Regardless of maturing to the purpose of changing into a multi-trillion-dollar asset class, the crypto world continues to be ripe with hacks and scams. In actual fact, the worst one ever simply occurred.
Malicious actors trying to benefit from inexperienced customers or insecure crypto protocols have discovered ample alternative, siphoning off greater than $10 billion in funds within the final 5 years in response to Chainalysis. And 6 out of the final 11 years have seen over $1 billion value of losses to hacks and exploits, peaking in 2022 with $3.7 billion value.
And 2025 is off to a tough begin on that entrance, with this yr’s stolen funds almost matching 2024’s full-year complete thanks to at least one large centralized change hack. That assault at the moment leads the listing of the worst crypto hacks of all time, primarily based on the worth of the belongings swiped on the time of the breach.
1) Bybit – $1.4 billion
The largest crypto hack of all time noticed greater than 400,000 Ethereum—valued at $1.4 billion on the time of the hack—and different Ethereum-based tokens swiped from a chilly pockets from Dubai-based centralized change Bybit in February 2025.
The assault was confirmed by Bybit co-founder and CEO Ben Zhou, who indicated {that a} deliberate switch was manipulated, ensuing within the change unknowingly handing funds over to an attacker’s pockets.
Bybit ETH multisig chilly pockets simply made a switch to our heat pockets about 1 hr in the past. It seems that this particular transaction was musked, all of the signers noticed the musked UI which confirmed the proper deal with and the URL was from @protected . Nonetheless the signing message was to vary…
— Ben Zhou (@benbybit) February 21, 2025
The hack was rapidly linked by on-chain sleuths to North Korea’s state-sponsored Lazarus Group, an entity accountable for taking greater than $1.3 billion in crypto funds through hacks in 2024 alone. The FBI later confirmed that proof factors to Lazarus.
Regardless of the enormity of the hack, Bybit was capable of course of all withdrawals and crammed its Ethereum hole rapidly through a mixture of loans, deposits, and purchases of the second-largest crypto asset.
In preliminary reviews issued days after the assault, cybersecurity consultants concluded that the problem arose when North Korean hackers planted malicious code into the infrastructure of Protected, the pockets supplier utilized by Bybit.
2) Poly Community – $611 million
Poly Community, a multi-chain interoperability protocol, skilled the second-largest crypto hack of all time in 2021, shedding roughly $611 million value of varied crypto belongings throughout three separate chains.
The community’s builders confirmed the hack on August 10, 2021, asking miners or validators of Ethereum, Polygon, and BNB Chain (previously Binance Good Chain), in addition to centralized exchanges, to blacklist addresses related to the hack.
After immense strain from the crypto neighborhood, the hackers started returning funds to Poly Community inside a day of the hack, in the end returning almost the entire funds inside 2 weeks of the exploit. The perpetrators mentioned the assault was “only for enjoyable” in a wild saga that concerned quite a few back-and-forth messages between the hacker, Poly Community, and the crypto neighborhood.
3) BNB Chain – $570 million
A hacker gained management of round $570 million value of Binance Coin (BNB) in an exploit of the BSC Token Hub on BNB Chain on October 6, 2022.
The assault allowed the malicious actor to grant themselves 2 million new BNB tokens, convincing the hub within the course of through a “refined forgery.”
After it was rapidly recognized that irregular exercise was happening, the chain first paused exercise, later halting it after additional identification of the hack. Due to the swift actions of the chain and its validators, solely about $100 million of the $570 million was in the end siphoned off the chain.
4) Coincheck – $530 million
Within the oldest hack on the listing, Japanese change Coincheck fell sufferer to a $530 million heist of 523 million NEM tokens in 2018 when a nasty actor gained entry to the recent pockets that contained the funds.
Greater than 260,000 customers of the change had been affected, with the platform refunding roughly $400 million to these events with its personal money, in response to The Guardian.
On the time, it was the biggest crypto hack in historical past. Nonetheless, the worth of the stolen NEM has since decreased drastically, pricing the stolen belongings at $10.36 million at at present’s costs.
Two years after the heist, the District Court docket in Tokyo introduced the seizure of a small fraction of the tokens that had been stolen.
5) Ronin Community – $552 million
Ronin Community fell sufferer to a $552 million hack in March 2022. Very similar to the BNB Chain exploit, the Ethereum gaming sidechain’s native bridge was focused in an assault that utilized hacked personal keys, later pinned on North Korea’s Lazarus hacking group by the USA Treasury.
After having access to the personal keys, the hackers had been capable of signal transactions from 5 of the 9 complete community validators—the minimal requirement with a purpose to approve transactions. Although the hack occurred on March 23, it was solely disclosed by the community per week later, when the worth of the belongings tallied $622 million.
Finally, the hacker was capable of achieve entry to 173,650 Wrapped Ethereum and 25.5 million USDC stablecoins.
In September 2022, roughly $30 million of the funds misplaced had been recovered, marking the primary time that funds stolen by North Korea’s hacking group had been seized. Ronin creator Sky Mavis repaid all affected customers and the bridge was finally reopened with extra safety protections and a rising pool of validators to spice up decentralization.
Edited by Andrew Hayward
Every day Debrief E-newsletter
Begin each day with the highest information tales proper now, plus unique options, a podcast, movies and extra.