9 Biggest Hacks in Crypto History

The crypto industry, especially the DeFi sector, has been hit by a string of high-profile hacks this year. Some of the biggest hacks in crypto history occurred in 2022 alone, including THE biggest hack – the $625 million Ronin Network exploit. 

What does this tell us about the current state of crypto?

It may not be evident at first, but each such event, as unfortunate as they are, creates an opportunity for crypto to come back stronger, revealing the vulnerabilities and bad actors in the industry. 

Today, we’ll look at 9 of the biggest hacks in crypto history and how they impacted the industry:

1. Ronin Network – $625 Million Hack in 2022

Ronin Network, an Ethereum-based sidechain mainly used for playing Axie-Infinity, a play-to-earn NFT game, was hacked by a group of hackers on March 23, 2022, stealing 173,600 ether and 25.5 million USDC, which translates to around $635 million in value. 

As we mentioned in the intro, this was the biggest heist in crypto till now. After investigations, the FBI revealed that the state-backed North Korean group of hackers – Lazarus, was behind this attack. 

Ronin Network has since taken several firm steps to tighten its security to ensure this doesn’t happen again in the future. Sky Mavis, the company that owns Ronin Network, reimbursed its users all their lost funds. 

2. Poly Network – $611 Million Hack in 2021

Poly Network is a global cross-chain protocol that allows interoperability between different blockchains. You can read more about cross-chain bridges and wrapped tokens here

On August 10, 2021, an anonymous hacker stole $611 million worth of cryptocurrencies from the platform. But no one expected one of the biggest hacks in crypto history to turn out the way it did.

The hacker drained the assets by exploiting a bug in the smart contract that allowed him to withdraw as many wrapped tokens as he wanted without depositing the equivalent amount from the other blockchain. But it doesn’t end here. 

Surprisingly, when Poly Network requested the hacker to return the stolen assets, the hacker started cooperating. Within the next few days, Poly Network recovered all its assets. The hacker later supposedly revealed that he did all this “for fun” and to expose the vulnerabilities of the smart contract. 

3. Coincheck – $534 Million Hack in 2018

In January 2018, Coincheck, a Tokyo-based exchange, was the victim of the biggest heist of its time when a hacker (or a group of hackers) stole $534 million worth of NEM coins (523 million NEM) from the exchange. 

Coincheck later revealed that they kept more than 500 million NEM coins in hot wallets, which is less safe than offline cold storage. This hack, including many more that came after it, served as a hard lesson. Today, most crypto exchanges keep 99% of their reserves in cold storage. 

As for Coincheck, it failed to retrieve the stolen funds and continued to operate as before. The hackers never got caught. 

However, the investigation did see a development three years later, in January 2021, when 30 Japanese residents were charged with trading parts of the 523 million stolen NEM coins. However, they were most likely not the hackers. 

4. Mt. Gox – $473 Million Hack in 2014

Before the FTX collapse, there was once the Mt. Gox scandal. At its peak, Mt. Gox was one of the biggest crypto exchanges handling over 70% of all Bitcoin transactions. 

But all that changed in February 2014, when Mt. Gox suddenly halted trading, closed all operations, and filed for bankruptcy when they discovered that 740,000 bitcoins from users and 100,000 from the company were stolen. At the time, it was 7% of all Bitcoin and was worth around $473 million, which would be over $35 billion today. 

This was one of the biggest hacks in crypto history of its time. Probably THE biggest. 

Funds were being stolen as early as 2011. But the company wasn’t aware of it until 2014, which was too late. 

Mark Karpeles, the owner of Mt. Gox, received a lot of hate and even faced lawsuits, but eventually, he was found innocent. The users who lost their funds are still waiting to get their money back. Perhaps most of them have already lost hope.

5. Wormhole – $325 Million Hack in 2022

The biggest cross-chain bridge, Wormhole, which supports seven blockchains and has more than $200 billion in Total-Value Locked (TVL), was hacked on Feb 3, 2022, and 120,000 wrapped Ether (wETH) worth $370 million were drained out of the protocol. 

Wormhole soon launched a bug bounty program, offering a reward of $10 million to the hacker upon returning the stolen funds and providing details of the hack. Unfortunately, they never got a response.  

6. KuCoin – $285 Million Hack in 2020

In September 2020, KuCoin, a centralized exchange, was the victim of one of the biggest hacks in crypto history when over $280 million were stolen from its users’ hot wallets. 

Fortunately, all users got reimbursed either through recovered funds or insurance. Since then, KuCoin has tightened its security protocol and managed to maintain its position as one of the best crypto exchanges globally. 

7. Bitmart – $196 Million Hack in 2021

Similar to the KuCoin hack, Bitmart, also a centralized exchange, lost over  $196 million worth of users’ cryptocurrencies when hackers found a way to steal the private keys to the hot wallets. 

The CEO of Bitmart, Sheldon Xia, claimed they will compensate all its users out of their own pocket. But according to most recent reports, after a year of the hack, many, if not most, victims still complain they didn’t receive their funds. 

8. Nomad Bridge – $190 Million Exploit in 2022

In August 2022, Nomad Bridge, a cross-chain bridge platform, got into a complete mess after a hacker discovered that a recent update in Nomad’s smart contracts allowed users to fake transactions. It may not be the biggest hack in crypto history, but it was definitely a one-of-its-kind attack that we may never see again. 

In the initial hack, the original hacker only stole a small amount. But once word got out about the bug in the contract, hackers and exploiters around the world started copy-pasting the initial transaction and withdrawing as much as they wanted. It was like free money lying around the street. 

Nomad Bride lost around $190 million, 80% of which were stolen by copycats of the original hacker. 

9. Beanstalk – $182 Million Hack in 2022

Beanstalk is a permissionless fiat stablecoin protocol and also, like most DeFi protocols, a DAO. 

You can learn all about DOA here, but for now, all you need to know is most DAOs have a feature called supermajority votes. It’s when participants with the most governance tokens or native tokens of the DOA, which is Beanstalk, in this case, can approve changes to the code.  

The hacker (or group of hackers) exploited this mechanism by borrowing a flash loan of $1 billion from Aave, a lending protocol, and buying a 67% stake in Beanstalk to change the code protocols and transfer all funds to his own wallets. After repaying the loan, the hacker left with $80 million in profit. 

The punchline of this entire incident is that it only took the hacker 13 seconds to execute the heist. 

Final Thoughts 

As you can see, most of the biggest hacks in crypto history occurred in 2022. But why? 

There are a few reasons for it. 

Firstly, if you look closer, you’ll notice that most of them were attacks on DeFi protocols, cross-chain bridges, to be more specific. We have discussed why cross-chain bridge protocols are more vulnerable to hacks here

But other than that, the exponential rise in crypto’s price last year is also a significant factor in making 2022 the biggest year for crypto hacks. 

Lastly, if you’re a victim of one of these hacks, or some other attacks and scams, the least you can do to make up for the lost funds is claim losses to reduce taxes. However, not every country allows that. Check out this guide on how to claim losses for stolen crypto to know more.