2023 reported a total of 282 hacking cases where nearly $1.7 billion was lost, as per insights from Chainalysis. The following year, a record $2.2 billion was stolen through hacks with the biggest being Wazir exchange in India losing $234 million, and DMM Bitcoin which lost $305 million.

Judging from these stats, it seems the biggest threat facing crypto, decentralized finance and Web3 narrows down to cyber crime. Here is a chart representing those cryptocurrency hacks from 2015 to 2024.

hodl-post-image
 Blockchain security breaches and crypto theft incidents. Source: Chainalysis

In this article guide, we are going to filter through the above data and discuss the top 15 largest cryptocurrency hacks and DeFi security attacks of all time.

The Biggest Cryptocurrency Hacks of All Time

Mt. Gox Hack

Mt. Gox was launched in 2006 and by 2010, had grown to handle 70% of global crypto trades. This time, the exchange had grown from a nascent platform for geeks into the centre of bitcoin activity. Sadly, its popularity came at a cost as it was mired by a series of system failures and security breaches.

By mid-June 2011, 478 users on the exchange had lost a total of 25,000 BTC. In February 2014, the exchange suspended withdrawals after it discovered nearly 850,000 bitcoin had disappeared from the exchange. The Mt. Gox hacks is the largest one among crypto exchange hacks.

Being one of the first huge hacks on the nascent crypto industry, alot of people  lost hope with Bitcoin.

Bitfinex Breach

Hong Kong - based digital assets exchange Bitfinex lost $72 million in 2016, sending the entire crypto ecosystem into a bearish whirlwind.

By the end of 2021, the amount lost on this exchange had grown to $4.5 billion, and right now $10.8 billion - becoming the second largest crypto hacks of all time.

Five years later, the FBI arrested a couple alleged to have conspired in the laundering of approximately $4.5 billion in stolen BTC. 

The couple, Heather Morgan and Ilya Lichtenstein, were discovered as leading suspects after the FBI trailed the movement of stolen bitcoin through AlphaBay servers.

Coincheck Hack

Coincheck, a digital assets exchange in Tokyo suffered one of history’s largest crypto hacks after losing $520 million worth of tokens. More than 260,000 users of the platform were affected by the security breach. The Financial Services Agency in Japan still continues to make efforts in investigating the incident.

This theft significantly affected the $NEM cryptocurrency, which had just started accumulating attention, trading volumes and the 10th rank by market cap. Over 523 million NEM tokens were stolen, sending shockwaves across the asset’s market, making it fall by 11% after the incident.

Kucoin Hack

A hacker drained a crypto wallet to compromise over $285 million worth of BTC and ETH. Days later, the exchange released a list of addresses where the stolen funds had been sent. This list comprised USDT, XLM, LTC, TRX, BSV and BTC. Within an hour of the incident, the price of Kucoin exchange’s native coin had dropped by 14%. 

Below is an image showing the amount of funds that KuCoin was able to recover from this security breach:

hodl-post-image
KuCoin Hack 2020. Source: Decrypt

The DAO Hack 2016

The DAO hack is a 2016 security breach that led to the loss of $60 million, resulting in a controversial debate which was one of the factors contributing to the 2017 ICO boom.

Pooling together a global investment fund from investors was The DAO’s dream. Sadly, it became shattered when a cyber criminal syphoned nearly a third of all pulled funds. At the time, the amount lost affected 5% of Ether in circulation.

It is said that The DAO hack created Ethereum as it is today — but that’s a story we’ll tell some other day. However, you must know after this hack, Ethereum split into two networks: Ethereum (the altered version) and Ethereum Classic (the original & unaltered network).

hodl-post-image
Source: Etherplan

Bitgrail Hack

230,000 exchange users lost crypto worth $146 million when Bitgrail got hacked. A contributor on CoinMarketCap opines the security breach occurred from negligence, absence of investor education and the threat of vague/ambious domain names.

Arrested, found guilty and fined for allegedly participating in the ruckus was Bitgrail founder Franscesco Firano. Upto $1 million was seized from his personal assets. 

VeriCoin and VeriBit Hack

A cyber criminal stole 30% of VeriCoin tokens, an amount that had been under the management of Mintpal. Most experts blamed the loss to Mintpal’s centralized storage software which was vulnerable to attacks. 

After the hack, VeriCoin put in place measures to prevent any instances where a single could control a significant portion of circulating tokens. One of these measures was executing a hard fork to curb risks of centralization.

PlusToken Scam

The con artists behind the PlusToken saga stole $3 billion, causing the price of Bitcoin to significantly drop from $9,100 to $5,800. The likely cause of the bearish shockwaves was liquidation of the stolen coins by the scammer.

Retail investors heard about the PlusToken when a Chinese brand lured them with high yield if they bought the PlusToken using BTC and ETH. The scammers had also persuaded the investors that yield was going to come from mining income, referral benefits and exchange earnings. 

Everyone trusted the project till it got listed on various China-based exchanges, where it reached an ATH of $350. 

Once the scammers accumulated enough funds, they pulled the rag and stole billions of dollars. Meanwhile, authorities made investigations and arrested six individuals connected to the ponzi scheme.

The chart below illustrates how the scammers liquidated the stolen funds using mixers, making it tough for anyone to trace movement of funds.

hodl-post-image
Source: Chainalysis

Wormhole Attack

An attacker made away with $320 million after exploiting blockchain vulnerabilities on cross-chain bridging solution, Wormhole. Through a series of transactions, the cyber criminal borrowed roughly 120,000 wrapped ETH without any collateral backing. 

Without such backing, it meant any platform that accepted the WETH was going to become insolvent. Since the WETH was wrapped on Solana, the SOL token dipped by 13% after the incident.

hodl-post-image
The pattern of the attacker’s series of transactions. Source: Chainalysis

Ronin Network Breach

March 2022, Sky Mavis - owned company Ronin Network lost $625 million. The network realized the funds had been stolen six days later after a customer complained they couldn’t withdraw their funds.

Ronin Network, a sidechain that powers play and earn game Axie Infinity lost upto 173.6K ETH and about $25.5 million in other crypto tokens. Later on, Ronin Network posted on X (then Twitter) that the wallet linked to the attacker was connected to Binance.

In April 2022, the U.S. The Department of the Treasury connected some of the wallets tied to the hack to Noth Korean hackers, Lazarus Group.

Euler Finance Hack

Ethereum-based decentralized finance protocol Euler Finance was hacked for $197 million in 2023, but the attacker returned the amount weeks after and apologized through encrypted messages.

The hack was possible through a flash loan attack which ended up compromising DAI tokens through reentrancy.

Throughout the attack, Euler lost $197M worth of crypto comprising DAI, wBTC, USDC and stETH. The value of Euler's native token also dropped by 45%. The illustration below shows how the hacker moved the funds back to Euler Finance by directly funding the protocol’s addresses:

hodl-post-image
Source: Chainalysis

A flash loan, similar to the one that the attacker used to manipulate Euler Finance, is a DeFi product which lets you borrow large crypto funds without submitting collateral. However, the loan has to be repaid within the same transaction, and in full.

Traders who want to take advantage of arbitrage opportunities and gain attractive yield often use flash loans.In the case of the protocol’s hack, the cyber attacker manipulated the flash loan smart contract to siphon $197 million.

Multichain Hack

Cross-chain bridging solution Multichain protocol announced via X (then Twitter) that they were ceizing operations following a hack that saw the loss of $125 million worth of crypto.

Chinese officials looking into the incident reported it as an insiders’ rug pull. Approximately $120 million of all the stolen funds belonged to the Fantom Bridge. The funds comprised Ethereum (wETH), USDC stablecoin and wrapped Bitcoin (wBTC).

Few weeks later, con artists published a phishing link on X.com posing as Fantom Foundation to trick victims of the Multichain attack.

However, Tether and Circle have since been able to freeze some of the addresses tied to stolen assets. The total amount held in those addresses has already reached $65 million.

Badger DAO

An attacker exploited Badger DAO by compromising an API key to steal $120 million of customer funds. The API exploit authorized illegal transactions from the protocol into the attacker’s wallets.

Insights from blockchain analysis platform Peckshield showed how one customer lost over $50 million worth of bitcoin or 900 BTC.

Peckshield happened to be the first on-chain analysis platform to discover the hack and warn users.

Alpha Homora

February 13, 2021, an attacker exploited a security loophole on the Alpha Homora V2 contract on Alpha Finance. This allowed them to make away with $37.5 million. The attacker deployed a series of 9 transactions and used a flashloan to siphon funds from the pool. 

Finally, the last step of stealing the funds involved transferring them to GitCoin Grants and Tornado Cash. Then they sent the deployer addresses for Alpha and Cream upto 1,000 ETH, perhaps as a way to divert attention or as a method of compensation.

After dissecting the attack, assessment revealed the hacker was specifically targeting Alpha Finance’s integration with Cream Iron Bank.

Poly Network Exploit

The Poly Network exploit occurred in 2021 when an attacker exploited the protocol and stole $610 million. It would have been one of the largest hacks but the attacker decided to return all funds over a 15 day period.

Conclusion

Crypto hacks have drained billions, wiping out fortunes overnight and even made some platforms close business (e.g the Hotbit hack). No one thinks they’ll be the next target—until they are. Hackers exploit weak security, bad habits, and blind trust. They don’t discriminate. From massive exchanges to everyday investors, no one is safe without the right precautions.

Security isn’t just a checklist—it’s a mindset. Use cold storage for long-term holdings. Enable two-factor authentication everywhere. Be wary of phishing scams, too-good-to-be-true airdrops, and shady links. Double-check addresses before sending funds. Avoid leaving large amounts on exchanges.

The biggest mistake? Thinking it won’t happen to you. Crypto moves fast, but so do hackers. A single lapse can cost everything. The safest investors aren’t just lucky—they’re prepared.

Don’t wait for a wake-up call. Protect your assets now, before it’s too late. Because in crypto, the only thing worse than getting hacked is realizing you could have prevented it.

Hackers Target Celebrity Accounts to Boost Meme Coins | HODL FM
Discover the surge in celebrity account hacks promoting crypto tokens on X. Analysts suspect coordinated hacker attacks. Stay informed with the latest insights.
hodl-post-imageHODL FM: The Wildest Ride in the Crypto MarketKataryna Habeliia
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.