Learn from real-world examples of major cryptocurrency thefts and hacks. Understanding these incidents helps prevent future attacks and improves security awareness.
Study them to understand common vulnerabilities and improve your security practices.
One of the most infamous cryptocurrency exchange hacks in history, where approximately 850,000 BTC were stolen.
The Japanese exchange stored a large balance of NEM (XEM) in a “hot” wallet connected to the internet. Hackers exploited weak security protocols, drained the wallet, and transferred hundreds of millions in tokens to various addresses. At the time it was the largest crypto exchange hack ever. It exposed how even major platforms can neglect basic wallet security (e.g., keeping large reserves online).
A sophisticated attack on the Poly Network, cross-chain protocol, resulted in one of the largest DeFi hacks ever. Hackers tricked the system into releasing assets without legitimate cross-chain permission. It underscored the extreme risk in cross-chain bridges and led to one of the rare cases where the attacker later returned a large portion of the funds (claiming “white-hat” intent).
The Ronin sidechain for the Axie Infinity game had its validator set compromised. With control over key nodes, hackers withdrew funds from the bridge contract to their own addresses. A high-profile gaming ecosystem was hit, showing that even applications with large user bases and brand recognition are vulnerable. It exposed how validator-centric architectures can collapse.
A critical vulnerability in the Wormhole bridge allowed attackers to mint 120,000 wrapped ETH without collateral.
Once one of the largest crypto exchanges, FTX collapsed in November 2022 amid massive liquidity issues and alleged internal fund misuse, followed by a mysterious $400 million hack hours after bankruptcy filing.
Attackers exploited a multisig wallet setup of the Indian exchange (with 5 issuer signatories + 1 custodian). They created a malicious contract upgrade, bypassed controls, and drained funds — reportedly linked to the state-sponsored Lazarus Group. This hack demonstrated that even “well-structured” custody setups can be compromised by contract logic attacks.
Address posoing was applied. A scammer generated an address with the same first four characters as the victim’s real deposit address and sent a tiny amount of 0.000001 SOL to it, making the fake address appear in the victim’s transaction history. As a result, victim transferred 7M $PYTH ($3.08M) to scammer.
A careless investor nearly lost $129 million in USDT tokens after copying a spoofed deposit address from their transaction history. The scammer had previously created an address that mimicked the victim’s legitimate deposit address (same last six characters) and sent a tiny 1.01 USDT transaction, causing the fake address to appear in the wallet’s history. When the victim later copied the “familiar” address for a large transfer, the funds went directly to the scammer. Fortunately, the scammer returned the everything within an hour!
Allegedly tied to the state-sponsored Lazarus Group, attackers exploited a cold-wallet transfer mechanism. A routine Ethereum move was manipulated, giving thieves access to large sums from Bybit’s offline storage.
These incidents have shaped the cryptocurrency industry and led to improved security practices
Each major incident has led to improved security standards, better practices, and enhanced protection measures.
These events have educated the crypto community about risks and the importance of security best practices.
Major incidents have prompted regulatory frameworks and compliance requirements to protect users.
You’ve seen how devastating crypto thefts can be — even major platforms and experienced users can fall victim to theft and deception in the crypto world. Now it’s time to learn real defense skills.