Below is a summary of the most significant cryptocurrency thefts since 2009, based on available information and ordered by their magnitude at the time of the theft (in US dollars). The values are adjusted to the time of the incident, although some cases, like Mt. Gox, would have a much greater impact at current prices. I include key details of each case, such as the affected platform, date, amount stolen, involved cryptocurrencies, and circumstances of the attack.
1. Bybit (2025) - 1,500 million USD
Date: February 21, 2025
Stolen cryptocurrency: 401,347 Ethereum (ETH)
Description: This is the largest recorded cryptocurrency theft to date. North Korean hackers, possibly linked to the Lazarus group, exploited a vulnerability in the free storage software Safe used by Bybit, a Dubai-based platform. The attackers manipulated a routine transaction approved by CEO Ben Zhou, accessing a cold Ethereum wallet. The funds were transferred to a hot wallet and then distributed across a network of wallets to make tracking difficult. Bybit assured that it would compensate users with its own funds or loans from partners, but the incident led to a massive withdrawal of 4 billion USD by customers and a 4% drop in the price of Ethereum.
Impact: The attack exposed vulnerabilities in the storage systems of major exchanges and reignited the debate on security in the crypto ecosystem.
2. Ronin Network (Axie Infinity) (2022) - 620 million USD
Date: March 29, 2022
Stolen cryptocurrencies: 173,600 ETH and 25.5 million USD Coin (USDC)
Description: The Ronin blockchain network, associated with the NFT game Axie Infinity, suffered the largest cryptocurrency theft at that time. Hackers, allegedly from the North Korean Lazarus group, compromised five of the nine validation nodes in the network using malware and outdated credentials. The funds were extracted in two transactions, leveraging stolen private keys. The theft was detected days later, and the value of the stolen assets reached 620 million USD due to the cryptocurrency price increase.
Impact: The incident affected trust in blockchain-based games and highlighted the vulnerabilities of cross-chain bridges. Part of the funds was traced, but not fully recovered.
3. Poly Network (2021) - 610 million USD
Date: August 2021
Stolen cryptocurrencies: Various, including ETH, BNB, and USDT
Description: Poly Network, a DeFi platform facilitating transactions between blockchains, suffered a massive theft due to a vulnerability in its code. The attacker, identified as an 'ethical hacker,' claimed that his goal was to expose security flaws and not to keep the funds. Surprisingly, he returned almost all of the 610 million USD in the following days, except for 33 million USD in Tether that were frozen by the issuers.
Impact: Although the funds were returned, the case highlighted the risks of DeFi protocols and the reliance on open source code, which can be exploited if not properly audited.
4. Coincheck (2018) - 534 million USD
Date: January 26, 2018
Stolen cryptocurrency: 523 million NEM
Description: Coincheck, a Japanese exchange, was the victim of an attack that exploited the insecurity of its hot wallets, which did not use multi-signatures. The hackers accessed the private key of a wallet, stealing 523 million NEM tokens. The attackers created a website to sell the stolen tokens at a discount, causing a drop in the price of NEM. Coincheck established a reimbursement plan and continued operating, covering the losses with its funds and insurance. Some experts suggest that the attack involved malware on a company computer.
Impact: The theft led to stricter regulations in Japan for exchanges and highlighted the importance of using cold and multi-signature wallets.
5. Mt. Gox (2011-2014) - 470-480 million USD
Date: Discovered in February 2014 (thefts since 2011)
Stolen cryptocurrency: 850,000 BTC (100,000 from the company, 750,000 from clients)
Description: Mt. Gox, the largest Bitcoin exchange at the time, lost 850,000 BTC in a series of thefts that began in 2011 and were detected in 2014. The attackers exploited vulnerabilities in the system, possibly through an internal or external attack, leaking funds over the years. In 2011, an initial theft of 25,000 BTC was attributed to an unidentified attacker, and in 2014, the loss of 744,408 BTC was reported. At 2014 prices (550-750 USD per BTC), the theft amounted to 470-480 million USD, but at current prices (2025, ~42,000 USD per BTC), it would be equivalent to over 35 billion USD. Mt. Gox filed for bankruptcy, and customers have not yet been fully reimbursed.
Impact: This was the first massive cryptocurrency theft and led to the collapse of Mt. Gox, one of the sector's pioneers. It improved security standards in exchanges but left thousands of users with losses.
6. Wormhole (2022) - 326 million USD
Date: February 2, 2022
Stolen cryptocurrency: 120,000 wrapped Ethereum (wETH)
Description: Wormhole, a cross-chain bridge protocol between Ethereum and Solana, was hacked due to a vulnerability in its public source code. The attackers stole 120,000 wETH, forcing the temporary closure of the bridge. Jump Trading, the owner of Wormhole, covered the losses, restoring the funds the next day. The attackers have not been identified.
Impact: The case highlighted the risks of cross-chain bridges and the need for rigorous audits in DeFi platforms.
7. KuCoin (2020) - 285 million USD
Date: September 25-26, 2020
Stolen cryptocurrencies: Various, including BTC, ETH, and other tokens
Description: The KuCoin exchange, based in Singapore, suffered a theft of 285 million USD after an attack on its hot wallets. Security guards detected suspicious transactions and transferred the remaining assets to cold wallets within two hours. CEO Johnny Lyu promised to reimburse users, and by November 2020, 84% of the funds were recovered, with the rest covered by an insurance fund. North Korean hackers are suspected to have been behind the attack.
Impact: KuCoin demonstrated resilience by recovering most of the funds, but the incident highlighted the vulnerability of hot wallets.
Additional notes:
General trends: Cryptocurrency thefts have evolved from attacks on centralized exchanges (like Mt. Gox and Coincheck) to DeFi platforms and cross-chain bridges (like Poly Network, Ronin, and Wormhole). Hackers, especially state-sponsored groups like North Korea's Lazarus, have sophisticated their methods, exploiting vulnerabilities in open source code, manipulating interfaces, or using malware.
2022, a record year: According to Chainalysis, in 2022, 3.8 billion USD in cryptocurrencies were stolen, primarily from DeFi protocols, with North Korean hackers siphoning off 1.7 billion USD.
Connection to the old man case: There is no direct evidence of an American old man stealing 330 million USD, but a post on X from April 28, 2025, mentions a theft of 3,520 BTC (~330 million USD) from a wallet of an 'OG bitcoiner,' possibly an early Bitcoin user, which was laundered through Monero (XMR). This does not confirm that the perpetrator was an old man or that he was American, and the information remains speculative.
Conclusion
The largest cryptocurrency thefts since 2009 reflect the evolution of vulnerabilities in the crypto ecosystem: from poorly managed exchanges (Mt. Gox) to DeFi platforms and cross-chain bridges (Ronin, Wormhole). The Bybit case in 2025 highlights how even modern platforms with large volumes can be targets of sophisticated attacks. Security remains a critical challenge, and users must prioritize cold wallets, two-factor authentication, and careful management of private keys to protect their assets.