Blockchain
The Biggest Cryptocurrency Cyber Attacks So Far
One of the obstacles to mainstream adoption of digital currency has been hacking. There have been some high-profile thefts on various cryptocurrency exchanges and platforms, discouraging investors from using them.
Blockchain projects have been claimed to be secure, but attacks over the years have proven that to be only partially true. Over $1.7 billion in cryptocurrency was stolen in 2023 ($3.8 billion in 2022), according to blockchain analytics firm Chainalysis. Take a look at some of the biggest cryptocurrency hacks to date.
Key points
- Hacking continues to be a major obstacle to cryptocurrency adoption.
- Cryptocurrency exchanges are a major target for hackers: more than $1.7 billion was stolen in 2023, and $3.8 billion was stolen in 2022.
- The first major exchange to suffer a cyber attack was Mt. Gox, which lost 7% of all bitcoin at the time.
- Decentralized financial applications and smart contracts are also a favorite target for hackers.
- Some of the most important safety rules for long-term investors are: keep cryptocurrencies offline if you are not actively trading or spending them, and do not use custodial accounts unless they provide insurance.
Ronin Network: $625 million
The largest cryptocurrency hack to date was conducted in March 2022 and targeted the network that supports the popular Axie Infinite blockchain gaming platform. Hackers breached the Ronin network and stole approximately $625 million in Ethereum and USDC (a stable currency). Investigators said a North Korean state-backed hacking collective, the Lazarus Group, was linked to the theft. Sky Mavis (the developer of Axie Infinity) recovered $5.7 million of the stolen funds a month later, but it remains the largest cryptocurrency hack in history.
Poly Network: $611 million
In August 2021, a lone hacker pounced on a vulnerability in Poly’s network decentralized finance platform and stole over $600 million. The project’s developers launched an appeal on X (formerly Twitter) for the stolen funds, which included $33 million Bind. Poly Network then established several addresses to return the funds to, and the unknown hacker began cooperating. After just two days, approximately $300 million had been recovered, and it emerged that the hacker had targeted the network “for fun” or as a challenge.
FTX: $600 million
In November 2022, FTX, one of the most influential players in the cryptocurrency industry, filed for bankruptcy. On the day it filed for Chapter 11 bankruptcy, more than $600 million was stolen from its cryptocurrency wallets. Many FTX wallet holders reported $0 balances in their FTX.com and FTX US wallets.
The cryptocurrency exchange confirmed the hack on its Telegram channel, said: ”FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Do not go to the FTX site because it may download Trojans.”
In 2024, reports emerged of the bust of a SIM card swap network that had gained access to an FTX employee’s accounts and stolen millions of dollars in cryptocurrency.
Binance BNB Bridge: $569 million
In one of the most high-profile attacks in cryptocurrency history, the Binance exchange was hacked for around $570 million in October 2022. A cross-chain bridge, BSC Token Hub, was exploited by hackers, who created and withdrew 2 million extra Binance Coin (BNB). A bug in a smart contract enabled the cyber attack, highlighting the need for greater blockchain security.
$1.7 billion
Amount of cryptocurrency stolen from exchanges and other platforms in 2023, down from $3.8 billion in 2022.
Coincheck: $532 million
In January 2018, Japanese exchange Coincheck suffered a theft of $523 million worth of NEM coins worth approximately $534 million. The vulnerability was created by a hot wallet, which is a live cryptocurrency wallet and is not as secure as an offline cold storage wallet. At the time, the Coincheck hack was even bigger than the infamous Mt. Gox hack; NEM Foundation chairman Lon Wong described it at the time as “the biggest theft in the history of the world.”
Coincheck survived the hack and continued to operate despite being acquired a few months later by Japanese financial services firm Monex Group.
Mt. Gox: $473 million
The first major cyber attack on cryptocurrencies occurred in 2011, when the cryptocurrency exchange Mount Gox lost 25,000 bitcoins worth about $400,000. At the time, the cryptocurrency exchange handled nearly 70% of all Bitcoin transactions.
The attacks did not stop, and Mt. Gox was hit again in 2014. It lost nearly 650,000 of its customers’ bitcoins and about 100,000 of its own. At the time, this was 7% of all bitcoins and was worth about $473 million. The initial reasons for the disappearance of the coins were unclear, but later evidence showed that the coins had been stolen from the company’s hot wallet.
Wormhole: $325 million
The decentralized financial platform Hole in the wall was targeted in February 2022, with $325 million stolen by hackers. The attack was made possible by an update to the project’s GitHub repository, which was not then deployed to the live project. The famous cryptocurrency bridge had to plug the hole in the project’s finances after the funds were not recovered. This was also the largest theft that included Solana, one of the rivals to Ethereum’s dominance in the world of DeFi and NFTs. Up to $47 million in the blockchain’s native SOL token was stolen.
Mixin: $200 million
Mixin Network is a peer-to-peer cross-chain network that facilitates cryptocurrency transfers. In September 2023, the network was hacked through its cloud service provider’s database. The thieves made off with approximately $200 million in bitcoin (BTC), ether (ETH), and tether (USDT).
Euler Finance: $197 million
Euler Finance is a lending and borrowing protocol platform built on the Ethereum blockchain. On March 13, 2023, hackers conducted a flash loan attack, taking $197 million in wrapped Bitcoin (wBTC), DAI (a MakerDOA stablecoin), staked ether (stETH), and USDC. A flash loan attack occurs when a hacker uses a flash loan, an uncollateralized loan that must be paid in full in the same transaction, often used by arbitrage traders, to withdraw large sums, allowing the thieves to manipulate prices.
However, in a strange twist of fate, a few days later the hacker(s) began returning the stolen funds in larger installments, citing concerns about their security.
Bitmart: $196 million
In December 2021, centralized exchange Bitmart was hacked, resulting in losses of $196 million. The hack was first spotted by a security analytics firm, which noted that BitMart addresses were being emptied of their balances. Around $100 million in various cryptocurrencies were funneled through Ethereum, with another $96 million exiting via Binance Smart Chain. All of the tokens were moved to an address labeled by Etherscan as “BitMart Hacker.”
Nomad Bridge: $190 million
Just a month before the Wintermute breach, there was a more significant hack, an attack on Nomad Bridge. Hackers drained $190 million of the project’s funds. Nomad is a cryptocurrency bridge that allows users to exchange tokens between blockchains — bridges are one of the latest favorites among hackers. This is due to the significant value of the assets they hold and the complexity of the smart contract code they run on. Nomad Bridge later recovered $37 million of the stolen funds.
Beanstalk: $182 million
This hack involved the exploitation of a decentralized finance (DeFi) platform that uses a flash loanAfter borrowing $2.5 billion in various assets, the hacker took a 67% controlling stake in the project and approved a transfer of funds to his own wallet before repaying the loan and disappearing with the profits.
Wintermute: $162 million
Wintermute, one of the leading cryptocurrencies Market creatorwas hacked in September 2022. The project lost around $160 million in the hack, which made things worse for Wintermute because owed $200 million to other market participants. The CEO offered a 10% reward to the hacker if he returned the funds.
Multichain: $125 million
Multichain was intended to be a cross-chain router protocol that would, in theory, allow nearly any blockchain to communicate with each other and transfer assets between them, which was and is necessary for Web 3 to continue to progress.
Multichain CEO Zhaojun has reportedly been arrested in China and disappeared, leading analysts to believe the theft was the result of identity theft, where the system owners/developers create a product, raise money, and suddenly walk away with the money.
Other noteworthy hacks
- BonqDAO: ~$120 million
- Poloniex: ~$132 million
- Atomic Wallet Users: Approximately $100 million
- HTX Exchange Heco Bridge: Approximately $100 million
- Curve: ~$70 million
- CoinEx: ~$54 million
- KyberSwap: approximately $56 million
- Stake.com: ~$41 million
- Orbit Chain: ~$81.5 million
Which cryptocurrency exchange got hacked?
Many cryptocurrency exchanges have been hacked. FTX, Mt. Gox, and Binance are some of the most notable hacked exchanges.
What is the biggest cryptocurrency theft?
The 2022 Ronin Network hack remains the largest known cryptocurrency hack, with over $625 million in cryptocurrency stolen. However, the largest cryptocurrency-related theft is attributed to scams associated with the FTX cryptocurrency exchange, where $8.7 billion was stolen from customers.
What was the biggest Bitcoin hack in history?
Considering bitcoin alone, Mt. Gox is probably the largest bitcoin hack, with over 650,000 bitcoins stolen.
The bottom line
With the addition of new products, the cryptocurrency industry has grown rapidly since the mid-2010s. The industry may even be moving too fast, as the number of hacks and thefts demonstrate exploitable weaknesses. Back-to-back hacks have exposed the vulnerability of the cryptocurrency industry and undermined investor confidence. To avoid further damage to sentiment, developers and companies need to exercise greater caution and implement more security protocols for blockchain networks and supporting systems.
The comments, opinions and analyses expressed on Investopedia are for informational purposes only online. Read our warranty and disclaimer for more information.
At the time of writing this article, the author does not own any cryptocurrencies.
Markets received nominally good news on Thursday morning, with the US ISM manufacturing PMI for July falling much more than economists expected, sending interest rates to multi-month lows across the board. Additionally, initial jobless claims in the US jumped to their highest level in about a year. Taken together, the data adds to the sentiment that the US is on the verge of a cycle of monetary easing by the Federal Reserve, which is typically seen as bullish for risk assets, including bitcoin.
Please note that our Privacy Policy, terms of use, cookiesAND do not sell my personal information has been updated.
CoinDesk is a awarded press agency that deals with the cryptocurrency sector. Its journalists respect a rigorous set of editorial policiesIn November 2023, CoinDesk has been acquired from the Bullish group, owner of Bullisha regulated digital asset exchange. Bullish Group is majority owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant digital asset holdings, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial board to protect journalistic independence. CoinDesk employees, including journalists, are eligible to receive options in the Bullish group as part of their compensation.
In the latest news in the blockchain industry, there has been a turn of events that has severely affected Terra and its users and investors, with the company losing $6.8 million. The attack, which exploited a reentry vulnerability in the network’s IBC hooks, raises questions about the security measures of the once celebrated blockchain protocol.
A web3 security company, Cyvers Alerts reported that the exploit occurred on July 31st and caused the company to lose 60 million ASTRO, 3.5 million USDC500,000 USDTand 2. 7 BitcoinThe flaw was discovered in April and allows cybercriminals to make payments non-stop by withdrawing money from the network.
Earth’s response
Subsequently, to the hack employed on the Terra blockchain, its official X platform declared the Suspension network operations for a few hours to apply the emergency measure. Finally in its sendTerra’s official account agreed, sharing that its operations are back online: the core transactions that make up the platform are now possible again.
However, the overall value of the various assets lost in the event was unclear.
Market Impact: ASTRO Crashes!
The hack had an immediate impact on the price of ASTRO, which dropped nearly 60% to $0.0206 following the network shutdown. This sharp decline highlights the vulnerability of token prices to security breaches and the resulting market volatility.
This incident is not the first time Terra has faced serious challenges. Earlier this year, the blockchain encountered significant problems that called into question its long-term viability. These repeated incidents underscore the need for stronger security measures to protect users’ assets and maintain trust in the network.
The recent Terra hack serves as a stark reminder of the ongoing security challenges in the blockchain space. As the platform works to regain stability, the broader crypto community will be watching closely.
Read also: Record Cryptocurrency Theft: Over $1 Billion Stolen in 2024
This is a major setback for Terra. How do you think this will impact the blockchain industry?
On July 24, 2024, the Ministry of Finance proposed Blockchain Bill IVwhich will provide greater flexibility and legal certainty for issuers using Distributed Ledger Technology (DLT). The bill will update three of Luxembourg’s financial laws, the Law of 6 April 2013 on dematerialised securitiesTHE Law of 5 April 1993 on the financial sector and the Law of 23 December 1998 establishing a financial sector supervisory commissionThis bill includes the additional option of a supervisory agent role and the inclusion of equity securities in dematerialized form.
DLT and Luxembourg
DLT is increasingly used in the financial and fund management sector in Luxembourg, offering numerous benefits and transforming various aspects of the industry.
Here are some examples:
- Digital Bonds: Luxembourg has seen multiple digital bond issuances via DLT. For example, the European Investment Bank has issued bonds that are registered, transferred and stored via DLT processes. These bonds are governed by Luxembourg law and registered on proprietary DLT platforms.
- Fund Administration: DLT can streamline fund administration processes, offering new opportunities and efficiencies for intermediaries, and can do the following:
- Automate capital calls and distributions using smart contracts,
- Simplify audits and ensure reporting accuracy through transparent and immutable transaction records.
- Warranty Management: Luxembourg-based DLT platforms allow clients to swap ownership of baskets of securities between different collateral pools at precise times.
- Tokenization: DLT is used to tokenize various assets, including real estate and luxury goods, by representing them in a tokenized and fractionalized format on the blockchain. This process can improve the liquidity and accessibility of traditionally illiquid assets.
- Tokenization of investment funds: DLT is being explored for the tokenization of investment funds, which can streamline the supply chain, reduce costs, and enable faster transactions. DLT can automate various elements of the supply chain, reducing the need for reconciliations between entities such as custodians, administrators, and investment managers.
- Issuance, settlement and payment platforms:Market participants are developing trusted networks using DLT technology to serve as a single source of shared truth among participants in financial instrument investment ecosystems.
- Legal framework: Luxembourg has adapted its legal framework to accommodate DLT, recognising the validity and enforceability of DLT-based financial instruments. This includes the following:
- Allow the use of DLT for the issuance of dematerialized securities,
- Recognize DLT for the circulation of securities,
- Enabling financial collateral arrangements on DLT financial instruments.
- Regulatory compliance: DLT can improve transparency in fund share ownership and regulatory compliance, providing fund managers with new opportunities for liquidity management and operational efficiency.
- Financial inclusion: By leveraging DLT, Luxembourg aims to promote greater financial inclusion and participation, potentially creating a more diverse and resilient financial system.
- Governance and ethics:The implementation of DLT can promote higher standards of governance and ethics, contributing to a more sustainable and responsible financial sector.
Luxembourg’s approach to DLT in finance and fund management is characterised by a principle of technology neutrality, recognising that innovative processes and technologies can contribute to improving financial services. This is exemplified by its commitment to creating a compatible legal and regulatory framework.
Short story
Luxembourg has already enacted three major blockchain-related laws, often referred to as Blockchain I, II and III.
Blockchain Law I (2019): This law, passed on March 1, 2019, was one of the first in the EU to recognize blockchain as equivalent to traditional transactions. It allowed the use of DLT for account registration, transfer, and materialization of securities.
Blockchain Law II (2021): Enacted on 22 January 2021, this law strengthened the Luxembourg legal framework on dematerialised securities. It recognised the possibility of using secure electronic registration mechanisms to issue such securities and expanded access for all credit institutions and investment firms.
Blockchain Act III (2023): Also known as Bill 8055, this is the most recent law in the blockchain field and was passed on March 14, 2023. This law has integrated the Luxembourg DLT framework in the following way:
- Update of the Act of 5 August 2005 on provisions relating to financial collateral to enable the use of electronic DLT as collateral on financial instruments registered in securities accounts,
- Implementation of EU Regulation 2022/858 on a pilot scheme for DLT-based market infrastructures (DLT Pilot Regulation),
- Redefining the notion of financial instruments in Law of 5 April 1993 on the financial sector and the Law of 30 May 2018 on financial instruments markets to align with the corresponding European regulations, including MiFID.
The Blockchain III Act strengthened the collateral rules for digital assets and aimed to increase legal certainty by allowing securities accounts on DLT to be pledged, while maintaining the efficient system of the 2005 Act on Financial Collateral Arrangements.
With the Blockchain IV bill, Luxembourg will build on the foundations laid by previous Blockchain laws and aims to consolidate Luxembourg’s position as a leading hub for financial innovation in Europe.
Blockchain Bill IV
The key provisions of the Blockchain IV bill include the following:
- Expanded scope: The bill expands the Luxembourg DLT legal framework to include equity securities in addition to debt securities. This expansion will allow the fund industry and transfer agents to use DLT to manage registers of shares and units, as well as to process fund shares.
- New role of the control agent: The bill introduces the role of a control agent as an alternative to the central account custodian for the issuance of dematerialised securities via DLT. This control agent can be an EU investment firm or a credit institution chosen by the issuer. This new role does not replace the current central account custodian, but, like all other roles, it must be notified to the Commission de Surveillance du Secteur Financier (CSSF), which is designated as the competent supervisory authority. The notification must be submitted two months after the control agent starts its activities.
- Responsibilities of the control agent: The control agent will manage the securities issuance account, verify the consistency between the securities issued and those registered on the DLT network, and supervise the chain of custody of the securities at the account holder and investor level.
- Simplified payment processesThe bill allows issuers to meet payment obligations under securities (such as interest, dividends or repayments) as soon as they have paid the relevant amounts to the paying agent, settlement agent or central account custodian.
- Simplified issuance and reconciliationThe bill simplifies the process of issuing, holding and reconciling dematerialized securities through DLT, eliminating the need for a central custodian to have a second level of custody and allowing securities to be credited directly to the accounts of investors or their delegates.
- Smart Contract Integration:The new processes can be executed using smart contracts with the assistance of the control agent, potentially increasing efficiency and reducing intermediation.
These changes are expected to bring several benefits to the Luxembourg financial sector, including:
- Fund Operations: Greater efficiency and reduced costs by leveraging DLT for the issuance and transfer of fund shares.
- Financial transactions: Greater transparency and security.
- Transparency of the regulatory environment: Increased attractiveness and competitiveness of the Luxembourg financial centre through greater legal clarity and flexibility for issuers and investors using DLT.
- Smart Contracts: Potential for automation of contractual terms, reduction of intermediaries and improvement of transaction traceability through smart contracts.
Blockchain Bill IV is part of Luxembourg’s ongoing strategy to develop a strong digital ecosystem as part of its economy and maintain its status as a leading hub for financial innovation. Luxembourg is positioning itself at the forefront of Europe’s growing digital financial landscape by constantly updating its regulatory framework.
Local regulations, such as Luxembourg law, complement European regulations by providing a more specific legal framework, adapted to local specificities. These local laws, together with European initiatives, aim to improve both the use and the security of projects involving new technologies. They help establish clear standards and promote consumer trust, while promoting innovation and ensuring better protection against potential risks associated with these emerging technologies. Check out our latest posts on these topics and, for more information on this law, blockchain technology and the tokenization mechanism, do not hesitate to contact us.
We are available to discuss any project related to digital finance, cryptocurrencies and disruptive technologies.
This informational piece, which may be considered advertising under the ethics rules of some jurisdictions, is provided with the understanding that it does not constitute the rendering of legal or other professional advice by Goodwin or its attorneys. Past results do not guarantee a similar outcome.
Trump’s economic plan and skyrocketing markets: are you ready?!
Cryptocurrencies are about to explode!! These predictions are CRAZY!
The United States is about to make Bitcoin history – you won’t believe it!
Crypto News: New High in BTC, Dogecoin, XRP, Aptos Alpha, SUI & More!
Trump’s INSANE new tariffs WILL SHOCK you! Here is the TRUTH
Ripple CTO and Cardano founder clash over XRP’s regulatory challenges ⋆ ZyCrypto
Nancy Pelosi Considers Supporting Republican Crypto Bill FIT21 – London Business News
Cryptocurrency News: Bitcoin, ETH ETF, AI Crypto Rally, AKT, TON & MORE!!
Bitcoin’s future is ‘bleak’ and ripe for regulation, says lead developer
The trader earned $46 million with PEPE after reaching a new ATH
Trump’s economic plan and skyrocketing markets: are you ready?!
Cryptocurrencies are about to explode!! These predictions are CRAZY!
The United States is about to make Bitcoin history – you won’t believe it!
Crypto News: New High in BTC, Dogecoin, XRP, Aptos Alpha, SUI & More!
Trump’s INSANE new tariffs WILL SHOCK you! Here is the TRUTH
-
Regulation7 months agoRipple CTO and Cardano founder clash over XRP’s regulatory challenges ⋆ ZyCrypto
-
Regulation5 months agoNancy Pelosi Considers Supporting Republican Crypto Bill FIT21 – London Business News
-
Videos6 months agoCryptocurrency News: Bitcoin, ETH ETF, AI Crypto Rally, AKT, TON & MORE!!
-
Regulation6 months agoBitcoin’s future is ‘bleak’ and ripe for regulation, says lead developer
-
News6 months agoThe trader earned $46 million with PEPE after reaching a new ATH
-
Blockchain6 months agoSolana ranks the fastest blockchain in the world, surpassing Ethereum, Polygon ⋆ ZyCrypto
-
Blockchain6 months agoSolana Surpasses Ethereum and Polygon as the Fastest Blockchain ⋆ ZyCrypto
-
Regulation6 months ago🔒 Crypto needs regulation to thrive: Tyler Cowen
-
Videos6 months agoWho Really CONTROLS THE MARKETS!! Her plans REVEALED!!
-
Videos7 months agoKucoin safe?? Exchange REVIEW and beginner’s guide!!
-
Blockchain6 months ago“Liquid vesting” is an oxymoronic feature of blockchain that allows early investors to sell without waiting
-
Videos6 months agoInstitutions purchasing MEMECOINS?! Everything you need to know!