Table of Contents
Almost all cryptocurrencies are secured by cryptography, which keeps information private and secure by converting it into a form that unintended recipients cannot understand. This makes these digital assets extremely secure and almost impossible to counterfeit or double spend.
However, some external factors can still pose security risks for cryptocurrencies. Phishing attacks, malware or vulnerabilities in crypto wallets or exchanges are some notable points that can become costly for users.
Over the years, many malicious actors have been able to exploit such vulnerabilities, resulting in millions of dollars in losses to investors.
In this article, we take a look at 10 of the greatest crypto hacks of all time.
10 Greatest Crypto Hacks Ever Recorded
10. PancakeBunny: $200 million
In May 2021, popular Binance Smart Chain-based decentralized finance (DeFi) protocol PancakeBunny fell victim to a major attack that allowed a hacker to walk away with more than $200 million worth of crypto assets.
At the time, the team announced that the protocol had been subjected to a flash loan attack by an outside actor. The attacker borrowed a “huge amount” of Binance coins (BNB) before manipulating the asset’s price and listing it on the platform’s BUNNY/BNB market.
9. Gate.io: $230 million
The Gate.io hack, which took place in August 2018, was reportedly carried out by North Korean hackers and resulted in the loss of around $230 million in digital assets.
Gate.io was hacked for a total of $234,337,668.88 including:
- 10,777.94 Bitcoin (BTC)
- 218,790 Ether (ETH)
- 3,783 Zcash (ZEC)
- 99,999,000 Dogecoin (DOGE)
- 11,000 Litecoin (LTC)
- 175,866 Ethereum Classic (ETC)
It’s worth noting that the exchange managed to cover up the hack until last year. On-chain detective ZachXBT eventually uncovered the hack in a series of tweets last November.
You talk about the importance of security but how about you finally disclose @gate_io was quietly hacked by NK for $230m on April 21 2018 & how you actively kept this hidden from customers/public
— ZachXBT (@zachxbt) November 15, 2022
8. KuCoin: $280 million
Major crypto exchange KuCoin fell victim to a security breach in September 2020. The hack led to the theft of $280 million worth of funds from KuCoin’s hot wallets, i.e. digital purses connected to the Internet and used for instant transactions.
In the attack, the hackers exploited weaknesses in KuCoin’s security infrastructure and gained unauthorized access to the exchange’s systems. They then transferred a variety of cryptocurrencies, including BTC, ETH, and others, to their own wallets.
7. Wormhole: $325 million
In early 2022, DeFi platform Wormhole fell victim to a major crypto theft after an attacker exploited a security flaw to make off with nearly $325 million. Wormhole is one of the most popular bridges connecting the Ethereum and Solana blockchains.
To carry out the attack, the attacker managed to forge a valid signature for a transaction that allowed them to mint 120,000 wrapped ETH (wETH) on the Solana blockchain, of which 93,750 ETH transferred to the Ethereum blockchain became.
Meanwhile, on February 3, 2022, Wormhole announced that “all funds have been restored” and that its services are back online. Certus One, the developers of Wormhole, offered the hackers a $10 million bug bounty for details on their “exploit” and the return of the stolen cryptocurrency.
The team is working on a detailed incident report and will share it asap
18:26 UTC – contract was exploited for 120k ETH
00:33 UTC – vulnerability was patched
13:08 UTC – ETH contract has been filled and all wETH are backed 1:1
13:29 UTC – the Portal (token bridge) is back up
— Wormhole🌪 (@wormholecrypto) February 3, 2022
6. FTX: $415 million
In January this year, now-bankrupt crypto exchange FTX announced that $415 million worth of cryptocurrencies had been hacked from its accounts since it filed for bankruptcy on November 11, 2022.
This included $323 million in “unauthorized third-party transfers” from FTX.com (the international business) and $90 million from FTX US, the company said in a report to creditors. According to the report, $2 million in cryptocurrencies were also stolen from hedge fund Alameda Research.
The missing cryptocurrencies could be related to a hack of the FTX systems that was revealed shortly after the company collapsed. At the time, the stolen cryptocurrencies were valued at $477 million.
5. Mt. Gox: $450 million
Mt. Gox is probably the most famous cryptocurrency heist in history, stealing over 850,000 bitcoins between 2011 and 2014. Mt. Gox, once one of the largest Bitcoin exchanges, operated out of Tokyo, Japan and processed around 70% of all BTC transactions worldwide.
In February 2014, Mt. Gox suddenly halted all BTC withdrawals, citing technical issues with its platform. It soon emerged that the exchange had been hacked and about 850,000 BTC worth around $450 million had been stolen from wallets.
The exact details of the hack and who was responsible are still unclear, but it is suspected that the theft was due to security flaws in Mt. Gox’s system.
Some experts suspect that the stolen funds were gradually siphoned off over a long period of time before the attack took place.
4. Coincheck: $540 million
In January 2018, Japan-based cryptocurrency exchange Coincheck lost $530 million worth of NEM (XEM) tokens following a hack. The identity of the Japanese hackers who broke into the security system is still a mystery.
After investigating, Coincheck found that the hackers were able to gain access to their system due to a staff shortage. The hackers were able to successfully crack the system because the funds were kept in hot wallets and the security measures were inadequate.
It is worth noting that XEM is currently trading around $0.028, down more than 98% from its all-time high of $1.87 in January 2018. Therefore, the Coincheck hack is worth a lot less at today’s prices.
3. BNB chain: $570 million
In October 2022, hackers stole around $570 million worth of BNB tokens from a blockchain bridge used in the BNB chain, formerly known as Binance Smart Chain.
“An exploit on a cross-chain bridge, BSC Token Hub, resulted in additional BNB. We have asked all validators to temporarily suspend BSC,” Binance CEO Changpeng Zhao said at the time.
In the attack, the hackers drained 2 billion BNB tokens from the cross-chain bridge. However, thanks to quick action, a large portion of these stolen tokens were frozen, leaving only about $110 million of stolen tokens unrecovered.
The current impact estimate is around $100m USD equvilent, about a quarter of the last BNB burn.
— CZ 🔶 Binance (@cz_binance) October 7, 2022
2. Poly Network: $610 million
Interoperability protocol Poly Network fell victim to a major attack in August 2021 that lost around $610 million worth of crypto funds, making it the second largest heist in the crypto industry to date.
Using a vulnerability in his system, a hacker transferred approximately $610 million of Poly Network’s most valuable digital assets to three addresses he controlled on Ethereum, Binance Smart Chain and Polygon.
In a positive turn of events, on August 11, 2021, the hacker announced that they intend to return the tokens and requested multi-signature addresses to complete the transfers. They claimed that the purpose of the theft was to expose vulnerabilities and secure the Poly Network.
The hackers began returning the funds piece by piece, with the final tranche of the stolen funds being handed over on August 23. In return, Poly Network put a $500,000 bounty on the hacker’s head and even offered him a job as chief security advisor.
1. Ronin Network: $620 million
Ronin Network, an Ethereum sidechain used for popular blockchain game Axie Infinity, was hacked by $620 million in March 2022, making it the largest theft in cryptocurrency history.
The hack was made possible by compromised private keys. At the time, the Ronin network used a series of nine validation nodes to approve transactions on the bridge, and a deposit or withdrawal requires approval from a majority of five of those nodes.
The attacker managed to gain control of four validators after hacking one device and then hack the Axie DAO to get the fifth validator.
After gaining access to Sky Mavis’ systems, the attacker authorized two withdrawals, withdrawing 173,600 ETH (worth about $595 million at the time) and 25.5 million USDC from the Ronin bridge contract.
In summary, while the cryptocurrency world promises numerous benefits in terms of security and financial sovereignty, it is still vulnerable to a number of external threats. As the series of major crypto hacks detailed in this article has shown, even the most sophisticated security measures can be circumvented by determined hackers.
As digital currencies and DeFi proliferate, so does the need for robust security protocols, user education, and continuous improvement in technological security safeguards.