Despite maturing to the point of becoming a multi-trillion-dollar asset class, the crypto world is still ripe with hacks and scams. In fact, the worst one ever just happened.
Malicious actors looking to take advantage of inexperienced users or insecure crypto protocols have found ample opportunity, siphoning off more than $10 billion in funds in the last 5 years according to Chainalysis. And six out of the last 11 years have seen over $1 billion worth of losses to hacks and exploits, peaking in 2022 with $3.7 billion worth.
And 2025 is off to a rough start on that front, with this year’s stolen funds nearly matching 2024’s full-year total thanks to one massive centralized exchange hack. That attack currently leads the list of the worst crypto hacks of all time, based on the value of the assets swiped at the time of the breach.
1) Bybit – $1.4 billion
The largest crypto hack of all time saw more than 400,000 Ethereum—valued at $1.4 billion at the time of the hack—and other Ethereum-based tokens swiped from a cold wallet from Dubai-based centralized exchange Bybit in February 2025.
The attack was confirmed by Bybit co-founder and CEO Ben Zhou, who indicated that a planned transfer was manipulated, resulting in the exchange unknowingly handing funds over to an attacker’s wallet.
The hack was quickly linked by on-chain sleuths to North Korea’s state-sponsored Lazarus Group, an entity responsible for taking more than $1.3 billion in crypto funds via hacks in 2024 alone. The FBI later confirmed that evidence points to Lazarus.
Despite the enormity of the hack, Bybit was able to process all withdrawals and filled its Ethereum gap quickly via a combination of loans, deposits, and purchases of the second-largest crypto asset.
In preliminary reports issued days after the attack, cybersecurity experts concluded that the issue arose when North Korean hackers planted malicious code into the infrastructure of Safe, the wallet provider utilized by Bybit.
2) Poly Network – $611 million
Poly Network, a multi-chain interoperability protocol, experienced the second-largest crypto hack of all time in 2021, losing roughly $611 million worth of various crypto assets across three separate chains.
The network’s developers confirmed the hack on August 10, 2021, asking miners or validators of Ethereum, Polygon, and BNB Chain (formerly Binance Smart Chain), as well as centralized exchanges, to blacklist addresses associated with the hack.
After immense pressure from the crypto community, the hackers began returning funds to Poly Network within a day of the hack, ultimately returning nearly all of the funds within 2 weeks of the exploit. The perpetrators said the attack was “just for fun” in a wild saga that involved numerous back-and-forth messages between the hacker, Poly Network, and the crypto community.
3) BNB Chain – $570 million
A hacker gained control of around $570 million worth of Binance Coin (BNB) in an exploit of the BSC Token Hub on BNB Chain on October 6, 2022.
The attack allowed the malicious actor to grant themselves 2 million new BNB tokens, convincing the hub in the process via a “sophisticated forgery.”
After it was quickly identified that irregular activity was taking place, the chain first paused activity, later halting it after further identification of the hack. Because of the swift actions of the chain and its validators, only about $100 million of the $570 million was ultimately siphoned off the chain.
4) Coincheck – $530 million
In the oldest hack on the list, Japanese exchange Coincheck fell victim to a $530 million heist of 523 million NEM tokens in 2018 when a bad actor gained access to the hot wallet that contained the funds.
More than 260,000 users of the exchange were affected, with the platform refunding approximately $400 million to those parties with its own cash, according to The Guardian.
At the time, it was the largest crypto hack in history. However, the value of the stolen NEM has since decreased drastically, pricing the stolen assets at $10.36 million at today’s prices.
Two years after the heist, the District Court in Tokyo announced the seizure of a small fraction of the tokens that were stolen.
5) Ronin Network – $552 million
Ronin Network fell victim to a $552 million hack in March 2022. Much like the BNB Chain exploit, the Ethereum gaming sidechain’s native bridge was targeted in an attack that utilized hacked private keys, later pinned on North Korea’s Lazarus hacking group by the United States Treasury.
After gaining access to the private keys, the hackers were able to sign transactions from 5 of the 9 total network validators—the minimum requirement in order to approve transactions. Though the hack occurred on March 23, it was only disclosed by the network a week later, when the value of the assets tallied $622 million.
Ultimately, the hacker was able to gain access to 173,650 Wrapped Ethereum and 25.5 million USDC stablecoins.
In September 2022, approximately $30 million of the funds lost were recovered, marking the first time that funds stolen by North Korea’s hacking group were seized. Ronin creator Sky Mavis repaid all affected users and the bridge was eventually reopened with additional security protections and a growing pool of validators to boost decentralization.
Edited by Andrew Hayward
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
