Top 10 Bitcoin Hacks Steal $36 Billion, 90% of Users Still Neglecting Security

Author: Huo Huo, Baihua Blockchain

Last Saturday, the world's second-largest CEX Bybit suffered a hacker attack, with a total of $1.46 billion in ETH stolen, setting a record for the highest amount stolen in a single token theft case in history. Just on February 24, the crypto financial card service provider Infini also faced a hacker attack, with approximately $49.5 million in funds stolen from its Ethereum address. This series of security incidents has further exacerbated the already sluggish crypto market, exposing the lack of rigor in asset security management on crypto platforms and further weakening market liquidity, making security issues once again the focus of industry attention.

It can be said that crypto security incidents have been frequent in recent years, involving various targets such as CEX, DeFi platforms, and cross-chain bridges. According to a report by blockchain analysis company Chainalysis, hackers stole approximately $2.2 billion in crypto assets in 2024, with the total amount stolen exceeding $5 billion (equivalent to over 36 billion RMB) to date.

Today, we will review the top ten crypto security incidents from the past (including the Bybit theft incident in February 2025). The 36 billion RMB in assets lost in these ten security incidents serves as a "bloody lesson" for the owners. What important tips can individuals glean from these incidents to protect their crypto assets?

Top 10 Crypto Security Incidents

The following image ranks the top ten crypto security incidents by the amount lost, covering various complex attack methods from smart contract vulnerabilities to private key leaks and database attacks.

Through analysis, we can see that these theft incidents not only expose specific security vulnerabilities but also reflect the weaknesses in technical protection and risk management within the crypto industry.

Next, we will categorize and analyze these incidents based on their causes and the lessons learned, to better understand the underlying security risks and provide references for future prevention.

1) Wallet Private Key or Security Issues

Ronin Network Theft Incident (March 2022): $625 million

Ronin Network is a scaling solution designed for blockchain games and NFTs, created by the Axie Infinity development team Sky Mavis, aimed at addressing Ethereum's limitations in transaction fees and processing speed.

In March 2022, Ronin Network was attacked by the North Korea-supported hacker group Lazarus Group, resulting in a loss of approximately $625 million in Ethereum and USDC. The hackers successfully controlled five nodes by attacking the network's validation nodes, allowing them to create and sign malicious transactions, ultimately transferring funds to addresses they controlled.

Coincheck Theft Incident (January 2018): $534 million

Coincheck is one of the more well-known CEXs in the Japanese crypto market, established in 2012, dedicated to providing secure and convenient trading services.

In January 2018, Coincheck suffered a hacker attack due to security issues with its hot wallet, resulting in a loss of approximately $534 million in NEM tokens.

DMM Bitcoin Theft Incident (May 2024): $305 million

DMM Bitcoin is also a crypto CEX based in Japan, established in 2018.

In May 2024, DMM Bitcoin was attacked by hackers, leading to the theft of approximately 4,500 bitcoins (valued at about $305 million at the time). Although the specific method of attack is still under investigation, reports suggest that leaked private keys may have been a key factor in the hackers' intrusion.

KuCoin Theft Incident (September 2020): $275 million

KuCoin is a well-known CEX based in Singapore, established in 2017.

In September 2020, KuCoin suffered a hacker attack, resulting in a loss of approximately $275 million in various crypto tokens. The hackers successfully stole a large amount of assets by obtaining the private keys of the CEX's hot wallet.

Summarizing these four theft incidents, it is evident that they all resulted from insufficient security of hot wallets or nodes. Validation nodes and hot wallets, due to their internet connectivity and convenience, are easy targets for hacker attacks. Hackers employ various methods, including malware, phishing attacks, or exploiting internal platform vulnerabilities to obtain private keys. Once an attack is successful, hackers can quickly transfer assets, leading to irreparable losses. In contrast, cold wallets and other storage options that are not connected to the internet can effectively avoid the risks of online attacks, making them a relatively safer choice for storing crypto assets.

Additionally, for CEXs, ensuring strict management and secure storage of private keys is key to preventing large-scale theft of funds; for individual users, properly safeguarding private keys is equally crucial for asset security. Once a private key is lost or leaked, users will completely lose control over their assets, as no third party can help recover the funds. Therefore, both CEXs and individuals need to establish more robust key protection measures to reduce security risks.

2) Smart Contract Vulnerabilities

Poly Network Theft Incident (August 2021): $600 million

Poly Network is a cross-chain protocol that allows users to seamlessly transfer and exchange assets across multiple blockchain platforms, enabling cross-chain transactions and collaboration.

In August 2021, the Poly Network cross-chain bridge was hacked due to a smart contract vulnerability, resulting in a loss of approximately $600 million in various tokens. The hackers exploited the vulnerability to bypass permission controls and transferred a large number of tokens to their own addresses. However, unexpectedly, the hackers later negotiated with the platform and gradually returned most of the stolen funds.

Wormhole Theft Incident (February 2022): $320 million

Wormhole is a decentralized cross-chain bridge protocol that allows users to transfer assets between multiple blockchain networks without relying on a single chain's ecosystem.

In February 2022, the Wormhole cross-chain bridge was attacked while connecting the Solana and Ethereum blockchains, resulting in approximately $320 million in wrapped Ethereum (wETH) being stolen. The attackers exploited a vulnerability in the cross-chain bridge's smart contract to bypass the verification mechanism, unauthorizedly minting a large amount of wETH and withdrawing it to their addresses.

The security incidents of Poly Network and Wormhole exposed the vulnerabilities in asset transfer and verification processes within cross-chain protocols. Particularly in the management and verification of cross-chain assets, vulnerabilities can be easily exploited by hackers, leading to significant losses. This reminds us that the design of cross-chain protocols must pay more attention to permission control in smart contracts to ensure the validity of operations, especially in the management and verification of cross-chain assets.

To enhance security, cross-chain platforms need to conduct comprehensive security audits and vulnerability checks regularly to identify and fix potential issues promptly. Additionally, it is recommended to introduce multi-signature mechanisms and stricter permission management in contract design to avoid single points of failure or hackers controlling critical permissions. Furthermore, updates and maintenance of cross-chain protocols should follow strict processes to ensure that every fix and upgrade undergoes thorough testing to enhance the security of cross-chain platforms, reduce attack risks, and protect user assets.

3) System Vulnerabilities or Database Leaks

Mt. Gox Theft Incident (February 2014): $473 million

Mt. Gox was once the largest Bitcoin CEX in the world, with trading volume accounting for about 70% of global Bitcoin transactions at one point. Established in 2010 and headquartered in Japan, it played a key role in the early booming development of the crypto industry.

However, in 2014, this CEX went bankrupt after multiple security vulnerabilities led to the theft of approximately 850,000 bitcoins (valued at about $473 million at the time), becoming one of the most sensational scandals in crypto history. This attack exposed issues of insufficient monitoring mechanisms and slow responses to suspicious activities, while the specific methods used by the hackers remain unclear to this day.

Mixin Network Theft Incident (September 2023): $200 million

Mixin Network is a decentralized cross-chain protocol aimed at solving interoperability issues between blockchains.

In September 2023, the Mixin Network peer-to-peer trading network was attacked due to a database leak from a cloud service provider, resulting in approximately $200 million in Bitcoin and Ethereum assets being stolen.

These two incidents expose the serious risks of system vulnerabilities and database leaks in the crypto industry. The Mt. Gox incident highlights the lack of adequate security monitoring and response mechanisms in crypto CEXs, while the Mixin Network incident reminds us to be particularly cautious when relying on third-party cloud services. To avoid similar issues, platforms should strengthen multi-layered security defenses, establish comprehensive monitoring and emergency response systems, and ensure that collaborations with third-party vendors provide sufficient security guarantees.

In responding to such incidents, it is essential not to put all your "eggs" in one basket; additionally, we need to consider whether this "basket" has sufficient compensation capabilities when problems arise. Especially in the crypto field, when choosing CEXs or other platforms, it is crucial to ensure they have adequate reserves and financial health to handle potential large losses. Evaluating the platform's risk response mechanisms, insurance policies, and historical compensation records is also necessary. After all, risks can sometimes be unavoidable, and choosing a platform that can take responsibility during a crisis is also a way to be responsible for oneself.

4) Front-End Manipulation Fraud

Bybit Theft Incident (February 2025): $1.5 billion

Bybit is a crypto CEX established in 2018 and headquartered in Singapore, primarily providing crypto derivatives products.

After being attacked by hackers on February 22, 2025, Bybit lost approximately $1.5 billion in Ethereum and related staked assets. This incident involved manipulation of cold wallet transactions, where hackers displayed a deceptive signature interface showing the correct address while altering the underlying smart contract logic to transfer funds to unauthorized addresses. This attack method indicates that even cold wallets are not absolutely secure.

Although cold wallets are safer than hot wallets, the Bybit theft incident shows us that security awareness is always the most important. In addition to choosing a CEX with a good security record, wallet management, transaction verification, and secure operational processes are also crucial, as cold wallets are not a panacea.

It is reported that the root cause of the Bybit theft incident is attributed to Safe multi-signature issues and the attack methods used. The attackers initiated malicious spoofing transactions against Bybit through compromised Safe developer machines, indicating that due to insufficient security protection of developer devices and credentials, even without obvious smart contract vulnerabilities or source code issues, hackers can still intrude.

This reminds us that, in addition to choosing a CEX with a good security record, wallet management, transaction verification, and secure operational processes are essential. The security awareness of every step, including developer machines, credential management, and operations, should be strengthened. Additionally, users need to be particularly cautious when signing transactions and remain highly vigilant to ensure that every operation is accurate without oversight.

5) Flash Loan Attacks

Euler Finance Theft Incident (March 2023): $197 million

Euler Finance is a decentralized financial platform built on Ethereum and Layer 2 networks like Optimism, dedicated to providing seamless and efficient borrowing and lending services.

In March 2023, the Euler Finance decentralized lending platform suffered a flash loan attack, resulting in approximately $197 million in various tokens being stolen. The attackers exploited vulnerabilities in the platform's smart contracts to manipulate market prices through flash loans, triggering the platform's liquidation mechanism and illegally stealing funds.

This incident once again reveals the potential vulnerabilities in the smart contract design and market mechanisms of decentralized finance platforms. Flash loan attacks typically rely on manipulating market prices and triggering liquidation mechanisms, exposing weaknesses in the platform's price oracle and market stability. To counter such attacks, platforms should focus on reviewing the code of smart contracts, particularly in areas involving market manipulation and liquidation mechanisms, to enhance security.

Moreover, security audits and historical reputation are key factors in assessing project reliability. Even if a project promises high returns, one should not overlook potential risks to avoid falling into traps. Whether entrusting funds to centralized platforms or using decentralized applications, caution must be maintained, and one should never be complacent.

Speculation, fraud, and money laundering can also trigger financial risks! To prevent "crypto assets" from spiraling out of control, these measures must be considered - Weekly Magazine

What Security Advice Can Be Given to Individual Holders?

Looking back at these security incidents, it is not difficult to find that security vulnerabilities in CEXs, mismanagement of private keys, and the upgrading of hacker techniques continuously threaten the security of crypto assets.

These incidents not only reveal the hidden risks in the world of digital assets but also provide us with valuable experiences. Learning how to identify potential threats and adopting safer storage and trading methods is a topic that every crypto user needs to focus on.

Next, we will summarize a few key security recommendations from these cases, hoping to provide practical references for everyone in managing digital assets, helping to reduce risks and avoid becoming the next victim.

1) Choose a reputable platform

Choosing a CEX or platform with a good security record and transparent disclosure of security measures is the first step in protecting personal assets.

2) Use cold storage to protect assets

Storing important digital assets in cold wallets is an important means of preventing hacker attacks.

3) Enable two-factor authentication (2FA)

By binding a mobile phone, email, or dedicated authenticator, users can add an extra layer of security when logging in, effectively preventing unauthorized access to accounts. Regularly checking and monitoring account activity is an effective way to detect suspicious transactions and potential threats in a timely manner.

4) Diversify investments to reduce risks

Distributing assets across multiple platforms or wallets can help mitigate risks. For example, users can keep the majority of their assets in cold wallets while using a small amount for daily transactions or spreading them across different trusted CEXs to reduce the overall loss if a single platform encounters issues.

5) Trustlessness

The most important feature of crypto assets is verifiability; do not blindly trust any third party to ensure your crypto security, including software and hardware provided by wallet developers. Always treat personal online devices as "not completely secure devices" and verify the accuracy of every transaction information you submit and sign.

Conclusion

It can be said that security prevention is not only a reaction to problems but also a proactive strategic layout. Managing crypto assets is not just about addressing immediate risks but also ensuring long-term stable development. By cultivating daily security habits, gradually enhancing protective capabilities, and preventing risks at every step, we can effectively minimize risks.