Crypto is still very much the Wild West of finance. Hacks and exploits still plague the space, with the most recent big one being a $70 million exploit of Curve Finance. 2022 was the biggest year ever for crypto hacking, and there's no sign of things cooling down in 2023.
In this report, we look at some of the biggest crypto hacks of all time and offer a tip on what you can do to avoid becoming a victim of a crypto hack.
This is not an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade or use any services.
Crypto hacks remain a notable roadblock to broader blockchain adoption.
Hacks can occur on multiple levels in the crypto space — from blockchain bridges to centralized exchanges to hot wallets.
Use a hardware wallet to store the private keys to your crypto offline to mitigate the risk of being hacked.
1. Ronin network
On March 23, 2022, hackers stole approximately $625 million in Ethereum (ETH) and USD Coin (USDC) from Ronin, the Ethereum-linked sidechain connected to the popular Axie Infinity online game. The hackers — who were part of the North Korean state-backed hacking collective Lazarus Group — exploited a blockchain bridge, which enables users to transfer assets from one blockchain to another.
The hack remains the largest in the history of crypto. While the US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned the Ethereum wallet associated with the hack, and while Binance recovered $5.8 million of the stolen funds, the vast majority was never recovered.
2. Bitfinex
In August 2016, 119,754 Bitcoin (BTC) were stolen from the crypto exchange Bitfinex after a hacker breached the exchange's security system and made more than 2,000 unauthorized transactions. At the time of the hack, the amount of BTC stolen was worth about $72 million, while that value is currently well over $3 billion.
In February 2022, the US Department of Justice arrested the two people behind the hack and stated that it had recovered over 75% of the stolen funds. In a press release, the agency noted that blockchain technology helped law enforcement to follow the money and bring those using cryptocurrency for illicit purposes to justice.
3. MyEtherWallet
In April 2018, MyEtherWallet (MEW) — an app for storing, sending and receiving Ethereum (ETH) and Ethereum-based tokens — was compromised by a phishing attack. Hackers stole just over 216 ETH — worth approximately $150,000 at the time — by hijacking a Google Domain Name System (DNS) server the Ethereum network employed.
MyEtherWallet's CEO and team responded swiftly, remedying the issue and sharing information to help users secure their funds and mitigate losses. MEW's CEO added that Ethereum users should use a hardware wallet to safely store and manage their assets.
4. Tesla
In February 2018, Tesla fell victim to a "cryptojacking". A cryptojacking is a cybercrime in which hackers take over people's computers or servers and use them to mine cryptocurrency. Hackers infiltrated Tesla's Kubernetes administration console — an open-sourced, Google-designed system for cloud applications — which wasn't password protected at the time.
The hackers used this system to illegally mine cryptocurrency in a way that made their IP addresses difficult to detect. The issue was rectified, and no consumer data or information regarding the safety and security of Tesla vehicles was stolen.
5. Solana
In August 2022, over 9,000 wallets on the Solana network were hacked, with approximately $4 million worth of SOL — the native asset of the Solana blockchain — and USD Coin (USDC) being stolen. Hackers exploited the private keys for the Slope wallet, a software wallet for assets on the Solana blockchain.
Some users of Phantom — one of the most popular Solana wallets — also had their funds drained. However, only those who imported their accounts to and from Slope were affected. Days after the hack, Solana issued a statement telling users to create new wallets and transfer their assets out of their old, potentially compromised wallets to mitigate further damage.
6. Harmony network
In June 2022, hackers from the North Korean state-backed hacking collective Lazarus Group exploited the Horizon bridge — a bridge that connects the Harmony blockchain to Ethereum, BNB Chain and Bitcoin — stealing $100 million worth of digital assets. This attack brought the total amount stolen from blockchain bridges in 2022 to over $1 billion, all before the year's halfway point.
The hackers executed the attack by using compromised private keys to drain assets, including Binance USD (BUSD), USD Coin (USDC), Ethereum (ETH) and Wrapped Bitcoin (WBTC). The hackers swapped the non-ETH assets for ETH and then put the ETH through the Tornado Cash mixer to launder the funds. The Tornado Cash mixer is a privacy service that removes any connection to the address from which wallet funds were sent and is now outlawed by the US government.
7. Bancor
In July 2018, hackers stole $23.5 million in digital assets from a compromised wallet tied to the decentralized exchange (DEX) Bancor, which exists on Ethereum. The hackers made off with 3.2 million Bancor Network tokens (BNT), 25,000 Ethereum (ETH) and 230 million Pundi X tokens (NPXS).
To mitigate the damage, the DEX froze the stolen BNT funds — which called into question just how "decentralized" the network really is. However, it didn't have the power to free the stolen ETH or NPXS.
No user funds were stolen in this hack.
8. FTX
Hours after FTX declared bankruptcy on November 11, 2022, more than $600 million worth of digital assets was extracted from FTX crypto wallets. Some speculated that members of disgraced former FTX CEO Sam Bankman-Fried's inner circle siphoned the funds through a back door, though this has yet to be confirmed.
The day after the hack, Nick Percoco, chief security officer at the crypto exchange Kraken, claimed that he knew the identity of the hacker because of a mistake the hacker made in sending Tron (TRX) tokens from Kraken to the same crypto wallet address to which some of the hacked funds were sent. The hacker's identity has yet to be made public, though, and US authorities are still investigating the case and pursuing the hacker.
How to keep your cryptocurrency safe from hackers
One of the most tried and true ways to keep your crypto safe from hackers is to keep your private keys stored offline in a crypto hardware wallet.
When you leave your crypto assets in the custody of either a centralized crypto exchange like Bitfinex or a hot wallet like Slope, you increase your risk of losing access to your digital assets due to a hack.
Bottom line
Over the years, billions of dollars worth of digital assets have been stolen in crypto hacks, and crypto hacks still pose notable danger to crypto investors and blockchain users.
To mitigate the risks of becoming a victim of a crypto hack, consider using a crypto hardware wallet to store the private keys to your digital assets offline.
Frequently asked questions
Crypto hacks come in different forms. Sometimes hackers exploit vulnerabilities in the design of crypto hot wallets or cross-chain bridges to steal funds. And sometimes, they lure crypto investors into using a fake exchange as a means to steal the user's private key as part of a phishing scam.
The biggest crypto hack of all time was the Ronin network hack, which was perpetrated by the North Korean state-backed hacking collective Lazarus Group. The Ronin network is an Ethereum-linked sidechain connected to the popular online game Axie Infinity. Approximately $625 million worth of digital assets were stolen in the hack.
Disclaimer: Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.
Frank Corva is the senior analyst for digital assets at Finder. Frank has turned his hobby of studying and writing about crypto into a career with a mission of educating the world about this burgeoning sector of finance. He worked in Ghana and Venezuela before earning a degree in applied linguistics at Teachers College, Columbia University. He taught writing and entertainment business courses in Japan and worked with UNICEF in Namibia before returning to the States to teach at universities in New York City. He spent years as a publicist and graphic designer in the music industry, working for record labels like Warner Music Group and Triple Crown Records, and he's also a former music journalist whose writing and photography has been in published in Alternative Press, Spin and other outlets. See full bio
In this guide we take a look at some of the greenest cryptocurrencies and alternatives to Bitcoin, and explain how they work and where you can buy them.
How likely would you be to recommend Finder to a friend or colleague?
0
1
2
3
4
5
6
7
8
9
10
Very UnlikelyExtremely Likely
Required
Thank you for your feedback.
Our goal is to create the best possible product, and your thoughts, ideas and suggestions play a major role in helping us identify opportunities to improve.
Important information about this website
Finder makes money from featured partners, but editorial opinions are our own.
Finder is one of Australia's leading comparison websites. We are committed to our readers and stand by our editorial principles.
We try to take an open and transparent approach and provide a broad-based comparison service. However, you should be aware that while we are an independently owned service, our comparison service does not include all providers or all products available in the market.
Some product issuers may provide products or offer services through multiple brands, associated companies or different labeling arrangements. This can make it difficult for consumers to compare alternatives or identify the companies behind the products. However, we aim to provide information to enable consumers to understand these issues.
We make money by featuring products on our site. Compensation received from the providers featured on our site can influence which products we write about as well as where and how products appear on our page, but the order or placement of these products does not influence our assessment or opinions of them, nor is it an endorsement or recommendation for them.
Products marked as 'Top Pick', 'Promoted' or 'Advertisement' are prominently displayed either as a result of a commercial advertising arrangement or to highlight a particular product, provider or feature. Finder may receive remuneration from the Provider if you click on the related link, purchase or enquire about the product. Finder's decision to show a 'promoted' product is neither a recommendation that the product is appropriate for you nor an indication that the product is the best in its category. We encourage you to use the tools and information we provide to compare your options.
Where our site links to particular products or displays 'Go to site' buttons, we may receive a commission, referral fee or payment when you click on those buttons or apply for a product.
When products are grouped in a table or list, the order in which they are initially sorted may be influenced by a range of factors including price, fees and discounts; commercial partnerships; product features; and brand popularity. We provide tools so you can sort and filter these lists to highlight features that matter to you.
Please read our website terms of use and privacy policy for more information about our services and our approach to privacy.
We update our data regularly, but information can change between updates. Confirm details with the provider you're interested in before making a decision.