In the world of cryptocurrency, hackers are never just legends. From cold wallet thefts to exploits in smart contracts, these multi-billion 'digital heists' not only leave investors with nothing but also expose the layered vulnerabilities of blockchain security. The following ten events are considered the most thrilling 'hacker textbooks' in crypto history.
1. The Bybit heist: $1.46 billion 'evaporated' from cold wallets (2025)
On February 21, 2025, the global crypto community was shaken by news: Bybit exchange's ETH cold wallet was raided, with over $1.46 billion disappearing, setting a record for the largest single theft in crypto history.
The hackers' methods can be described as 'digital magic': they forged the exchange's signature interface, and what users saw was a normal operation page, while the underlying smart contract was secretly altered. When users confirmed transactions, the funds had long been redirected to the hacker's address. Ironically, cold wallets, which should be the 'safest fortress,' fell victim to a meticulously designed phishing trap.
2. The nightmare for Axie players: $625 million disappeared from Ronin Network (2022)
Can playing games lead to theft? In March 2022, the sidechain Ronin of the blockchain game Axie Infinity was hacked entirely. The hacker controlled four validation nodes, swaggering away with 173,600 ETH (about $595 million) and 25.5 million USDC, just like having the keys to a bank.
After investigation, the culprit pointed to the North Korean Lazarus Group—this organization, known as 'digital pirates,' always manages to find the vital points of blockchain. Players watched helplessly as their game assets turned into a string of invalid code, and even today, there are victims who have not recovered their losses.
3. The cross-chain bridge scare: Poly Network lost $611 million in one day (2021)
On August 10, 2021, the Poly Network, connecting Ethereum, Binance Smart Chain, and Polygon, became a cash cow for hackers. Exploiting vulnerabilities in smart contracts, hackers simultaneously attacked three chains, stealing various crypto assets totaling $611 million.
Dramatically, the hacker later contacted the project team, saying they 'just wanted to test security' and returned most of the funds. This 'white hat hacker' style theft exposed the security issues of cross-chain bridges for the first time.
4. Binance's darkest moment: $569 million stolen via the BNB bridge (2022)
Even giants like Binance were not spared. In October 2022, hackers forged transaction proofs to steal 2 million BNB (about $569 million at the time) from the cross-chain bridge of the BNB smart chain.
Binance's response was textbook: they immediately paused bridging services, froze the hacker's addresses, and ultimately limited the loss to $100 million. However, this attack shattered the myth of 'decentralization'—it turned out that even the most advanced technology could not withstand targeted vulnerability attacks.
5. Coincheck's hot wallet vulnerability: 534 million NEM coins vanished (2018)
This money has yet to be recovered, and the exchange had to compensate users from its own pocket, ultimately being acquired by the Monex Group. This incident served as a warning in the crypto circle: no matter how convenient hot wallets are, they cannot be used as 'safes.'
6. The dark memory of Bitcoin: Mt. Gox bankruptcy case (2014)
850,000 bitcoins—accounting for 7% of the global circulating supply at the time—were stolen from Mt. Gox by hackers in 2014. Based on the price at that time, it was about $473 million, but today it's worth over $100 billion.
This disaster immediately led the world's largest bitcoin exchange to bankruptcy, leaving countless investors with nothing. It wasn't until 2023 that victims began to receive small amounts of compensation. It tells the world that the security of cryptocurrencies is more important than price fluctuations.
7. The 'second robbery' after FTX's bankruptcy: $473 million was looted (2022)
The bankruptcy of FTX in 2022 was already tragic enough, but the hackers came to 'kick while they were down.' On November 11, just after the exchange filed for bankruptcy, hackers took advantage of the chaos to empty the wallet, stealing $473 million in stablecoins, which they quickly converted into Ethereum and fled.
In the chaos, no one knew whether the hacker was an external intruder or an internal employee. This 'taking advantage of the fire' became the most ironic footnote in crypto history.
8. Wormhole's lucky turnaround: $320 million recovered (2022)
In February 2022, the token bridge Wormhole between Ethereum and Solana was exploited, with 120,000 wETH (about $320 million) stolen.
But the story took a turn: the project team offered a $10 million reward, and with the help of a security company, they eventually recovered all the funds. This 'complete recovery' showed people that as long as the response is quick enough, crypto assets may not be 'like a meat bun hitting a dog.'
9. The power of phishing emails: DMM lost $308 million (2024)
In May 2024, the North Korean hacker group TraderTraitor employed 'social engineering tactics': posing as LinkedIn recruiters, they sent phishing emails to employees of the DMM trading platform. Someone fell for it and downloaded malware, allowing hackers to control the trading system and transfer 4,502 bitcoins (about $308 million).
This attack proved that no matter how advanced the technology, it cannot withstand the 'insider threat'—even if that insider is a misled employee.
10. KuCoin's desperate counterattack: $285 million recovered out of $240 million (2020)
In September 2020, KuCoin's hot wallet was breached, with $285 million in assets stolen. However, the exchange did not sit idle and collaborated with police and blockchain companies to trace the flow of funds, successfully recovering $240 million.
The remaining $45 million was covered by KuCoin using insurance and its own funds. This 'mend the fold after the sheep are lost' approach helped preserve user trust and became a model for the industry in dealing with hacker attacks.
What do these events teach us?
From cold wallet vulnerabilities to phishing emails, from smart contract defects to internal errors, hacker techniques are becoming increasingly covert, but the core remains unchanged: find the weakest link in the system. For investors, choosing reliable platforms, diversifying assets, and enabling two-factor authentication may be the best way to combat these 'digital pirates.' After all, in the world of crypto, security is always more important than profits.
Disclaimer: The content of this article is for reference only and does not constitute any investment advice. Investors should rationally view cryptocurrency investments based on their own risk tolerance and investment goals, and not blindly follow trends.
