Cryptocurrency gives us the freedom to take back control of our finances, essentially enabling us to be our own bank. But with many relying on third-party wallet providers, their crypto is only as safe as the protections and security measures the provider has in place.
Over the years, hackers have exploited vulnerabilities within these third parties, have targeted cryptocurrencies directly, and have utilized flash loans to their advantage. To date, this has seen them steal the equivalent of over $7 billion.
However, as we all know, some cryptos have skyrocketed in value in recent years. This means if hackers were to have kept all of the cryptos they stole and cashed it in today, they’d have amounted a fortune worth more than $40 billion.
So how have crypto heists developed over the years? How much has been stolen? And how many platforms have shut down as a consequence?
Check out our interactive dashboard below to find out:
Heists are assigned to the country where the platform/website’s headquarters are located. Where a company’s location isn’t provided, the heist isn’t included in the map figures.
Top crypto heists
According to our findings, the following are the biggest crypto heists to date (based on the amount stolen in USD at the time):
- Ronin Network (Axie Infinity) – $620 million stolen: On 29 March 2022, Ronin Network (a gaming-based crypto network) announced it had been hacked and a whopping $620 million had been stolen in total. This was made up of 173,600 in ETH (worth just less than $595m USD) and $25.5m in USD, making it the biggest crypto heist to date. Ronin Network, which supports Sky Mavis’s Axie Infinity game, said its Ronin and Axie DAO validator nodes had been compromised with the funds being drained in two transactions. The US Treasury Department later attributed the theft to North Korea’s Lazarus group.
- Poly Network – $610 million stolen: In August 2021, a hacker attacked Poly Network by exploiting a vulnerability in its system and managed to steal funds worth over $600 million. However, in a strange twist, they didn’t make off with their bounty. Instead, the hacker spoke to the platform and agreed to give back most of the money, except for $33 million of tether (USDT) which had been frozen by the issuers. But that wasn’t the end of the fiasco as $200 million of the stolen funds were trapped in an account that required a password from the hacker and Poly Network. For a while, the hacker refused to hand theirs over. That was until Poly Network begged for them to release it, coughed up $500,000 as a gesture for finding the system vulnerability, and even offered them a job! Poly Network later revealed that so-called “Mr. White Hat” had given them the private key.
- Coincheck – $532 million stolen: In January 2018, Japan-based Coincheck had its NEM (XEM) tokens stolen to the tune of more than $530 million. Hackers exploited the fact that the currency was being kept in a “hot” wallet, meaning it was connected to the server and was effectively “online” (a cold wallet sees funds stored offline). NEM developers were able to identify the stolen coins and mark them as such, but there was speculation that the funds were available on dark markets. However, as the coins lost a lot of value after the attack, it’s unlikely many would have seen this as a good deal (even today the coins would be worth 83 percent less than they were–around $90 million).
- MT Gox – $470 million stolen: This was the first large-scale hack on an exchange and is still the biggest theft of Bitcoins from an exchange. However, the MT Gox heist wasn’t down to a solitary event. Rather, the platform had been leaking funds since 2011, up until it was discovered in February 2014. Over a period of a few years, hackers stole 100,000 bitcoins from the exchange and 750,000 bitcoins from the exchange’s customers. At the time, these bitcoins were worth $470 million–but today, they’d be worth around ten times as much ($4.7 billion). MT Gox went into liquidation shortly after the hack with liquidators recovering approximately 200,000 of the stolen bitcoin.
- Wormhole – $326 million stolen: In the first major crypto heist of 2022, Wormhole’s crypto platform was exploited to the tune of $326 million. The platform acts as a communication bridge between Solana (an ethereum rival that has recently gained traction) and other decentralized finance networks. On February 2, 2022, hackers were able to exploit a vulnerability, causing Wormhole to shut down its platform while it investigated. It later reported that 120k wrapped Ethereum (wETH) had been stolen.
- KuCoin – $281 million stolen: In September 2020, KuCoin confirmed that hackers had managed to obtain private keys to their hot wallets before withdrawing large amounts of ethereum (ETH) and bitcoin (BTC), as well as Bitcoin SV (BSV), Litecoin (LTC), XRP (XRP), Stellar Lumens (XLM), Tron (TRX), and Tether (USDT). Since then, experts have suggested they have strong reason to believe that hackers in North Korea were responsible.
- PancakeBunny – $200 million stolen: In this flash loan attack in May 2021 where hackers were able to drain $200 million from the platform. To carry out the attack, the hacker loaned a large amount of Binance Coin (BNB) before manipulating its price and dumping it on PancakeBunny’s BUNNY/BNB market. This enabled the hacker to get a huge amount of BUNNY through a flash loan, dump all of the bunny in the market so the price dropped, before paying back the BNB through pancakeswap.
- Bitmart – $196 million stolen: Almost $200 million was stolen in a compromise of Bitmart’s hot wallet in December 2021. Initially, $100 million was identified as having been stolen over the Ethereum blockchain, but a further investigation revealed another $96 million had been stolen over the Binance Smart Chain blockchains. A mix of more than 20 tokens were stolen, including altcoins like BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, while large amounts of Moonshot, Floki, and BabyDoge were also compromised.
- Nomad – $190 million stolen: In early August 2022, Nomad alerted users to an exploit on its platform. Several hours later, around $190 million had been drained from the protocol. Experts suggest there was a fatal flaw in the Replica contract which allowed anyone (including those without coding knowledge) to find a transaction that worked, replace the user’s address with theirs, and re-broadcast it. This led to multiple actors executing the same copy/paste exploits.
- Beanstalk – $182 million stolen: In April 2022, Ethereum-based DeFi platform, Beanstalk, lost around $182m after a vulnerability allowed the hacker to carry out a flash loan attack. The hacker was able to make off with $80m in crypto but the platform’s losses extended far further than that to over $180m. Reports also suggest that the hacker deposited 250,000 USDC into the crypto donation wallet for Ukraine.
- Bitgrail – $150 million stolen: Bitgrail was a small Italian exchange trading in lesser-known cryptos, such as Nano (XRB). In February 2018, just as the price of XRB skyrocketed from a few cents to $33, the exchange was hacked. Nano wallets had been targeted with at least 17 million coins stolen (the equivalent of around $150 million). Many users started to comment that they had noticed issues with the exchange before the attack (significantly lower withdrawal limits and transaction problems). Investigations also revealed that the coins had been stolen from cold wallets, not hot wallets, suggesting an inside job. Investigations have continued over the last few years with Italian police recently accusing the man who owned Bitgrail to be behind the attacks (either directly involved or was aware/took no action to prevent further theft once the first attack had been carried out).
- Vulcan Forged – $135 million stolen: Hackers made off with $135 million from Vulcan Forged–a blockchain gaming company–in December 2021. They accessed 96 different wallets by stealing private keys, before draining 4.5 million PYR tokens from them.
- Cream Finance – $130 million stolen: Not only did hackers make off with $130 million in this October 2021 attack, but this was the third attack Cream Finance had suffered in the year. in February, hackers stole $37 million and in August, $29 million. The latest attack saw hackers exploiting what was thought to be a vulnerability in the DeFi platform’s flash loan system. They were able to steal all of Cream Finance’s tokens and assets on the Ethereum blockchain, which amounted to $130 million.
- BadgerDAO – $120.3 million stolen: In December 2021, a hacker managed to drain funds from across various cryptocurrency wallets on the DeFi platform, BadgerDAO. The platform confirmed that hackers had used a “maliciously injected snippet” via Cloudfare which allowed them to drain $130 million in funds, around $9 million of which was recovered as it hadn’t been withdrawn.
- CoinBene – $105 million stolen: Initially, after huge outgoing transactions from CoinBene’s hot wallet to an unknown wallet in March 2019, the platform said it was undergoing maintenance. However, with every one of the platform’s ERC-20 tokens reportedly moving into an unknown wallet (which didn’t exist until the day of the transfer), rumors quickly circulated that this was an attack. Data scientists also found that the tokens were promptly moved to Etherdelta where they were sold for ethereum (ETH). This amounted to $105 million at the time.
- Horizon (Harmony) – $100 million stolen: Horizon, Harmony’s cryptocurrency bridge that offers transfers between Ethereum and Binance and Bitcoin, was hacked for $100m across 11 transactions in June 2022. In a Twitter thread, Harmony announced it was working with authorities to try and identify the culprit and locate the stolen funds.
- Liquid – $97 million stolen: In August 2021, Japanese cryptocurrency exchange, Liquid, detected that unauthorized persons had accessed its wallets before moving assets worth more than $97 million out of them. $16.13 million USDe of ERC-20 assets were frozen to prevent onward movement but 69 various cryptos were misappropriated and sent to other DeFi platforms or exchanges.
- EasyFi – $81 million stolen: By stealing the private keys to EasyFi’s MetaMask admin account, hackers were able to extract $6 million in USD, DAI, and USDT, plus 2.98 million EASY tokens, all of which amounted to around $81 million. The machine that was compromised to gain the keys was offline most of the time, only being switched on to perform official transfers for the project. When the attack was carried out, the machine had been offline for more than a week. And because it wasn’t actively used when the attack was carried out, this delayed the platform’s response and allowed the hacker to drain the assets from the protocol.
To collate this list of worldwide crypto heists, we’ve searched through industry news and company announcements from across the globe. We’ve tracked attacks on third-party platforms, individual cryptocurrencies, and other DeFi systems, including hacks, thefts, flash loan exploits, and exploited vulnerabilities.
We have only focused on clear exploits by hackers, meaning rug pulls and employee theft haven’t been included. Nor have thefts from individuals.
When assigning a heist to a country, we have only done so if we can find the headquarters of the company.
Data researcher: George Moody, Rebecca Moody
For a full list of sources, please request access here.