12 Biggest Hacks in Crypto Exchange History
Cryptocurrency is seen as the technology of the future, happening today, and its growing recognition has seen it adopted by over 300 million people worldwide. What’s more is that cryptocurrency is designed to be transferred electronically and securely, with the blockchain recording all transactions made, thereby reducing opportunities for fraud.
However, that expectation has not quite been the case in reality. Cryptocurrency exchange hacks have been a consistent thorn in the side of both investors and exchanges. Indeed, even despite the measures employed by exchanges to protect their assets, experienced attackers have still managed to find their way around them, and breach platform security walls.
It is also important to keep in mind that exchanges are frequently targeted due to their tendancy to have open-source code libraries. A great many hacks have occurred in crypto’s brief history, often leaving investors literally in tears. The most vexing part for exchanges is that such hackers are never satisfied, and continue to attempt to hack even the most seemingly secure systems, often taking it as a challenge.
With that in mind, one begins to wonder just how many crypto hacks have happened, and how much has been stolen in the process. While we can’t cover them all, let’s take a gander at the 12 biggest hacks in crypto exchange history.
12. Binance – $40M Stolen
The exchange’s total losses amounted to an approximate $40m as the attackers broke through the exchange’s security systems, obtaining key information sets including two-factor authentication codes, APIs, and other data.
The hackers were said to have used a variety of techniques to perpetrate the attack, including phishing, injecting viruses and more. Ultimately, the exchange claimed that its secure asset fund for users (SAFU) covered all losses.
11. Upbit – $45M Stolen
The Upbit cryptocurrency exchange was founded in 2017 in South Korea, and quickly became the world’s largest crypto exchange in terms of daily transactions in 2018, making Upbit a mammoth in the crypto industry
However, in November 2019, the exchange was hit by a terrorist cyber-attack. In the event, hackers broke into the exchange, stealing over $45 million in a single transaction.
Following the hack, the platform transferred all holdings from its hot wallets, to more highly secure cold wallets. In 2020, Upbit updated its Ethereum wallet’s security system, and introduced new addresses for deposits.
A few months later, the U.S. Department of Justice managed to identify two Chinese nationals who had allegedly carried out the attack.
10. Zaif – $60M Stolen
Zaif has earned the title of being the oldest crypto exchanges in Japan. In 2018, hackers targeted Zaif, stealing masses of cryptocurrency to the tune of $60M at the time.
The hackers syphoned Bitcoin, Bitcoin Cash, and Monacoin from Zaif’s “hot wallets”, crypto wallets which have lighter security measures in place, allowing them to be used for immediate transactions.
While much of the stolen funds belonged to Zaif users, the exchange itself was also left out of pocket, as 32% of the cryptocurrencies taken came from its reserves.
The company refunded its customers immediately, even taking out loans to ensure it could meet its obligations.
9. BadgerDAO – $130M Stolen
At the tail end of 2021, tragedy struck BadgerDAO, a decentralized autonomous organisation (DAO) that enables bitcoin to be used as collateral on decentralized finance (DeFi) applications.
The hack was discovered by blockchain security firm PeckShield, which tracked down the missing funds. The platform confirmed that hackers had used a maliciously injected snippet via Cloudfare, which enabled them to drain $130 million in funds.
However, around $9 million of the stolen funds were recovered, as they were not withdrawn.
8. Bitgrail – $150M Stolen
Bitgrail, a now insolvent Italian exchange that had operated in lesser-known cryptos such as Nano (XRB), suffered a hack that saw it lose $150m.
Nano wallets took the brunt of the hit, as at least 17 million coins were stolen, resulting in approximate losses of $150 million. An investigation later revealed that the coins had been stolen from cold wallets, suggesting an inside job due to their nature.
In 2019, an Italian court ruled that Francesco Firano, founder of the now defunct Bitgrail cryptocurrency exchange, was responsibile for the disappearance of the $170 million, and ordered him to repay customers the full amount of losses incurred.
7. PancakeBunny – $200M Stolen
In May 2021, Pancake Bunny was made the victim of a flash loan attack in which hackers were able to drain $200 million from the platform.
A report disclosed that the hacker had loaned a large sum of Binance Coin (BNB), which they used to manipulate its price, ultimately dumping it on PancakeBunny’s BUNNY/BNB market.
Fortunately, the hack didn’t result in any smart contract hacks, and no vaults were compromised. Interestingly, after successfully dumping his BUNNY tokens, the attacker paid back their flash loans in full.
6. KuCoin – $280M
On September 26th, 2020, KuCoin announced that it had been breached as a result of a pre-planned attack.
The losses incurred in the resulting theft of cryptocurrencies amounted to approximately $280 million at the time, making the KuCoin incident one of the biggest crypto exchange hacks to date.
Reports suggested that the funds had been stolen from the company’s hot wallets, and its cold wallets remained secure.
On October 7th, 2020, the exchange announced that it had recovered some $204 million of the stolen crypto, and had even identified suspects with substantial proof at hand.
5. Wormhole – $326M Stolen
In the first quarter of 2022, the Wormhole crypto exchange was hacked, losing $326 million, and becoming the first major crypto heist of 2022.
The platform acts as a communication bridge between Solana (an “Ethereum Killer” that has enjoyed tremendous success over the last year) and other decentralized finance networks.
On February 2nd, 2022, hackers were able to exploit a vulnerability, causing Wormhole to close its platform while it investigated the issue. Two days later, long-time backer Jump Trading stepped in to replenish the stolen funds, much to the relief of the exchange and its investors.
4. Mt. Gox – $480M Stolen
One of the best-known crypto heists was the theft of $480m in Bitcoin from Japanese exchange Mt. Gox in 2014.
In February of that year, the exchange abruptly suspended trading, halted exchange services, and filed for bankruptcy protection. Afterwards, it revealed that up to 850,000 Bitcoins were missing, presumed stolen. With the siphoned Bitcoin constituted around 7% of the total Bitcoin in circulation at the time, the ill-gotten haul was valued at an approximate $480m.
Other major Bitcoin exchanges condemned Mt. Gox for its actions, labelling them a tragic violation of users’ trust. To date, creditors are still seeking billions of dollars worth of cryptocurrency in reparation.
3. Coincheck Hack – $534M Stolen
Coincheck, one of the top 20 exchanges in the world, had its run-in with hackers in January 2018, when it lost crypto worth $534M.
Immediately after identifying the breach, Coincheck froze all deposits and withdrawals on the platform. Unfortunately, the damage had already been done, and the exchange admitted that it would struggle to cover the losses suffered by users.
The hackers utilized a phishing attack to gain access to hot wallets. From there, they were able to spread malware and siphon off the funds.
The attack was followed by a thorough investigation led by Japanese authorities. Details about the attack were revealed in a 2021 report, in which authorities stated that many of the individuals involved in the attack were in the high-income bracket.
2. Poly Network – $611M Stolen
At the time of the Poly hack, the crypto community was certain that it would be the biggest crypto hack of all time. Sadly, they were wrong. In 2021, the Poly Network reported that a hacker had transferred $611m worth of Poly Network tokens to three wallets under their control.
The illicit actor found a way to buy tokens on the Poly Network protocol without needing to sell the corresponding tokens on other blockchains.
In a bizarre, but positive twist, the attacker returned the stolen assets to the Poly Network within 15 days, claiming that the purpose of the theft had been to reveal vulnerabilities, and catalyze the development of a more secure Poly Network.
1. Ronin Network (Axie Infinity) – $620M Stolen
In the biggest event to date, one that shook the crypto industry, the Ronin Network (a gaming-based crypto network) announced on March 29th, 2022, that it had been hacked, resulting in total losses of a whopping $620 million.
The sum consisted of 173,600 ETH (worth an approximate $595M USD), and $25.5m in USD Coin (USDC), making it the biggest crypto heist.
It was reported that the hackers had infiltrated the network of Axie Infinity developer Sky Mavis by sending a spyware-filled PDF to one employee. The employee was under the impression that they were being offered a high-paying job by another firm, but it turns out that the company never existed.
The U.S. Treasury Department later attributed the theft to North Korea’s Lazarus group. Axie Infinity later stated that it would reimburse all victims of the $625 million Ronin bridge hack.
So much money has been lost to cryptocurrency hacks, leaving a great many investors unable to recover.
The world of cryptocurrencies will surely continue to expand in the coming years, but that can only mean one thing: the industry’s growth will undoubtedly attract the interest of even more malicious hackers. In other words, theft will continue to play a role in the crypto industry until exchanges and projects take the next step towards perfecting the security systems they employ.