Author: Anfei Source: blockcast

Cryptocurrency prices began to plummet significantly on Friday evening and the decline continued until the time of writing on Saturday noon. This decline is believed to be mainly due to the hacking of the Bybit exchange, which suffered a $1.46 billion hacking attack on the evening of February 21, 2025, becoming one of the largest security breaches in the industry in the first quarter of 2025, with the attack locking one of the exchange's Ethereum multi-signature cold wallets.

Bybit Hacking Amount Becomes the Highest in History

This incident has also been labeled as one of the largest hacking attacks on a cryptocurrency exchange in history, accounting for more than 50% of the total value loss in the cryptocurrency market in 2024, with the loss from cryptocurrency market hacking reaching $2.2 billion in 2024, up from $1.8 billion in 2023. This incident also led to the liquidation of about $100 million in the market, further causing a sharp decline in the value of major cryptocurrencies.

Bit and ETH showed a significant decline after the news was released, with ETH falling nearly 4% in less than 4 hours after the hacking attack was confirmed. Bybit CEO Ben Zhou stated that the exchange detected unauthorized activity in its Ethereum cold wallet, and the cold wallet was attacked during the transfer to the hot wallet. The hackers manipulated the transactions to make them appear legitimate, but they contained malicious code that changed the logic of the wallet's smart contract, allowing them to steal the funds.

A blockchain analysis report showed that over $100 million in funds flowed out of Bybit, with a significant portion of the assets being transferred and sold, triggering an alarm in the crypto community. The stolen funds were mainly Ethereum and staked Ethereum (stETH and mETH), and were distributed to multiple addresses to avoid tracking. The hackers have started exchanging the stolen funds for other Ethereum tokens on decentralized exchanges. This security breach highlights people's concerns about the integration of cryptocurrencies with traditional financial institutions and the need for stronger regulation. It also underscores the vulnerability of even so-called secure cold wallets (not connected to the internet).

Historically High-Value Hacking Incidents

The following article will provide a detailed analysis of the largest cryptocurrency losses due to hacking attacks or security breaches, ranked by the amount of loss at the time of the attack. The analysis will cover the details of each incident, the attack methods, the responsible parties (if known), the recovery efforts, and the broader impact on the cryptocurrency industry. The information is sourced from global news platforms, blockchain analysis reports, and official statements from the affected entities.

Detailed Incident Analysis:

1. Bybit Hacking Attack (February 21, 2025, $1.46 billion)

The Bybit hacking attack occurred on February 21, 2025, setting a new record for the highest loss, with hackers stealing over $1.46 billion from the exchange's Ethereum cold wallet. The attack involved sophisticated phishing techniques, manipulating the signing interface to display a legitimate UI, while simultaneously altering the underlying smart contract logic to transfer the funds to unknown addresses. Bybit CEO Ben Zhou confirmed in an X post that only one Ethereum cold wallet was affected, with other wallets remaining secure and withdrawals proceeding normally. He claimed that even if the loss cannot be recovered, the exchange still has the ability to pay, with customer assets backed 1:1, highlighting the vulnerabilities in cold wallet management and the Safe (formerly Gnosis Safe) multi-signature wallet.

2. Ronin Network Hacking Attack (March 2022, $625 million)

The Ronin Network hacking attack occurred in March 2022, involving the attack on the Axie Infinity game's sidechain validation nodes. The hackers controlled four validation nodes, authorizing two unauthorized withdrawals, stealing 173,600 Ethereum (approximately $595 million) and 25.5 million USDC ($25.5 million), for a total loss of $625 million. The incident was attributed to the North Korean Lazarus group, and Sky Mavis promised to compensate affected users and strengthen security measures.

3. Poly Network Hacking Attack (August 2021, $611 million)

The Poly Network hacking attack occurred on August 10, 2021, with the hackers exploiting a vulnerability in the cross-chain bridge smart contract to steal approximately $611 million worth of various assets, including cryptocurrencies, stablecoins, and other tokens, across Ethereum, Binance Smart Chain, and Polygon. Tether froze $33 million in USDT to mitigate the loss, and the hacker later negotiated with the platform to return most of the funds, with their identity remaining unknown.

4. Binance BNB Bridge Hacking Attack (October 6, 2022, $569 million)

The Binance BNB Bridge hacking attack occurred on October 6, 2022, with the hackers exploiting a vulnerability in the BNB Smart Chain cross-chain bridge to steal 2 million BNB tokens, totaling approximately $569 million. The attack involved forging proofs to withdraw the funds, and Binance quickly suspended the bridge service and froze a portion of the stolen funds, ultimately limiting the loss to around $100 million, with the rest of the funds recovered. Binance offered a bounty to track down the hackers.

5. Coincheck Hacking Attack (January 2018, $534 million)

The Coincheck hacking attack occurred on January 26, 2018, with hackers exploiting a vulnerability in the hot wallet to steal 523 million NEM coins, valued at approximately $534 million at the time, when the NEM price was around $1.02. The funds were not recovered, and Coincheck used its own resources to compensate customers before being acquired by Monex Group in 2018.

6. Mt. Gox Hacking Attack (2014, $473 million)

The Mt. Gox hacking attack occurred in 2014, with hackers stealing nearly 750,000 customer Bits and 100,000 exchange-owned Bits, totaling 750,000 Bits, worth approximately $473 million at the time, which accounted for 7% of the total circulating supply, leading to the exchange's bankruptcy in 2014.

7. FTX Hacking Attack (November 2022, $473 million)

The FTX hacking attack occurred after the exchange's bankruptcy filing on November 11, 2022, with unauthorized transactions leading to the draining of the wallets, resulting in a loss of approximately $473 million, primarily in stablecoins, which were quickly converted to Ethereum.

8. Wormhole Hacking Attack (February 2022, $320 million)

The Wormhole hacking attack occurred on February 2, 2022, with the hackers exploiting a vulnerability in the token bridge between Ethereum and Solana to steal 120,000 wETH tokens, valued at $320 million. All the funds were later recovered, and Wormhole offered a $10 million bounty.

9. DMM Bitcoin Hacking Attack (May 31, 2024, $308 million)

The DMM Bitcoin hacking attack occurred on May 31, 2024, with the hackers stealing 4,502.9 BTC, worth approximately $308 million. According to a joint statement by the FBI and the National Police Agency of Japan (December 23, 2024), the North Korean group TraderTraitor (a Lazarus group offshoot) carried out the attack through a social engineering attack, posing as a LinkedIn recruiter to trick a Ginco Inc. employee responsible for managing the DMM exchange, gaining control of the transaction requests and transferring the funds to the hacker's wallets. DMM promised to compensate customers but closed down in December 2024 due to financial pressures.

10. KuCoin Hacking Attack (September 2020, $285 million)

The KuCoin hacking attack occurred on September 25, 2020, with hackers stealing $285 million worth of various cryptocurrency assets. The attack involved a hot wallet vulnerability, and KuCoin collaborated with law enforcement and blockchain companies to recover around $240 million, with the remaining $45 million loss covered by insurance and the exchange's own funds to compensate users.