Cryptocurrency gives us the freedom to take back control of our finances, essentially enabling us to be our own bank. But with many relying on third-party wallet providers, their crypto is only as safe as the protections and security measures the provider has in place.
Over the years, hackers have exploited vulnerabilities within these third parties, have targeted cryptocurrencies directly, and have utilized flash loans to their advantage. To date, this has seen them steal the equivalent of over $9 billion.
However, as we all know, some cryptos have skyrocketed in value in recent years. This means if hackers were to have kept all of the cryptos they stole and cashed it in today, they’d have amounted a fortune worth more than $46 billion.
So how have crypto heists developed over the years? How much has been stolen? And how many platforms have shut down as a consequence?
Check out our interactive dashboard below to find out:
Heists are assigned to the country where the platform/website’s headquarters are located. Where a company’s location isn’t provided, the heist isn’t included in the map figures.
The top 10 biggest crypto heists
According to our findings, the following are the biggest crypto heists to date (based on the amount stolen in USD at the time):
- Ronin Network (Axie Infinity) – $620 million stolen: On 29 March 2022, Ronin Network (a gaming-based crypto network) announced it had been hacked and a whopping $620 million had been stolen in total. This was made up of 173,600 in ETH (worth just less than $595m USD) and $25.5m in USD, making it the biggest crypto heist to date. Ronin Network, which supports Sky Mavis’s Axie Infinity game, said its Ronin and Axie DAO validator nodes had been compromised with the funds being drained in two transactions. The US Treasury Department later attributed the theft to North Korea’s Lazarus group.
- Poly Network – $610 million stolen: In August 2021, a hacker attacked Poly Network by exploiting a vulnerability in its system and managed to steal funds worth over $600 million. However, in a strange twist, they didn’t make off with their bounty. Instead, the hacker spoke to the platform and agreed to give back most of the money, except for $33 million of tether (USDT) which had been frozen by the issuers. But that wasn’t the end of the fiasco as $200 million of the stolen funds were trapped in an account that required a password from the hacker and Poly Network. For a while, the hacker refused to hand theirs over. That was until Poly Network begged for them to release it, coughed up $500,000 as a gesture for finding the system vulnerability, and even offered them a job! Poly Network later revealed that so-called “Mr. White Hat” had given them the private key.
- FTX – $600 million stolen*: Following its announcement that it was filing for bankruptcy, crypto exchange FTX appeared to suffer a hack in which around $600 million was stolen (we are still waiting for figures to be confirmed at the time of writing). This prompted the exchange to move the remaining funds into cold storage while it investigated the hack. However, with rumors swirling and Kraken’s Chief Security Officer, Nick Percoco, tweeting, ‘We know the identity of the user,’ there will likely be more developments to this hack over the coming days.
- Binance – $570 million stolen: In October 2022, hackers carried out a $570 million hack on Binance’s BNB chain. In the attack, hackers drained 2 billion BNB tokens from the cross-chain bridge. At the time, these were worth $570 million. However, thanks to quick-acting, a vast sum of these stolen tokens were frozen, so “only” around $110 million of the stolen tokens were unrecoverable.
- Coincheck – $532 million stolen: In January 2018, Japan-based Coincheck had its NEM (XEM) tokens stolen to the tune of more than $530 million. Hackers exploited the fact that the currency was being kept in a “hot” wallet, meaning it was connected to the server and was effectively “online” (a cold wallet sees funds stored offline). NEM developers were able to identify the stolen coins and mark them as such, but there was speculation that the funds were available on dark markets. However, as the coins lost a lot of value after the attack, it’s unlikely many would have seen this as a good deal (even today the coins would be worth 83 percent less than they were–around $90 million).
- MT Gox – $470 million stolen: This was the first large-scale hack on an exchange and is still the biggest theft of Bitcoins from an exchange. However, the MT Gox heist wasn’t down to a solitary event. Rather, the platform had been leaking funds since 2011, up until it was discovered in February 2014. Over a period of a few years, hackers stole 100,000 bitcoins from the exchange and 750,000 bitcoins from the exchange’s customers. At the time, these bitcoins were worth $470 million–but today, they’d be worth around ten times as much ($4.7 billion). MT Gox went into liquidation shortly after the hack with liquidators recovering approximately 200,000 of the stolen bitcoin.
- Wormhole – $326 million stolen: In the first major crypto heist of 2022, Wormhole’s crypto platform was exploited to the tune of $326 million. The platform acts as a communication bridge between Solana (an ethereum rival that has recently gained traction) and other decentralized finance networks. On February 2, 2022, hackers were able to exploit a vulnerability, causing Wormhole to shut down its platform while it investigated. It later reported that 120k wrapped Ethereum (wETH) had been stolen.
- KuCoin – $281 million stolen: In September 2020, KuCoin confirmed that hackers had managed to obtain private keys to their hot wallets before withdrawing large amounts of ethereum (ETH) and bitcoin (BTC), as well as Bitcoin SV (BSV), Litecoin (LTC), XRP (XRP), Stellar Lumens (XLM), Tron (TRX), and Tether (USDT). Since then, experts have suggested they have strong reason to believe that hackers in North Korea were responsible.
- PancakeBunny – $200 million stolen: In this flash loan attack in May 2021 where hackers were able to drain $200 million from the platform. To carry out the attack, the hacker loaned a large amount of Binance Coin (BNB) before manipulating its price and dumping it on PancakeBunny’s BUNNY/BNB market. This enabled the hacker to get a huge amount of BUNNY through a flash loan, dump all of the bunny in the market so the price dropped, before paying back the BNB through pancakeswap.
- Bitmart – $196 million stolen: Almost $200 million was stolen in a compromise of Bitmart’s hot wallet in December 2021. Initially, $100 million was identified as having been stolen over the Ethereum blockchain, but a further investigation revealed another $96 million had been stolen over the Binance Smart Chain blockchains. A mix of more than 20 tokens were stolen, including altcoins like BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, while large amounts of Moonshot, Floki, and BabyDoge were also compromised.
- Nomad – $190 million stolen: In early August 2022, Nomad alerted users to an exploit on its platform. Several hours later, around $190 million had been drained from the protocol. Experts suggest there was a fatal flaw in the Replica contract which allowed anyone (including those without coding knowledge) to find a transaction that worked, replace the user’s address with theirs, and re-broadcast it. This led to multiple actors executing the same copy/paste exploits.
- Beanstalk – $182 million stolen: In April 2022, Ethereum-based DeFi platform, Beanstalk, lost around $182m after a vulnerability allowed the hacker to carry out a flash loan attack. The hacker was able to make off with $80m in crypto but the platform’s losses extended far further than that to over $180m. Reports also suggest that the hacker deposited 250,000 USDC into the crypto donation wallet for Ukraine.
*Figure is being updated as and when more information becomes available – 11/14.
To collate this list of worldwide crypto heists, we’ve searched through industry news and company announcements from across the globe. We’ve tracked attacks on third-party platforms, individual cryptocurrencies, and other DeFi systems, including hacks, thefts, flash loan exploits, and exploited vulnerabilities.
We have only focused on clear exploits by hackers, meaning rug pulls and employee theft haven’t been included. Nor have thefts from individuals.
The amounts stolen depict the funds stolen at the time of the hack–not the total after funds are recovered, frozen, or returned as part of a bug bounty deal.
When assigning a heist to a country, we have only done so if we can find the headquarters of the company.
Data researcher: George Moody, Rebecca Moody
For a full list of sources, please request access here.