Biggest Crypto Heists of All Time
The biggest crypto heists to date are MT Gox, Bitgrail, Coincheck, KuCoin, PancakeBunny, Poly Network, Cream Finance, BadgerDAO, Vulcan Forged, and Bitmart.
MT Gox was the first large-scale exchange hack, and it remains the largest Bitcoin (BTC) heist of an exchange. The MT Gox theft, on the other hand, was not a one-time event. On the contrary, the site lost money from 2011 to February 2014.
Hackers stole 100,000 BTC from the exchange and 750,000 BTC from its consumers within a few years. These bitcoin heists were valued at $470 million at the time, but are now worth around ten times that amount. Shortly after the theft, MT Gox went into liquidation, with the liquidators recovering around 200,000 stolen BTC.
Bitgrail was a small Italian exchange that traded obscure cryptos like Nano (XNO). The exchange was hacked in February 2018, just when XNO’s price rose from pennies to $33. At least 17 million coins (equivalent to around $150 million) were taken from Nano wallets.
Many users started to express their dissatisfaction with the exchange before the attack (significantly lower withdrawal limits and transaction problems). According to investigations, the coins were stolen from cold—not hot—wallets. Investigations have continued over the previous three years, with Italian authorities now accusing Bitgrail’s owner of being behind the attacks.
Japan-based Coincheck had $530 million worth of NEM (XEM) tokens stolen in January 2018. The hackers took advantage of the currency being held in a “hot” wallet, which meant it was connected to the server and therefore “online” (a cold wallet sees the funds stored offline).
The stolen coins were identified and marked as such by the NEM developers, although it was assumed that the money was available in dark markets.
However, given the loss in value of the coins after the attack, it’s unlikely that many people thought it was a bargain (the coins are now worth 83% less than they were worth around 90 million dollars).
KuCoin announced in September 2020 that hackers obtained private keys for their hot wallets before withdrawing substantial amounts of Ethereum (ETH), BTC, Litecoin (LTC), Ripple (XRP), Stellar Lumens (XLM), Tron (TRX) and Tether (USDT). Since then, experts have said they have reasonable grounds to assume the hackers are North Korean.
This flash loan attack, in which hackers were able to siphon $200 million from the platform, happened in May 2021 and is among the most serious cases of cryptocurrency theft. The hacker lent a large sum of Binance Coin (BNB) before manipulating its price and selling it on PancakeBunny’s BUNNY/BNB market to carry out the attack.
This allowed the hacker to obtain a large number of BUNNY via a flash loan, throw all the BUNNY into the market to lower the price, and then redeem the BNB using PancakeSwap.
In August 2021, a hacker exploited a vulnerability in Poly Network’s infrastructure and stole funds totaling over $600 million. They didn’t get away with their reward, however, in a weird twist. Instead, the hacker approached the platform and agreed to return the majority of the funds, except for $33 million in Tether (USDT) which had been frozen by issuers.
But the saga didn’t end there: $200 million of the stolen assets were locked away in an account that required the hacker’s password, according to Poly Network. The hacker initially refused to hand over the hacked crypto.
That is, until Poly Network begged them to publish it, gave them a $500,000 reward for discovering the flaw in the system, and even offered them a job! Poly Network later revealed that the private key was given to them by “Mr. White Hat”.
Financing of the cream
Not only did hackers steal $130 million in the October 2021 cryptocurrency theft incident, but it was also Cream Finance’s third attack of the year. The hackers took $37 million in February 2021 and $19 million in August 2021.
In the most recent attack, hackers used what was believed to be a flaw in the DeFi platform’s flash lending system. On the Ethereum network, they were able to take all of Cream Finance’s tokens and assets, totaling $130 million.
A hacker managed to steal assets from several cryptocurrency wallets on the DeFi network, BadgerDAO, in December 2021. The problem allegedly started on November 10 when a malicious script was injected into the website’s user interface.
User transactions may have been intercepted while the script was active. The attacker took 896 BTC worth around $50 million at the time.
In December 2021, hackers stole $135 million from Vulcan Forged, a blockchain gaming startup. They stole the private keys of 96 separate wallets before withdrawing 4.5 million PYR tokens from them.
In December 2021, a hack of Bitmart’s hot wallet resulted in the theft of approximately $200 million. At first, $100 million was thought to have been stolen through the Ethereum blockchain, but further research revealed that an additional $96 million was stolen through the Binance Smart Chain blockchain.
Over 20 tokens were taken, including altcoins such as BSC-USD, Binance Coin (BNB), BNBBPay (BPay) and Safemoon, as well as substantial amounts of Moonshot (MOONSHOT), Floki Inu (FLOKI) and BabyDoge ( BabyDoge).