Regardless of maturing to the purpose of turning into a multi-trillion-dollar asset class, the crypto world continues to be ripe with hacks and scams. The truth is, the worst one ever simply occurred.
Malicious actors seeking to benefit from inexperienced customers or insecure crypto protocols have discovered ample alternative, siphoning off greater than $10 billion in funds within the final 5 years in response to Chainalysis. And 6 out of the final 11 years have seen over $1 billion price of losses to hacks and exploits, peaking in 2022 with $3.7 billion price.
And 2025 is off to a tough begin on that entrance, with this 12 months’s stolen funds practically matching 2024’s full-year complete thanks to 1 huge centralized change hack. That assault presently leads the listing of the worst crypto hacks of all time, based mostly on the worth of the property swiped on the time of the breach.
1) Bybit – $1.4 billion
The largest crypto hack of all time noticed greater than 400,000 Ethereum—valued at $1.4 billion on the time of the hack—and different Ethereum-based tokens swiped from a chilly pockets from Dubai-based centralized change Bybit in February 2025.
The assault was confirmed by Bybit co-founder and CEO Ben Zhou, who indicated {that a} deliberate switch was manipulated, ensuing within the change unknowingly handing funds over to an attacker’s pockets.
Bybit ETH multisig chilly pockets simply made a switch to our heat pockets about 1 hr in the past. It seems that this particular transaction was musked, all of the signers noticed the musked UI which confirmed the right handle and the URL was from @protected . Nonetheless the signing message was to alter…
— Ben Zhou (@benbybit) February 21, 2025
The hack was shortly linked by on-chain sleuths to North Korea’s state-sponsored Lazarus Group, an entity accountable for taking greater than $1.3 billion in crypto funds by way of hacks in 2024 alone. The FBI later confirmed that proof factors to Lazarus.
Regardless of the enormity of the hack, Bybit was in a position to course of all withdrawals and crammed its Ethereum hole shortly by way of a mix of loans, deposits, and purchases of the second-largest crypto asset.
In preliminary stories issued days after the assault, cybersecurity specialists concluded that the difficulty arose when North Korean hackers planted malicious code into the infrastructure of Protected, the pockets supplier utilized by Bybit.
2) Poly Community – $611 million
Poly Community, a multi-chain interoperability protocol, skilled the second-largest crypto hack of all time in 2021, dropping roughly $611 million price of varied crypto property throughout three separate chains.
The community’s builders confirmed the hack on August 10, 2021, asking miners or validators of Ethereum, Polygon, and BNB Chain (previously Binance Good Chain), in addition to centralized exchanges, to blacklist addresses related to the hack.
After immense stress from the crypto group, the hackers started returning funds to Poly Community inside a day of the hack, finally returning practically the entire funds inside 2 weeks of the exploit. The perpetrators mentioned the assault was “only for enjoyable” in a wild saga that concerned quite a few back-and-forth messages between the hacker, Poly Community, and the crypto group.
3) BNB Chain – $570 million
A hacker gained management of round $570 million price of Binance Coin (BNB) in an exploit of the BSC Token Hub on BNB Chain on October 6, 2022.
The assault allowed the malicious actor to grant themselves 2 million new BNB tokens, convincing the hub within the course of by way of a “subtle forgery.”
After it was shortly recognized that irregular exercise was happening, the chain first paused exercise, later halting it after additional identification of the hack. Due to the swift actions of the chain and its validators, solely about $100 million of the $570 million was finally siphoned off the chain.
4) Coincheck – $530 million
Within the oldest hack on the listing, Japanese change Coincheck fell sufferer to a $530 million heist of 523 million NEM tokens in 2018 when a foul actor gained entry to the new pockets that contained the funds.
Greater than 260,000 customers of the change had been affected, with the platform refunding roughly $400 million to these events with its personal money, in response to The Guardian.
On the time, it was the most important crypto hack in historical past. Nonetheless, the worth of the stolen NEM has since decreased drastically, pricing the stolen property at $10.36 million at as we speak’s costs.
Two years after the heist, the District Courtroom in Tokyo introduced the seizure of a small fraction of the tokens that had been stolen.
5) Ronin Community – $552 million
Ronin Community fell sufferer to a $552 million hack in March 2022. Very similar to the BNB Chain exploit, the Ethereum gaming sidechain’s native bridge was focused in an assault that utilized hacked non-public keys, later pinned on North Korea’s Lazarus hacking group by the USA Treasury.
After having access to the non-public keys, the hackers had been in a position to signal transactions from 5 of the 9 complete community validators—the minimal requirement with the intention to approve transactions. Although the hack occurred on March 23, it was solely disclosed by the community every week later, when the worth of the property tallied $622 million.
In the end, the hacker was in a position to acquire entry to 173,650 Wrapped Ethereum and 25.5 million USDC stablecoins.
In September 2022, roughly $30 million of the funds misplaced had been recovered, marking the primary time that funds stolen by North Korea’s hacking group had been seized. Ronin creator Sky Mavis repaid all affected customers and the bridge was ultimately reopened with further safety protections and a rising pool of validators to spice up decentralization.
Edited by Andrew Hayward
Every day Debrief E-newsletter
Begin daily with the highest information tales proper now, plus unique options, a podcast, movies and extra.
