The cryptocurrency space has experienced several significant hacks over the years. Some of these hacks have resulted in losses totaling hundreds of thousands of dollars, while others have highlighted obvious vulnerabilities in the digital asset market. This article examines some of the largest crypto exchange hacks, including the most recent and biggest one to date.
In February 2025, the Dubai cryptocurrency exchange Bybit fell victim to the largest crypto heist in history, with approximately $1.5 billion worth of cryptocurrencies stolen. The cyber attackers accessed 400,000 Ethereum (ETH) from a cold wallet by exploiting vulnerabilities in Bybit's security measures. Despite this staggering loss, Bybit assured customers that their funds were safe and announced a compensation plan for those affected. The exchange manages $20 billion in customer assets and promises to cover any shortfall from its own treasury or by borrowing capital from partners.
In March 2022, hackers targeted the Ronin Network, stealing approximately $625 million from the network that supports the popular blockchain gaming platform, Axie Infinity. The attackers took 173,600 Ether and $25.5 million worth of USDC. The U.S. government traced the hack back to the Lazarus Group, a hacking organization sponsored by the North Korean state. While some of the stolen funds were recovered, this incident remains one of the largest crypto hacks in history.
In October 2022, one of the largest cryptocurrency exchanges was hacked, resulting in an estimated loss of around $570 million. The hackers targeted the BSC Token Hub cross-chain bridge, generating additional Binance coins and stealing 2 billion BNB tokens. This sophisticated hack highlighted the vulnerabilities present in cross-chain bridges.
In August 2021, the Poly Network experienced a hack that resulted in the theft of $611 million. The hacker exploited a vulnerability in the network's software. However, they later returned all the stolen funds, claiming that the hack was intended to test the security system.
FTX, a significant player in the cryptocurrency market, experienced two major hacks. On the day it declared bankruptcy in November 2022, hackers siphoned off more than $600 million from FTX wallets. The second hack occurred in January 2023, resulting in the theft of coins valued at $15 million.
In January 2018, Japan's exchange Coincheck experienced a theft of $534 million in NEM tokens. This incident was possible due to a vulnerability in Coincheck's hot wallet. At that time, it was the largest cryptocurrency heist ever.
Cryptocurrency hacks usually occur as a result of a sequence of usual weaknesses:
Phishing: Hackers deceive users into exposing sensitive information or installing malware that can connect to their wallets.
Malicious Code: Hacking vulnerabilities in cryptocurrency infrastructure-supporting code enable hackers to tamper with transactions and steal money.
Key Theft: Private keys stolen by hackers provide them direct access to exchanges and cryptocurrency wallets.
The recent hack of Bybit has harshly highlighted the need for all exchanges to engage in discussions about and implement stronger security measures. This includes using multisig wallets and ensuring extremely secure signing practices to prevent issues related to blind signing. Notable figures in the industry, such as Changpeng Zhao (CZ of Binance) and Ledger, have advocated for the revitalization of multisig wallets and for cleaner authentication protocols in the way exchanges verify transactions.
Throughout the history of cryptocurrency hacks, it has become evident that there has been little decrease in the prosecution of hackers, despite the implementation of advanced security measures and maximum caution in the digital asset market. As the industry evolves, so do the exchanges and all parties involved, adapting to security incidents in accordance with the timely development of potential threats.