The increase in the value of cryptocurrencies such as Bitcoin, Ethereum, and Litecoin with each passing day, and as a result, they reach an unavoidably large market value has also attracted the attention of cybercriminals who want to earn income in an easy way. Hackers have been known to attack people’s crypto wallets and steal funds from those wallets. More difficult than attacking a digital wallet, attacking blockchain networks results in a massive crypto heist, which is dangerous both for users on the blockchain network and for the people who control the blockchain network.
In this article, we will tell you about the biggest crypto hacks ever. Before you start reading about the crypto hacks in this post, be sure to check out the graphic below to see how big crypto attacks are:
KEY TAKEAWAYS
- The increasing value of cryptocurrencies day by day has caused cryptocurrencies to become the target of hackers who want to make money in an easy way.
- Networks and applications where the biggest hacks ever took place are Ronin Network, Poly Network, Coincheck, Mt. Gox, Wormhole, KuCoin, PancakeBunny, BitMart, PancakeBunny, BitMart, BitGrail, Vulcan Forged, Cream Finance, BadgerDAO, CoinBene, Liquid, WasyFi, Bitfinex, NiceHask, Zaif, Coinrail, and Bithumb.
Table of Contents
Ronin Network
- When it happened: March 30, 2021
- How much was stolen: $614 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
The hack made over the Ronin Network was described as the largest crypto hack ever, as a result of calculations, as the values of cryptocurrencies at the time they were stolen are used in crypto money thefts. This attack affected Ronin Network, an exchange that allows users of the Axie Infinity game to exchange their in-game digital assets acquired through the game for other digital assets or crypto assets.
While it is not known exactly when the attack was launched or by whom, the attack was finalized on March 30, 2021, when Ronin Network’s network realized that an attacker had stolen private wallet keys used to authenticate transactions in crypto wallets. It turned out that these attackers stole 173,600 pieces of Ethereum (an average of $ 2,500 at the time) and which was worth 25.5 million USDC, which was equivalent to the US dollar. Although it was known for certain that these stolen cryptocurrencies were transferred to the wallets of the attackers, it was not possible to determine who owned these crypto money wallets because the wallets were decentralized.
Poly Network
- When it happened: August 10, 2021
- How much was stolen: $611 million
- Did the people who stole crypto assets surrender or were caught: Even if the hacker who stole cryptocurrencies in Poly Network wasn’t caught, he returned everything but $33 million worth of stablecoins
- Who stole crypto assets: No official information
We can say that Poly Network was also subjected to the biggest crypto money attack in history, since there is a difference of only 3 million dollars between the stolen via Ronin Network and the attack made over Poly Network, and this difference is considered small because there are a lot of cryptocurrencies. Although many sources say that the attack experienced by Ronin Network is the biggest crypto hack, there is no decision on this issue.
When the calendars showed the date of August 10, 2021, a hacker showed everyone that his attack was positive by transferring a total of 611 million worth of Poly Network tokens to three different wallets he owned. According to the analysis of a famous security researcher, the hacker who stole the cryptocurrencies found a way to buy the tokens on the Poly Network without selling the tokens on other blockchain networks, and this way, he committed a large-scale robbery.
The hacker or hacker group that attacked Poly Network and owned 611 million worth of crypto assets slowly started returning all the tokens they stole the day after the hacking attack. While some argue that the reason for this behavior is that hackers have difficulty in selling these cryptocurrencies, someone who claims to be from this hacker group stated that they stole these crypto-assets just for fun. For whatever reason, Poly Network regained all the crypto assets stolen in the attack, with the exception of 33 million Tether, by the end of the week of the attack.
Coincheck
- When it happened: January, 2018
- How much was stolen: $547 million
- Did the people who stole crypto assets surrender or were caught: Although it is known that the hackers or the hacker did not surrender, more than thirty people were arrested for helping people who stole crypto assets, the hacker or hacker group may be included in these people
- Who stole crypto assets: No official information
The date was January 2018 when the Coincheck crypto exchange used in Japan revealed that $547 million had been stolen from a fairly little-known cryptocurrency, NEM. Coincheck himself explained the reason why this cryptocurrency was stolen so much and the stock market was so vulnerable: Coincheck stored all cryptocurrencies in a hot wallet, which was extremely vulnerable to cybersecurity breaches.
Following the theft of $547 million via Coincheck, sixteen different cryptocurrency exchanges from Japan decided to form a self-regulatory body. In addition, Japan’s financial regulator, the Financial Services Association, ordered all cryptocurrency exchanges to report on their defenses against hacks after this hack attack.
Mt. Gox Hack
- When it happened: February 2014
- How much was stolen: $480 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
The most popular and widely publicized heist could be described as the first cryptocurrency heist, Japanese exchange Mt. Gox, this crypto money heist was carried out through Bitcoin, and at that time 850 thousand Bitcoins, worth a total of 480 million dollars, were stolen.
In fact, Mt. Gox was tasked with managing more than seventy percent of all Bitcoin transactions until the heist in 2014. In February 2014, unexpectedly, trading on this cryptocurrency exchange was stopped, all exchange services were shut down, and an application for bankruptcy protection was filed with the government. After these stages, it was revealed that eight hundred and fifty thousand Bitcoins in total were lost and most likely stolen. At that time, the stolen Bitcoin was worth $480 million, currently, it is close to $35 billion.
WormHole
- When happened: 2 February, 2022
- How much was stolen: $326 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
The first major cryptocurrency heist of 2022 took place through Wormhole, and a heist worth 326 million dollars occurred through this cryptocurrency platform. Since the Wormhole crypto platform acts as a communication bridge between Solana and other financial networks, the defense of this platform was slightly lower than other platforms. Since it is very easy to detect the vulnerabilities of this platform, hackers found a vulnerability and took full advantage of this vulnerability, causing the Wormhole platform to be shut down for a short time. When the platform was restarted, it was noticed that approximately 120,000 wrecked Ethereum (wETH) was stolen.
KuCoin
- When it happened: September 2020.
- How much was stolen: $275 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
In the third quarter of 2020, KuCoin, a Singapore-based cryptocurrency exchange, reported that some cryptocurrencies on the exchange were stolen. Cryptocurrencies stolen through this exchange included ERC20 tokens created for use in Ethereum smart contracts. This robbery, in which a total of $127 million worth of ERC20 tokens were stolen, occurred as a result of hackers’ seizure of private keys used to access hot wallets on the KuCoin cryptocurrency exchange.
Although KuCoin suffered a total loss of $275 million in September 2020, only five months later, in February 2021, most of the stolen cryptocurrencies and tokens were recovered. Eighty-four percent of this amount was returned, and sixteen percent of this amount was refunded to all customers, as it is under the control of the KuCoin cryptocurrency exchange. There is also a rather surprising fact that despite this attack, KuCoin maintains its existence and popularity as the fifth most popular cryptocurrency exchange.
PancakeBunny
- When it happened: May, 2021.
- How much was stolen: $200 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
The robbery, which took place in May 2021 and in which a total of $ 200 million was stolen, took place on the PancakeBunny platform. Although this platform is a very popular platform, it had problems with security. Aiming to carry out a $200 million attack, the hacker lent Binance Coins before he could manipulate the prices of Binance Coin (BNB) in any way and add his cryptocurrencies to the BUNNY/BNB market. Then, manipulating the price of Binance Coin in exchange for the Bunny token, the hacker was able to purchase a large amount of Bunny token with an instant loan.
Bitmart
- When it happened: December, 2021
- How much was stolen: $196 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
All crypto assets owned by Bitmart users, which are simultaneously on both the Ethereum blockchain network and the Binance Smart Chain network, were stored in a hot wallet. As a result of an attack on this hot wallet in December 2021, a total of 100 million dollars was stolen from the Ethereum blockchain network and 96 million dollars from the Binance Smart Chain network. In addition to these stolen assets, more than 20 types of tokens fell into the hands of hackers, including altcoins such as BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon. In addition to everything else, large quantities of meme coins like Moonshot, Floki, and BabyDoge were also stolen.
BitGrail
- When it happened: 2018
- How much was stolen: $170 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
Just weeks after Japan-based Coincheck was robbed, a small Italian-based cryptocurrency exchange called Bitgrail was also attacked by hackers. Nano cryptocurrency was stolen from the Bitgrail cryptocurrency exchange, and it is known that the total amount stolen with this currency is 170 million dollars. A Reddit user even claimed that the amount he lost through BitGrail was $ 1.4 million. After this big hit, the BitGrail crypto exchange was completely shut down and was unable to reimburse customers for lost amounts.
Vulcan Forged
- When it happened: December 2021
- How much was stolen: $135 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
In the last month of 2021, Vulcan Forged, a gaming company built on the blockchain network, also experienced one of the biggest crypto heists of that year. According to studies and research on this gaming company, hackers gained access to the platform’s credentials in order to obtain the keys to people’s crypto wallets, and thanks to these credentials, they obtained the private keys in MyForge, Vulcan Forged’s portfolio of assets. As a result of this robbery, in which ninety-six different crypto wallets were emptied in total, the hackers obtained 4.5 million Vulcan Forged local PYR tokens.
Cream Finance
- When it happened: October 2021.
- How much was stolen: $130 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
$130 million in cryptocurrencies were lost in the Cream Finance cryptocurrency heist, which took place in 2021 and was the biggest heist of October 2021, yet this heist was not the first heist Cream Finance has faced. Hackers attacked the platform three times in a year, stealing $37 million in February 2021 and $29 million in August 2021. The latest attack started when hackers realized that there was a flaw in the flash credit system of this finance system, and hackers who made good use of this vulnerability stole 130 million dollars worth of tokens and crypto assets from Cream Finance on the Ethereum blockchain network.
BadgerDAO
- When it happened: December 2021.
- How much was stolen: There was a robbery of $120.3 million, as approximately $9 million of the $130 million heists was recovered.
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
In the last month of 2021, different crypto wallets on BadgerDAO, an important platform in the DeFi system, were attacked and it was learned that a robbery of 130 million dollars was planned as a result of this attack. However, the net amount lost in the heist was determined as $120.3 million, as the hacker or hacker group exploited a malicious snippet by advancing through the Cloudflare company and did not withdraw approximately $9 million.
CoinBene
- When it happened: March 2019.
- How much was stolen: $105 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: Although the group that stole ERC-20 tokens on CoinBene sold their crypto assets, it was impossible to find out who this group was, so it remains a mystery who the hackers are.
As of March 2019, CoinBene platforms tried to prevent more of the cryptocurrencies owned by users from being stolen, saying that the platform was under maintenance in order to stop customers’ transactions. The robbery was understood as a result of the transfer of cryptocurrencies in CoinBene’s hot wallet to an unknown wallet. Many investors agreed that CoinBene was hacked, as CoinBene announced that each of the ERC-20 tokens on this platform was moved to a different wallet. Data scientists investigating what happened after the heist and trying to find out the people responsible for the heist discovered that the stolen ERC-20 tokens had been moved to Etherdelta. After all ERC-20 tokens were moved to Etherdelta, Ethereum was purchased using ERC-20 tokens on this platform.
Liquid
- When it happened: August 2021
- How much was stolen: $97 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
In the eighth month of 2021, the Japanese-based cryptocurrency exchange Liquid was exposed to a heist of $ 97 million. It is known that crypto wallets in Liquid were first accessed in order to gain access to the crypto assets stolen by unauthorized persons. A total of sixty-nine different cryptocurrencies were already embezzled by the robbers and sent to other DeFi platforms, even though they aimed to prevent the further growth of this heist by freezing 16.13 million ERC-20 tokens immediately after the attack and the robbery were noticed.
EasyFi
- When it happened: October 2021
- How much was stolen: $81 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No definite information
Hackers who stole the private keys of the MetaMask wallet, which is the administrator account used by the EasyFi platform, stole a total of $ 6 million from stablecoins such as USD, DAI, and USDT. In addition, hackers stole nearly three million EASY tokens with a total value of $81 million. In fact, the machine the hackers stole keys from was often offline and inaccessible online. However, since official transfers were requested for the EasyFi project, the machine was opened. When hackers attacked the machine to steal cryptocurrencies, the machine had been online for over a week and the EasyFi platform was unable to provide a quick response as the machine was not actively used. Due to the machine being in an offline state, it was possible for hackers to transfer crypto assets to their own wallets and dump them from the protocol.
Bitfinex
- When it happened: 2016.
- How much was stolen: The amount of stolen Bitcoin was $72 million. If the cryptocurrencies stolen in 2016 were stolen now, the value stolen amount would be $5.5 trillion.
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
In 2016, 120 thousand Bitcoins were stolen through the crypto money exchange Bitfinex established in Hong Kong, the market value of these Bitcoins at that time was 72 million dollars in total. In order for these Bitcoins to be stolen more easily and quickly, the hackers divided the number of these Bitcoins that they would steal from the wallets into 2000 and directed them to a single wallet in parts. Since such a large transaction took place, the value of Bitcoin decreased by approximately twenty percent.
NiceHash
- When it happened: 2017.
- How much was stolen: The amount of stolen Bitcoin is $64 million. However, if 4,700 Bitcoins were stolen today, the entire amount stolen would be approximately $217 million.
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: Although there is no definite information on this subject, it is thought that this attack, carried out over NiceHash, was made by Lazarus, a North Korea-based hacker group.
The NiceHash Bitcoin heist that took place in 2017 has been named the biggest theft in Ukrainian history by Andrej Skraba, the CMO of NiceHash. 4,700 Bitcoins, worth a total of $67 million at the time and now worth $247 million, were stolen from the NiceHash platform. Hackers managed to infiltrate the payment system on NiceHash’s website to seize and steal Bitcoins on the NiceHash platform. There have always been claims that this attack was the work of the North Korean-based Lazarus group, but this claim came true when a court in Los Angeles confirmed that these three hackers stole Bitcoins. NiceHash, which has been trying to pay its customers affected by this attack for the three years after 2017, for the cryptocurrencies lost in the attack, announced that it made all the refunds in December 2020.
Zaif
- When it happened: 2018.
- How much was stolen: $60 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
The target that hackers set for robbery in 2018 were the Zaif cryptocurrency exchange, which was founded in Japan. A total of $60 million worth of cryptocurrencies were lost as a result of the attack by these hackers. The most important reason why Zaif was chosen as the target for the attack was the use of hot wallets, which hackers can make instant transactions and have very low-security measures. It wasn’t hard for hackers to steal 60 million worth of Bitcoin, Bitcoin Cash, and Monacoin.
As only thirty-two percent of the cryptocurrencies stolen came from reserves, Zaif had to make out-of-pocket payments to pay his customers. In addition, Zaif immediately applied for a loan in order to be able to repay his customers immediately, and when he received the loan, he repaid his customers for the crypto assets they lost.
Coinrail
- When it happened: June 2019.
- How much was stolen: $37.2 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: It is not known who the person or persons who organized the Conrail robbery were.
Coinrail was a South Korean cryptocurrency exchange that was hacked just a week after Bithumb was hacked. Hackers attacking Coinrail stole many tokens, including coins like Pundi X and Aston, with a combined value of $37.2 million. Although Bitcoin lost approximately eleven percent of its total value immediately after this attack on Coinrail, it is not known whether this depreciation is related to Coinrail or how much of the percentage depreciation was due to Coinrail. Coinrail, which was seriously attacked, closed the stock market for a short time in order not to lose its crypto money, but then reopened it and continued to serve financial services.
Bithumb
- When did it happen: 19 June, 2019.
- How much crypto assets were stolen: $30 million
- Did the people who stole crypto assets surrender or were caught: No
- Who stole crypto assets: No official information
According to the news published by Coin Telegraph, the hack that occurred on the Bithumb cryptocurrency exchange on June 19, 2019, caused the theft of approximately $ 30 million worth of tokens. Although the Bithumb cryptocurrency exchange promised that everyone involved in the exchange would not be able to access the wallets of the customers, the crypto money in the wallets of the users on the Bithumb cryptocurrency exchange was stolen. While this would normally have damaged Bithumb and turned it into an almost forgettable cryptocurrency exchange, Bithumb did not suffer any damage in any way as it promised a refund. Bithumb was the world’s sixth-largest cryptocurrency exchange before the attack but has dropped to only tenth after this attack.
Can the stole crypto somehow be recovered?
Blockchain technology allows the recovery of stolen cryptocurrencies in any form. With the blockchain technology, the movements of the money in question and thus where it is transferred can be tracked, and the person or group who stole the said cryptos can be pursued. In addition, insurance policies leveraged by exchanges and DeFi protocols can pay asset owners a great deal of money lost.
Is there a way to hack my crypto keys?
Blockchains give their users private keys to access their cryptocurrencies. If a hacker somehow gains access to the private key information of the targeted user, they can infiltrate his wallet and subsequently steal cryptocurrencies from his wallet. In addition, in a protocol, exchange platform, or a Defi service, a flaw in the smart contract of the system may create a deficit that opens a door to any hacker to steal the money in a related ecosystem. In addition, today, individual users’ wallets can be linked to fake-copy sites that look like originals, using methods such as phishing. In these ways, fraudsters who learn your password or private key can seize your crypto asset.
Should I report the crypto assets stolen from my wallet?
Some scammers claim that your stolen crypto-assets can be recovered instantly, which is unfortunately not credible. It may be useful to share your situation on platforms such as Telegram, and Reddit, and to contact customer service immediately if you are using a centralized platform.
Who did the Bitcoin theft in 2016?
When the calendars showed August 2016, one or more people hacked the cryptocurrency exchange Bitfinex and managed to steal exactly 119,754 BTC. Following the incident, a young married couple named Ilya Lichtenstein and Heather Morgan was brought before the federal court for trying to launder the proceeds of the theft.