The biggest crypto hacks in history have stolen billions from exchanges, wallets, and DeFi projects, reshaping regulation and trust in digital assets. From Mt. Gox to Bybit, each exploit highlights how vulnerable centralized and decentralized systems can be when targeted by hackers.
From the earliest days of Bitcoin, centralized exchanges and blockchain projects have been both the engines of crypto adoption and its greatest point of vulnerability. Billions have been lost to exploits ranging from simple phishing attacks to sophisticated, state-backed operations.
What these incidents reveal is not just weaknesses in code or custody, but also structural issues around governance, regulation, and user protection. In 2025, crypto theft has reached record-breaking levels, with over $2.17 billion stolen in just the first half of the year. And while exchanges remain the primary targets, personal wallets and DeFi protocols are increasingly at risk.
 Let us now dive into the 10 most impactful hacks and exploits in crypto’s history, focusing on scale, notoriety, and lasting industry consequences.
Bybit: $1.4B Ethereum Exploit (2025)
Date: February 21, 2025
Loss: 400,000 ETH (~$1.4B)
Vector: Private key leak in hot wallet system
The Bybit exploit ranks as one of the biggest crypto hacks in history. Hackers drained 400,000 ETH in minutes, highlighting the systemic risk of centralized hot wallet systems. Within days, the FBI charged the Lazarus Group of North Korea, cementing the narrative of nation-state involvement in crypto theft.
Impact:
Exposed the fragility of centralized exchanges, even those with advanced infrastructure.
Triggered international cooperation between exchanges, forensics firms, and law enforcement.
Became the prime example of why multi-sig cold storage and real-time monitoring are now mandatory.
Coincheck: $534M NEM Stolen (2018)
Date: January 2018
Loss: $534M in NEM (XEM) tokens
Vector: Hot wallet compromise via phishing/malware
At the time, this was the largest crypto hack in history. Hackers infiltrated Coincheck’s systems and siphoned half a billion dollars in NEM, exposing the exchange’s over-reliance on hot wallets.
Impact:
Sparked Japan’s Financial Services Agency (FSA) to implement stringent custody and licensing rules, still a global benchmark today.
Pushed Asian markets to adopt stronger user protection standards.
FTX: $477M Drained Post-Collapse (2022)
Date: November 11, 2022
Loss: $477M in multiple cryptocurrencies
Vector: Likely insider job during bankruptcy chaos
The FTX implosion was followed by a suspected insider draining $477M in tokens. Already one of the biggest crypto hacks of the decade, it compounded an $8.9B collapse and set off regulatory waves across the globe.
Impact:
Cemented the need for proof-of-reserves reporting and custody segregation.
Fueled global regulatory pushes: EU’s MiCA framework and multiple U.S. bills cite FTX as a catalyst.
Vector: Years of weak security and fake deposit flooding
Once handling 70% of global Bitcoin trades, Mt. Gox lost ~850,000 BTC to hackers. Poor internal management and lax controls made this one of the earliest and biggest crypto hacks on record. It pushed Japan to pioneer formal exchange regulations.
Impact:
Created the first wave of lawsuits and rehabilitation plans, still ongoing in 2025.
Pushed Japan into becoming the first country with formal crypto exchange regulation.
DMM Bitcoin: $308M Hack (2024)
Date: May 2024
Loss: 4,502 BTC (~$308M)
Vector: Suspected Lazarus Group attack
Japan’s DMM Bitcoin fell victim to a massive Bitcoin theft. While the company quickly raised funds to cover client balances, it announced closure in late 2025, transferring assets to SBI VC Trade.
Impact:
Shows that even capital injections can’t always salvage trust after a breach.
Reinforced the Lazarus Group’s role as the most prolific state-sponsored crypto attacker.
What Could Have Prevented These Biggest Crypto Hacks?
Looking at the first half of this list, clear patterns of failure emerge:
Hot wallet vulnerabilities: Bybit, Coincheck, and DMM Bitcoin were all victims of compromised hot wallets. Using multi-sig cold storage or MPC custody solutions could have blocked these attacks.
Weak governance and insider control: The FTX collapse and post-bankruptcy exploit highlight how transparency, segregated accounts, and independent audits might have prevented losses.
Poor operational security: Mt. Gox suffered from outdated code, no version control, and weak internal safeguards. Even basic security hygiene could have changed the outcome.
Lack of regulatory standards: In several cases, only after the hacks did regulators force exchanges to adopt safer custody models. Proactive rules could have reduced risks earlier.
Lesson so far: Most of these disasters were not unstoppable “super-hacks”, they were preventable with stronger custody, governance, and oversight.
KuCoin: $281M Exploit (2020)
Date: September 2020
Loss: $281M in over 30 tokens
Vector: Hot wallet private key theft
The KuCoin attack highlighted the value of on-chain forensics. Although $281M was stolen, $204M was recovered thanks to fast coordination. Still, it remains one of the biggest crypto hacks that reinforced North Korea’s role in multi-chain theft.
Impact:
Proof of the value of real-time blockchain forensics and chain analytics.
Elevated North Korea’s profile as a primary suspect in multi-asset hacks.
WazirX: $230M Theft (2024)
Date: July 18, 2024
Loss: $230M from a primary trading wallet
Vector: Breach still under investigation
India’s largest exchange lost nearly half its reserves in a single breach. Despite claims of compliance, the incident shook confidence in the local industry.
Impact:
Triggered stronger debate on crypto exchange licensing in India.
Highlighted vulnerabilities in emerging-market exchanges under pressure to scale fast.
BitMart: $196M Exploit (2021)
Date: December 2021
Loss: $196M across ETH and BSC
Vector: Private key compromise of two hot wallets
Hackers drained BitMart by accessing a single private key linked to two large wallets. The exchange promised reimbursement but years later, many users remain uncompensated.
Impact:
Reinforced why single-key hot wallets are the weakest custody model.
Stressed the importance of external audits and insurance frameworks.
BitGrail: $170M Nano Hack (2018)
Date: February 2018
Loss: 17M NANO (~$170M)
Vector: Security flaws, possible insider negligence
BitGrail, a small Italian exchange specializing in Nano, collapsed after the hack. Courts later forced the founder to use personal assets to partially repay customers.
Impact:
One of the first cases where courts held an exchange founder personally liable.
Illustrated how poorly run niche exchanges amplify systemic risk.
CoinBene: $105M Theft (2019)
Date: March 2019
Loss: ~$105M in ETH
Vector: Hot wallet breach disguised as “maintenance”
CoinBene, once a global top-10 exchange, lost its reputation after concealing the breach. The stolen assets were quickly laundered through multiple venues.
Impact:
Showed the danger of exchanges attempting to hide hacks instead of disclosing.
Paved the way for stricter transparency and reporting rules in Singapore and beyond.
Velocity of theft is rising: 2025 reached $2B stolen in just 142 days, faster than any year prior.
Personal wallets now in focus: Already 23% of 2025’s stolen funds involve individuals.
State actors are dominant: DPRK-linked Lazarus has been tied to Bybit, DMM Bitcoin, KuCoin, and more.
Trust takes years to rebuild: Even with reimbursements, brands rarely recover fully after mega-hacks.
The Road Ahead for Crypto Security
Custody innovations: Multi-sig, MPC wallets, and cold storage are becoming industry norms.
Predictive monitoring: Exchanges must invest in AI-powered anomaly detection and on-chain surveillance.
Regulation & oversight: Major hacks accelerate laws like the EU’s MiCA and India’s draft exchange frameworks.
Global coordination: The dismantling of sanctioned exchanges like Garantex after the Bybit hack shows the power of collective action.
The crypto industry’s challenge is balancing innovation with defense. The top 10 hacks serve as stark reminders: where there is liquidity, there will be attackers.
Conclusion
The history of the biggest crypto hacks shows a repeating cycle: rapid innovation in crypto, followed by equally rapid attacks on its weakest points. From Mt. Gox in 2014 to Bybit in 2025, billions have been lost to a mix of poor custody practices, insider risks, and sophisticated state-backed actors.
Yet, every hack has pushed the industry forward. Japan tightened exchange rules after Coincheck, regulators worldwide reacted after FTX, and new custody models are emerging in response to Bybit. These painful lessons highlight one truth: security cannot be an afterthought in crypto. Exchanges, regulators, and investors must treat it as a core foundation for adoption and growth.
Looking ahead, as DeFi and centralized exchanges continue to manage billions in liquidity, the challenge will be building systems resilient enough to withstand the next generation of attacks. The biggest crypto hacks are not just reminders of past failures, they are warnings for the future.
TL;DR
The biggest crypto hacks have drained billions from exchanges and users since 2014.
Hot wallets remain the weakest link, exploited in most large-scale breaches.
State-backed groups like North Korea’s Lazarus dominate mega-hacks.
Insider threats (e.g., FTX) can be just as damaging as external exploits.
Regulation follows crisis Japan, EU, and U.S. tightened rules only after major hacks.
Reputation rarely recovers even reimbursed users rarely return to hacked platforms.
Prevention is possible cold storage, multi-sig, and real-time audits could have stopped many of these.
Global collaboration is growing law enforcement and exchanges now coordinate faster.
User responsibility matters investors should avoid leaving assets on exchanges.
The lesson: crypto security must be proactive, not reactive, or history will repeat itself.
Frequently Asked Questions
What are the biggest crypto hacks in history?
The biggest crypto hacks include Bybit ($1.4B, 2025), Coincheck ($534M, 2018), FTX ($477M, 2022), Mt. Gox ($460M, 2014), and DMM Bitcoin ($308M, 2024). Each case involved hot wallet compromises, insider breaches, or weak internal security.
Which crypto hack caused the largest loss ever?
The 2025 Bybit hack is the largest ever, with hackers stealing 400,000 ETH (~$1.4B). It surpassed Mt. Gox and Coincheck in scale and highlighted the risks of centralized hot wallets.
Who is behind most of the biggest crypto hacks?
Evidence points to the Lazarus Group, a North Korean state-backed organization, being involved in multiple mega-hacks including KuCoin, DMM Bitcoin, and Bybit making them the most prolific attackers in the crypto industry.
These tactics complicate tracing, though blockchain analytics firms often track movements.
Can exchanges recover stolen crypto?
Sometimes. KuCoin recovered over $200M of the $281M stolen in 2020 via rapid exchange cooperation and on-chain forensics. However, most of the biggest hacks (e.g., Mt. Gox, Coincheck, Bybit) resulted in largely irretrievable losses.
Bybit — Ethereum Exploit
Coincheck — NEM Theft
FTX — Drained Post-Collapse
Mt. Gox — Bitcoin Heist
DMM Bitcoin — BTC Hack
KuCoin — Multi-Token Exploit
WazirX — Wallet Theft
BitMart — ETH/BSC Exploit
BitGrail — Nano Hack
CoinBene — ETH Theft
