Biggest hacks in crypto history

Biggest hacks in crypto history

When blockchain was created, the main idea of it was to decentralize finances and make online transactions impossible to hack. But today most of the crypto flows through centralized exchanges and there has been more than $6 billion stolen in crypto, if we adjust the stolen money for inflation it comes close to $30 billion.

"Cybercrime is the greatest threat to every company in the world." - Ginni Rommety

From Ronin Network all the way to KuCoin, everyone can fall victim to hackers. With blockchain improvements in security departments, hackers' skills are also improving. These hackers spend a lot of time surfing through different blockchains, looking for weaknesses they can exploit. If not careful many developers can end up like Ronin Network which lost more than $600 million to one hack attack.


Biggest Crypto Hacks in History

  • Ronin Network - $615 million
  • Poly Network - $611 million
  • Bitfinex - $72 million ($2.4 billion in today's money)
  • Coincheck - $547 million
  • KuCoin - $275 million 

Ronin Network Hack (Axie Infinity)

Axis.pngIf someone were to steal more than $600 million from you, you might think that you would notice it. But Axie Infinity developers Sky Mavis could not do that when $615 million vanished from their Axis balance.

This hack took place on the Ronin Network, the side chain of the Ethereum network, in March of this year. This hack was caused by the lowering of security protocol in December which Sky Mavis initiated themselves. This was not meant to be a permanent change and only temporary for one of the big updates for Axie Infinity. Unfortunately, this change was not reverted and gave hackers the possibility to find and exploit this weakness.

What is even worse is that Sky Mavis initially did not realize that they were missing $615 million dollars from their balance. This problem was brought to their attention only after users complained that they could not withdraw their funds.

In total hackers got away with 173,600 Ethereum and 25.5 million USDC, which at the time was worth $615 million.

Sky Mavis stated that they have started to work with different law enforcement agencies, forensic cryptographers, and investors. But the US government believes that the hack was carried out by a group operating from North Korea, which makes it very unlikely that Sky Mavis will ever see those funds returned.

"Related to any smart contract issue or anything like that which you might normally find in the DeFi space this was actually a social engineering attack" - Aleksander Larsen

Since then, Sky Mavis has raised around $125 million to reimburse users for stolen funds.

Poly Network Hack

Poly.pngHave you ever stolen $611 million for fun? Well someone did when they hacked the decentralized finance platform Poly Network, which allows users to trade tokens between different blockchains.

This story has a happy ending compared to other massive hacks that have taken place. This hack took place on August 10th, 2021. On this day a hacker transferred around $611 million worth of Poly Network tokens into his personal wallets. He found a flaw in the system which allowed him to purchase tokens for absolutely nothing. 

Fortunately for Poly Network, the hacker appeared to be a “White Hat” hacker, or just got scared that he would be caught. White Hat hackers are those hackers who try to find exploits and security flaws in order for them to be improved. So the hacker, whose identity is unknown, ended up returning all of the money he stole from the network within a week. 

Bitfinex Hack 

BitFinex.pngBitfinex is a crypto exchange based in Hong Kong. In 2016, they announced a breach in their systems, which resulted in a loss of 119,756 Bitcoin valued at $72 million at the time, and $2.4 billion by today's standards. When the news came out, Bitcoin lost 20% of its value.

Bitfinex was the biggest crypto exchange at that time which operated in USD. Because of this, everyone who has some sort of connection with crypto had a Bitfinex account. 

To somewhat stabilize the situation, Bitfinex spread the losses across every user. Because of this, customers only saw losses of around 36% of their assets. This is still a lot when compared to the amount that was stolen, and it seems better than nothing. 

Bitfinex did not panic when this problem occurred, and they made sure to somewhat compensate the users for that 36% of missing assets. To do this they gave everyone who was affected BFX tokens. Each person had the ability to trade 1 BFX for 1 dollar. They also could trade BFX tokens for shares in iFinex, which is the parent company of Bitfinex.

Bitfinex then started to look for investments to be able to fund BFX in order to compensate the customers. This funding process was successful and within 8 months of the theft, every single BFX has been redeemed for dollars or traded for shares. Also, those who traded their BFX tokens into iFinex shares received RRT tokens. These Recovery Rights Tokens gave people who held them a guarantee that if funds were to be recovered, they would be compensated for their losses.

For many years, the stolen Bitcoin was just sitting in a wallet and collected dust alongside gaining huge value. But in February 2022, a married couple was arrested and charged with an attempt to launder $3.6 billion stolen in the 2016 Bitfinex hack. It has become the largest financial seizure in US history. It is still unknown how severe the punishment will be for Ilya Lichtenstein and Heather Morgan as the investigation is still ongoing. Whether those BFT token holders received their compensation, is yet unknown.

Coincheck Hack

CoinCheck.pngIn January 2018, it was revealed that $547 million worth of the NEM cryptocurrency was stolen from Coincheck, a Japanese crypto exchange. The information came out that the company was holding these tokens on hot wallets, which meant that wallets were connected to the internet at all times and relatively easy to hack compared to more secure cold wallets.

This was Japan's first massive crypto-related theft. Because of this, Japan's Financial Services Association ordered all crypto exchanges operating in Japan to report on their cybersecurity defenses. At the same time, 16 Japanese crypto exchanges came together to form a self-regulatory body.

This incident caused the huge downfall of Coincheck which, at the time, was the leading crypto exchange in Japan. Just a few months later it was acquired by Monex Group, a Japanese financial services provider.

Who the mastermind behind this plan is still unknown. But about 30 people have been arrested in Japan in connection with this hack. When it comes to stolen crypto, it was never retrieved.

KuCoin Hack

KuCoin.pngIn September 2020, KuCoin, the Singapore-based crypto exchange announced that the exchange's hot wallets have been compromised, and around $275 million worth of various cryptocurrencies have been stolen. 

KuCoin reacted swiftly and most of the stolen crypto has been recovered, while the remaining 16% of missing assets were covered by KuCoin's insurance. This means that everyone who was affected by this cyberattack has been reimbursed. 

Those funds that were not recovered started to move from wallet to wallet. In order to cash out the stolen cryptos without leaving any identifiable tracks behind, hackers started to use crypto mixing platforms and decentralized exchanges. Both of those platforms do not require users to pass KYC (know-your-client) verification and allow them to swap one coin for another without any identification. This made tracking those tokens and those who were in possession of them really hard. 

Despite this huge blow to the exchange, KuCoin still remains one of the biggest crypto exchanges in the world and firmly holds the 5th sport by trading volume among other exchanges.

FAQs About Crypto Hacks

Has Ethereum ever been hacked?

The main Ethereum blockchain has never experienced any major hacking. But there have been hacking incidents on blockchains such as Ronin which are linked to Ethereum.

Has Coinbase ever been hacked?

Yes. In 2021 more than 6,000 Coinbase accounts were hacked and their wallets emptied. According to Coinbase, hackers found a flaw in the Coinbase account SMS recovery system and managed to gain access to more than 6,000 accounts.

Will Coinbase refund hacked funds?

Coinbase has many different insurance plans. These insurance plans guarantee that in case of hacking incidents' the user's lost funds will be compensated for. But if the hacked amount exceeds a certain limit, users might have to expect some losses.