Crypto has faced its fair share of challenges, mainly due to hacks or exploits. The main focus of many protocols and exchanges is to improve their security, but sometimes, black hat hackers get through and steal hundreds of millions of dollars.
The list of crypto heists is long, and many of the thieves remain anonymous, but what is the biggest crypto hack? Join us as we take a look at the top 5 crypto heists.
(The list is ordered by the value of assets stolen at the time of the heist and does not include cases where the assets were returned.)
5. Bitmart - $196m
Bitmart is a crypto exchange founded in 2017. Exchanges use a mix of hot and cold wallets to store user assets, the latter of which is the safer option.
In early December 2021, a hacker obtained access to one of Bitmart’s Ethereum hot wallets and one of their BSC hot wallets, withdrawing around $196 million worth of assets.
Initially, Bitmart denied there was a hack, but a blockchain security firm called PeckShield revealed the total estimated loss in a tweet, which prompted Bitmart to confirm the withdrawn funds were indeed a crypto heist.
Bitmart stated that they will use their own funds to reimburse all affected users.
4. Wormhole - $325m
Wormhole is a crypto bridge protocol that allows the transfer of tokens across nearly a dozen blockchains like Ethereum and Solana.
On February 2, 2022, a hacker was able to exploit the Wormhole bridge on Solana and mint wETH, then redeem it for ETH on Ethereum. In total, around $325 million worth of assets were stolen.
At the time of writing, the hacker’s wallet still holds over 90,000 ETH worth around $170 million. Wormhole remains active today and has promised to reimburse the affected victims of the crypto heist.
3. Mt. Gox - $480m
Crypto OGs will know this one and feel the pain. Mt. Gox was a crypto exchange that was thriving between 2010 and 2014. At its peak, it was handling more than 70% of all Bitcoin transactions. In hindsight, centralizing the trading of a decentralized currency… not the best idea.
Mt. Gox faced many hacks and attacks since its inception, leading to downtime and smaller losses of bitcoin. However, in early February 2014, some users were experiencing withdrawal issues. The final blow had come.
Shortly after, Mt. Gox announced it had lost around 850,000 bitcoin, which was 7% of all bitcoin at the time. A hacker had drained the exchange’s hot wallet over time. Today, the stolen assets would be worth a staggering $20 billion, but at the time, they were worth around $480 million.
The exchange filed for bankruptcy and closed down. Miraculously, they found 200,000 bitcoin in an old wallet, which is held by a trustee and planned to be distributed to the victims of the crypto heist.
Ironically, most customers will be in profit after the distribution of the remaining bitcoin due to the forced hodl. The Mt. Gox legal chaos continues to this day.
2. Coincheck - $530m
Coincheck is a Bitcoin wallet and exchange that has remained online since its inception in 2014, but things have not always gone smoothly for the Japanese exchange.
In early January 2018, Coincheck faced a breach. Around 500 million NEM tokens, worth around $530 million at the time, were stolen.
The Tokyo Public Prosecutors have charged around 30 individuals since last year with their involvement in the Coincheck crypto hack, specifically for converting stolen NEM tokens to other virtual currencies.
While it seems the mastermind behind the crypto heist remains unknown, Coincheck reimbursed all 260,000 affected customers using its own capital and remains active today.
1. Ronin Network - $612m
Axie Infinity is the largest crypto game and was one of the main reasons for the metaverse boom in 2021.
While Axie was running on Ethereum originally, its team developed their own chain called Ronin to allow cheaper and faster transactions, leading to a smoother gaming experience. The Ronin bridge allowed assets to be transferred between Ronin and Ethereum.
However, in late March 2022, a hacker obtained the private keys of five Ronin chain validators, which was enough to facilitate the draining of the entire bridge. In total, $612 million worth of ETH and USDC was stolen.
The FBI stated that a North Korean cybercrime group called Lazarus Group was responsible for the crypto heist. Based on their wallet, Lazarus seems to have funelled all the assets through Tornado Cash, which caused the US Treasury Department to blacklist the protocol recently.
At the time of writing, the Ronin bridge crypto heist remains the largest of its kind.
Thanks for reading our top 5 crypto heists. Why not check out our top 5 most expensive virtual land sales ever?
Start your crypto journey
It’s easy to get started with Exodus. You can buy your first crypto and begin diving into Web3 from right where you’re at, using your web browser, phone or laptop.
A short list of what you can do straight away:
- Buy crypto with credit/debit card, bank transfer, or Apple Pay
- Swap crypto at the best rates
- Collect, buy and sell NFTs
- Stake crypto to earn even more crypto while you sleep
Exodus is self-custodial, which means that both your data and funds remain in your control. We couldn’t touch them even if we tried!
This content is for informational purposes only and is not investment advice. You should consult a qualified licensed advisor before engaging in any transaction.