In August 2016, a notable incident occurred involving the compromise of a significant portion of Bitfinex, a cryptocurrency exchange. During that period, the total valuation of bitcoin stood at $350 million.

Afterward, the US government managed to recover a portion of the stolen funds. As well as successfully identified two Israeli siblings who were implicated in the crypto hacks. These individuals transferred the pilfered coins from one wallet to another. It is speculated that the motive behind their actions was capitalizing on the surging value of bitcoin.

In March 2022, US President Joe Biden’s executive order pertaining to cryptocurrencies highlighted the remarkable recent expansion of the market. The combined market capitalization of all digital assets reached $3 trillion in November of the previous year. Thus, signifying a staggering 21,000% surge since 2016.

However, this growth has been far from seamless. Not only have cryptocurrency prices, including Bitcoin, exhibited extreme volatility but the market has also been incessantly targeted by cybersecurity breaches. The most significant historical crypto breaches underscore an industry that is gradually realizing the importance of impeccable security as a requisite when handling millions of dollars worth of digital assets. Let’s take a look at the biggest crypto hacks and attacks in history, in this blog!

Record-Breaking $625 Million Ronin Network Hack, 2021

The Ronin Network hack, which transpired in 2021, resulted in the theft of an astounding $625 million worth of cryptocurrency. It stands as the most significant cryptocurrency heist to date, measured by the value of the crypto assets pilfered. This audacious breach occurred within the context of the Ronin Network, a platform that facilitates the exchange of in-game tokens from the popular Axie Infinity video game for other forms of cryptocurrency.

The Ronin Network suffers a $625 million hack, making it the largest crypto hack ever.

The hacker found a gas-free RPC node to gain access to the additional validator and used hacked private keys to forge fake withdrawals, draining 173,600 $ETH and 25.5M $USDC from the bridge.

— CoinGecko (@coingecko) March 30, 2022

On the 30th of March, it came to light that an unauthorized individual had managed to acquire the private keys essential for validating transactions on the network. This assailant proceeded to move a staggering sum of 173,600 Ethereum and 25.5 million USDC, a stablecoin pegged to the US dollar, into their own digital wallets. Calculating based on the prevailing conversion rates, the overall worth of this pilferage equated to $614 million. This cybertheft was brought to attention when a legitimate customer sought to perform a withdrawal and encountered an unexpected issue.

Investigations by U.S. officials linked this breach to the Lazarus Group, a hacking collective believed to be backed by the North Korean state. A subsequent effort by Binance managed to reclaim $5.8 million from the stolen funds approximately a month later. Nevertheless, despite this recovery, the Ronin Network hack remains the largest hacking incident in the history of the cryptocurrency world. The company responded,

“We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.”

Ronin Network

Poly Network’s $611 Million Hack, 2021

The second most significant crypto hacks in history occurred in the previous year, involving the appropriation of $611 million from Poly Network, a smart contract platform enabling users to exchange tokens across different blockchains like Bitcoin and Ethereum.

On August 10th, 2021, an individual with malicious intent managed to transfer Poly Network tokens worth $611 million to three wallets they controlled. As per the assessment by cybersecurity researcher Mudit Gupta, the attacker had discovered a method to ‘unlock’ tokens on the Poly Network protocol without simultaneously ‘locking’ the corresponding tokens on other blockchains, essentially enabling them to acquire tokens without a corresponding sell-off.

pic.twitter.com/Yzw4oDenjC

— Poly Network (@PolyNetwork2) August 10, 2021

Fortunately, the situation took a positive turn for Poly Network as the attacker initiated the process of returning the pilfered tokens the following day. Although there were speculations that the attacker encountered difficulties in selling the tokens, the purported attacker mentioned that the theft was executed merely “for fun.”

By the close of the week, Poly Network reported the recovery of all assets except for approximately $33 million worth of the ‘stablecoin’ Tether, which had been promptly frozen after the attack occurred. Steven Dickens, senior analyst at technology research company Futurum, wrote,

“While lessons need to be learned for sure, we need to be aware of the progress made so far by the DeFi community [which is for all] intents and purposes less than a decade old.”

Steven Dickens

Massive $547 Million Coincheck Heist, 2018

Back in January 2018, the Japanese cryptocurrency exchange Coincheck disclosed staggering crypto hacks amounting to $547 million in the lesser-known cryptocurrency NEM. The revelation laid bare the fact that the company had stored these assets in a ‘hot wallet,’ a type of cryptocurrency storage connected to the internet and, consequently, susceptible to cyber breaches.

Following this incident, 16 crypto exchanges in Japan joined forces to establish a self-regulatory entity. The nation’s financial regulatory body, the Financial Services Association, promptly directed all exchanges to furnish details about their cybersecurity preparedness.

During the time of this breach, Coincheck stood as one of the most prominent exchanges in Japan. The country held a significant position in the global crypto trading landscape. Several months subsequent to the breach, Coincheck found itself under the wing of financial services provider Monex Group, which had acquired the exchange.

The identity of the perpetrator remains elusive. Nevertheless, Japan witnessed the arrest of over 30 individuals connected to the sale of the stolen assets in connection with this incident.

The 2014 $480 Million Bitcoin Theft from Mt. Gox

The initial widely covered and potentially still one of the most recognized crypto hacks occurred in 2014 when $480 million worth of Bitcoin was stolen from the Japanese exchange Mt. Gox.

Originally established in 2010 as a platform for trading ‘Magic the Gathering’ game cards, by 2014. Mt. Gox had become responsible for handling over 70% of all Bitcoin transactions. In February of that year, the exchange abruptly halted trading, closed its exchange services, and initiated bankruptcy protection proceedings.

Subsequently, it was disclosed that a substantial number of Bitcoins, approximately 850,000, were missing and presumed stolen. This accounted for about 7% of the total Bitcoin supply in circulation during that period, equivalent to around $480 million. In the present day, this sum would be valued closer to $35 billion.

During the time of the theft, Mark Karpeles, who was the CEO of Mt. Gox, was later arrested on charges unrelated to the breach. He claimed to have been intensely interrogated for eight hours daily. Including questions about the whereabouts of the missing Bitcoins and even his potential identity as Satoshi Nakamoto, the creator of Bitcoin. However, in 2016, a U.S. investigation concluded that Mt. Gox had fallen victim to an external hacking incident.

KuCoin $285 Million Cryptocurrency Breach, 2020

In September 2020, KuCoin, a cryptocurrency exchange headquartered in Singapore. It was made public the unsettling discovery that approximately $275 million worth of cryptocurrency had been illicitly acquired. Among the stolen assets, $127 million consisted of ERC20 tokens, commonly employed in Ethereum smart contracts. CEO Johnny Lyu disclosed that the hackers had successfully gained access to the private keys securing the exchange’s ‘hot wallets.’

Subsequent to the incident, a significant proportion of the pilfered tokens were reclaimed. By February 2021, KuCoin announced that its insurance covered the remaining 16% of stolen funds. Consequently, the exchange managed to fully reimburse all affected customers.

Reflecting on the event one year after the breach, Lyu detailed a series of security enhancements that KuCoin had undertaken. These measures encompassed the establishment of a new risk control system. An elevation in network security, and a comprehensive restructuring of the cybersecurity team.

“The experience gained from this incident will enable us to quickly advise and support other industry partners in the event of a security crisis in the future,”

KuCoin CEO Johnny Lyu

What’s The Future of Security in Crypto Hacks?

The world of cryptocurrencies has seen its fair share of dramatic heists and breaches. These incidents highlight the critical importance of cybersecurity in the digital asset realm. As the market continues to grow, so do the challenges it faces. As demonstrated by the record-breaking crypto hacks and attacks that have occurred over the years.

Each breach serves as a cautionary tale for the industry, pushing it toward continuous improvements. Including security protocols, risk management, and regulatory oversight. While the landscape has seen remarkable growth, it’s crucial for the players within the cryptocurrency ecosystem to remain vigilant. Additionally, adapt to evolving threats, and foster a culture of robust security practices.

Smart dApps can bolster security by conducting code audits. By employing secure smart contracts, smart dApps practice regular penetration testing. Using multi-signature wallets, emphasizing secure development, educating users, and smart dApps foster bug bounty programs. Learn more about security strategies introduced by smart dApps in our whitepaper!