The Most Famous Crypto Hacks

The crypto market is open 24/7, global, and incredibly fast. That’s why security incidents, when they happen, have a huge impact: funds can move within minutes, platforms temporarily halt, and user trust drops.

But “crypto hacking” isn’t just one thing. It differs greatly depending on whether the target is a centralized exchange (which holds customer assets) or a decentralized protocol (code that manages assets on the blockchain). In the first case, custody systems and access rights are key; in the second, the design of smart contracts and cross-chain bridges is crucial.

Knowing exactly where the weakness lies—within the system, on the bridge between blockchains, or in the human factor—is essential for assessing risk and protecting yourself.

In what follows, we cover the core concepts, the difference between attacks on exchanges and on protocols, briefly explain technical and social-engineering scenarios (with concrete examples), revisit the first major case, Mt. Gox, outline the most well-known attacks, and finally touch on a current geopolitical story affecting the Bitcoin market.

Exchanges vs. Protocols: what’s the difference—and how do attacks work

An exchange attack targets a centralized system that holds user funds (hot/cold wallets, access rights, internal tools). If attackers obtain keys or admin access, they can move funds or alter records.

A protocol attack targets a smart contract or a bridge (logic, message verification, cryptographic proofs). If validation is weak, an attacker can “issue” unintended tokens or move assets across chains without authorization.

Two main approaches:

• Technical exploit (bug/vulnerability): abusing flaws in code or cryptography. Examples: Poly Network (2021)—fault in cross-chain authorization; BNB Chain bridge (2022)—bug in proof verification.
• Social engineering (human factor): phishing, fake job offers, key theft. Example: in the Ronin/Axie Infinity case, an employee was reportedly lured by a fake job offer, paving the way for the bridge attack.

Mt. Gox: the first major case

Mt. Gox was the dominant Bitcoin exchange from 2010 to early 2014. The first major crypto hack occurred in 2011, when the exchange lost 25,000 bitcoins worth approximately $400,000.

Another blow came in 2014, leading to a collapse and bankruptcy filing after hundreds of thousands of BTC went missing.

About 200,000 BTC were later “found” in an old wallet, but the damage remained massive. The case shaped early debates on custody security and exchange governance.

Ronin: when too few keys guard a big bridge

In March 2022, attackers gained control of enough validators on the Ronin Network, which powers the Axie Infinity game, and signed fraudulent withdrawals.

Roughly $625 million in crypto disappeared in a short time. Too much power rested with too few independent keys, so once compromised, transfers could be “approved” as if legitimate. Investigators linked the theft to a North Korean hacking group, and the Axie Infinity team managed to recover just under $6 million of the stolen funds.

This case showed how sensitive cross-chain bridges are—and how, without strict checks, losses can escalate quickly.

Poly Network: the biggest heist that (almost) came back

In August 2021, a lone hacker exploited a flaw in how Poly Network authorized transfers between blockchains and moved over $600 million to their addresses.

The bug let forged messages be accepted as valid, so the system effectively “approved” transfers to itself. Stablecoin issuers quickly froze part of the funds, and—after the developers publicly appealed on X—the attacker unusually returned most of the assets.

The outcome was far better than expected, raising the question of whether the hacker attacked the network simply “for fun.”

BNB Bridge: creating coins “out of thin air”

In October 2022, a flaw in the BNB Chain bridge allowed the creation of 2 million new BNB without proper verification—worth over half a billion dollars at the time.

The attack stemmed from weak proof verification, so the bridge accepted forged messages as valid. The network was quickly paused, coordinated action with validators and partners followed, and a large share of the value was contained before it escaped to other blockchains.

Although some funds moved beyond reach, the swift operational response showed how a “kill switch” and a well-rehearsed incident plan can reduce damage.

Coincheck: an expensive lesson about “hot” wallets

In January 2018, the Japanese exchange Coincheck lost about $523 million in NEM (XEM) tokens because they were stored in an online “hot” wallet with insufficient protection.

Compromised private keys let the attacker drain funds in one go, without multisig safeguards or limits. Regulators tightened oversight, and the exchange compensated users.

It proved a long-standing industry rule: keep the bulk of assets in cold storage, while hot wallets hold only the liquidity you need, with strict limits.

FTX: chaos after bankruptcy and unauthorized outflows

In November 2022, shortly after filing for bankruptcy, more than $400 million left FTX addresses through a series of suspicious transfers.

Amid system collapse and changing key access, it was hard to distinguish an external hack from insider abuse. Confusion grew as reports emerged that part of the funds were moved under a regulator’s order. Funds were tracked on-chain, some were frozen, and the rest entered lengthy forensic and legal processes.

Reports in 2024 stated that a SIM-swap ring was arrested after accessing an FTX employee’s accounts and stealing millions in crypto.

Chinese allegations against the U.S.

In December 2020, a major theft hit the Chinese mining pool LuBian: roughly 127,000 BTC disappeared to addresses controlled by the attacker. Unlike typical cases where stolen coins are quickly moved through mixers and exchanges, this haul was barely touched—it sat for four years on a limited set of the same addresses. Only in late 2025 did the funds start moving again, immediately raising tensions in both the market and the political arena.

In November 2025, China’s national cybersecurity agency (CVERC) accused the United States of orchestrating, at a state level, a theft linked to the 2020 hack of a Chinese mining pool.

The U.S. side maintains it was a lawful seizure of assets as part of criminal proceedings. The allegations heightened tensions and market concerns, with commentary that such actions could constrain liquidity and trigger short-term withdrawals/sell-offs.

This is a developing story, and it’s important to follow official statements from both sides as well as on-chain movements of the related addresses.

Bridges, Keys, and Human Error: the anatomy of crypto attacks

Security in crypto isn’t a single problem but a mix of risks: technology, operations, and people.

Attacks happen on exchanges (custody, access, internal tools) and on protocols (code bugs, cross-chain bridges), and the “weakest link” is often the human factor.

In practice, the worst damage occurs when a technical flaw meets poor key management or unclear processes.

The good news: most risks can be greatly reduced with clear rules and discipline.

Platforms should keep most funds in cold storage, limit hot wallets, enforce vetted issuance/withdrawal processes, and run regular security reviews of code and bridges.

Users get the best protection by storing long-term holdings on a hardware wallet and using exchanges/DeFi selectively—understanding how a protocol works and what safeguards it has.

What to do if an exchange you use gets hacked

During a crisis, fake posts appear. Don’t click “rescue” links—verify only through the exchange’s official channels.

Secure your accounts and devices immediately. Change your password and revoke all API keys and trusted-device records.

Make a snapshot of your status: screenshots of balances, open orders, and transactions.

If withdrawals are still open, move funds. Send them to your own hardware wallet or another trusted custodian. Start with the largest amounts and the most reliable networks.

Exchanges may pause withdrawals. If that happens, open an official support ticket and request your account status.

Report the case to the relevant authorities.

Follow official announcements. Exchanges publish compensation plans, snapshot dates, and instructions (e.g., how to file a bankruptcy claim). Meet all deadlines.

Assess tax and accounting implications. Theft/unrecoverable loss may have specific treatment. Keep documentation and, if needed, consult a tax advisor.

Finally, monitor community channels—but trust only official communications.