230,000 at the time. The exchange’s major shareholders covered the loss with unpaid dividends.
LocalBitcoins ($5 K)
LocalBitcoins Vice President Nikolaus Kangas acknowledged a hack and a loss of 17 BTC in a forum post. Kangas shared that the attacker used LiveChat to spread undetected malware to access the various accounts of victims. Affected users were granted refunds after taking steps to address security vulnerabilities
2014
MintPal “2.0” ($1.3 M)
Following an earlier breach, MintPal was purchased by Moolah. After a failed relaunch of MintPal, Moolah announced it was shutting down but MintPal would remain in operation following an offline period to address infrastructure security. However, 3,700 BTC soon went missing along with Moolah’s CEO. In 2022, the ex-CEO of MintPal, Ryan Kennedy, was arrested in the UK over non-compliance with a court order requiring him to repay 750 BTC to one of his customers who took legal action.
Cryptsy ($9.5 M)
Using a vulnerability in Mintpal exchange’s withdrawal system, a hacker was able to withdraw 8 million VRC from the Vericoin wallet. At the time, this amounted to around $1,933,000 in USD value.
MintPal ($1.9 M)
In July 2014, Cryptsy, an online cryptocurrency exchange company, was hacked by an unidentified party. The hack cost the exchange approximately 13,000 BTC ($7.5m at the time) and 300,000 LTC (then $2.08m). The exchange continued to operate for six months after the hack, including soliciting new customers, without disclosing to its customers that the website’s security had been compromised. Three years later, US District Judge Kenneth Marra ordered Paul Vernon, the former CEO of Cryptsy, to pay $8.2M in damages to customers. He was was indicted by the U.S. Department of Justice for stealing $1 million from wallets and was charged with tax evasion, wire fraud, money laundering, computer fraud, and destruction of records in a federal investigation, among other charges.
CryptoRush ($470 K)
CryptoRush, a virtual currency exchange, suffered a hack attack that resulted in the loss of 950 BTC (approx. $427,500) and 2500 LTC (approx. $42,500). The exchange issued a “Debt Management Plan” which outlined plans and potential refunds for victims. The exchange never managed to get the money back from the hacker.
Poloniex ($64 K)
According to Poloniex owner Tristan D’Agosta, on 4 March 2014 97 BTC was stolen in the following method: “The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.” This was estimated to be around 12.3% of the total BTC on the platform and the company has since reimbursed its customers.
Mt.Gox ($600 M)
The victim of a massive and prolonged hack, Mt. Gox lost about 740,000 BTC. An additional $27M was also missing from the company’s bank accounts. 200,000 bitcoins have since been recovered. Investigations revealed that the hack may have begun as early as September 2011. Prior to September 2011, Mt. Gox’s unencrypted private key appears to have been copied. The hacker(s) used the file to access and gradually steal funds associated with Mt. Gox’s private keys without detection. The shared keypool led to address re-use, with the Mt. Gox systems misinterpreting the transfers as deposits being moved. Whenever the wallets emptied, Mt Gox credited an additional 40,000 bitcoins to multiple user accounts.
2013
PicoStocks ($3+ M)
Second attack in one year caused this exchange to go bust. This time a total of 5,896 BTC were missing from both its “hot” and “cold” wallets. Because cold wallets can’t be accessed in online attacks, the theft was most likely an inside job. The amount in dollar value was not shared, but in November 2013 the bitcoin price jumped from $199 to a whopping $1100, so it is hard to put a figure on this theft. I estimate it to be upwards of $3,000,000.
BIPS ($1 M)
Hackers launched two DDoS attacks to overload a Danish Bitcoin payment processor and free online wallet service BIPS’ servers. They gained access to several online wallets, allowing them to steal 1,295 BTC worth over $1 million at the time.
BitCash ($100 K)
About $100,000 were stolen from 4,000 wallets. According to BitCash, their server was hacked and disabled. The hackers then used bitcash.cz email addresses to phish BitCash users.
Inputs ($836 K)
In 2013, Inputs.io was compromised on October 23 and then again on October 26, with hackers making off 4,100 BTC in total. The loss was a result of a social engineering attack that compromised a chain of email accounts. Eventually, the attacker gained access to reset the password for the Linode server.
Picostocks ($143 K)
PicoStocks suffered a 1300 BTC theft as a result of the result of PicoStocks using duplicate passwords for multiple accounts – a practice the founder himself described as “just extremely stupid” and “clearly our fault”, according to reports.
Vicurex ($320 K)
Vicurex has not confirmed the amount lost in two hacks but reported that it was near insolvency in 2014. As a result of the hacks and subsequent fund withdrawals by spooked users, Vicurex froze withdrawals and declared mitigation plans. Several customers filed a lawsuit against the company for withholding their funds. According to some reports, the theft accounted for 1,454 BTC (approx. $29,000), 225,263 TRC (approx. $220,000) and 23,400 LTC (approx. $70,000.)
2012
Bitmarket ($240 K)
BitMarket.eu was hacked several times with the most infamous incident taking place in 2012. Bitmarket developer Maciej Trębacz announced the exchange had lost 18,787 BTC as a result of his using Bitcoinica to set up a Bitcoin hedge fund. Unfortunately, Bitcoinica had also gotten hacked (see below), losing all of BitMarket’s funds along the way.
Three months following the announcement, Trębacz notified users that Yevgeniy Nikulin, a Russian national who was arrested for hacking Dropbox, Formspring, and LinkedIn, had stolen 620 BTC from the exchange by using an SQL injection to gain access to BitMarket’s servers.
BitFloor ($250 K)
Following an attack that lost the exchange over $250,000 in cryptofunds, BitFloor Founder Roman Shtylman shared that hackers targeted the exchange’s servers. Although BitFloor encrypted the wallet keys needed to conduct transactions, it also kept an unencrypted backup. The attacker(s) likely gained access to this backup.
Bitcoinica ($688 K)
Three separate incidents led to Bitcoinica’s downfall which resulted in around 102,101 BTC loss, amounting to approx. $688,845 being stolen in total.
On March 1, Linode, a web hosting provider whose clients included Bitcoinica, was hacked. The unknown intruder successfully stole 43,000 BTC (approx. $228,845 worth) from Bitcoinica.
On May 11, attackers used a compromised email account to lift 18,500 BTC (approx. $87,000 worth) from Bitcoinica’s hot wallet.
On July 13, another attacker gained access to a LastPass account containing passwords needed to access the MtGox account. The LastPass account used the same password as the MtGox API key used by the Bitcoinica server when Bitcoinica was still live. The attacker withdrew 40,000 BTC and 40,000 USD (approx. $350,000 in total).
2011
Bitcoin7 ($30 K)
On 5 October 2011, Bitcoin7 exchange reported a theft of 5,000 BTC and shared that attacks originating from Russia and Eastern Europe targeted Bitcoin7’s server, compromising wallets and user data. The exact amount of this theft is unconfirmed but it comes to roughly $30,000 as BTC was around $6 at the time.
Mt.Gox ($400 K)
In June 2011 a hacker got hold of Mt. Gox exchange auditor’s computer and changed the price of bitcoin to 1 cent. Then the attacker started buying bitcoin at this artificial price using the private hot wallet keys of Mt. Gox customers, obtaining about 2,000 bitcoin. The hacker managed to steal around 25,000 BTC (roughly US$400,000 at the time) from 478 accounts. In 2014 the exchange suffered another major exploit that ultimately caused its collapse (see above).
Related Posts:
Crypto Hardware Wallets (Reviews and Guides)
Over the years I have reviewed and created tutorials on the top hardware wallets to help you with choosing the one that is most suitable for you and also, with setting up and getting started with these devices. At first, this can seem a complicated process, so I’ve done step-by-step guides that I am now…
Crypto Wallets – Complete Guide (types of wallets explained)
(last updated 2023) So, you bought some cryptocurrency and you think your job is done. If you’ve left these coins in the same place where you bought them, I have news for you: this isn’t a safe place to store your crypto. Let me explain… Typically, the service you will use when buying your first…
Security must come first…
Online hacking is a big risk for everyone making an income on the internet and it’s not only the big earners and businesses that are targeted. Many recent hacking attacks were directed toward the online marketing community and even those with little experience and new to this marketplace were under threat. Since we are working…
Crypto-Corner 
Wow this is a really good. Nice work.
LikeLike
thanks, I keep adding new entries all the time as they happen..
LikeLike
What’s the safest wallet to use to store and secure your crypto Currency?
I liked your video on Hacked Crypto Exchanges. I Need help. Thanks
LikeLike
the safest way is to use hardware wallets. You can refer to my guide to the best hardware wallets here: https://crypto-corner.com/2021/02/10/crypto-hardware-wallets-reviews-and-guides/
LikeLike
check out my page with my wallet reviews and just pick one. I really like Tangem and OneKey lately, these I use daily.
https://crypto-corner.com/wallets/
LikeLike
http://buyplaquenilcv.com/ – Plaquenil
LikeLike
Lasix
LikeLike
Wow, awesome weblog structure! How long have you been blogging for? you make blogging look easy. The whole look of your website is excellent, as well as the content!!
LikeLiked by 1 person
since 2016 I’ve been running this blog and I keep going 😉
LikeLike
Kamagra Vente Libre
LikeLike
buy zithromax cheap
LikeLike
http://buyzithromaxinf.com/ – zinc and zithromax
LikeLike
https://buylasixshop.com/ – Lasix
LikeLike
https://buypriligyhop.com/ – priligy dapoxetine amazon
LikeLike
Ebay Cialis Offerta
LikeLike
Propecia Preparado Oficinal
LikeLike
It’s a sad experience to lose your money to these wallets…I lost mine to Paxful in Dec 2021. A huge amount was stolen but I was lucky to recover it back after weeks of mails with no positive response from Paxful. I finally met a tech guy who tracked and recovered my trading $ with my stolen coin. If you have a similar issue, you can reach out: Jimfundsrecovery at consultant dot com.
LikeLike
[url=http://motilium.shop/]motilium pills[/url]
LikeLike