The hidden enemy of the crypto world, hacking security incidents are stealing the industry's confidence.
Author: 1912212.eth, Foresight News
The crypto industry has long been known for its wealth stories, but the crisis hidden beneath them has begun to surface. Recently, the Bybit cold wallet was hacked for $1.46 billion, the largest single hacking incident in crypto history. Although it did not have a serious negative impact afterwards, it sounded the alarm for the industry's security. Imagine, the wealth you have worked so hard to earn is easily stolen by a technologically sophisticated hacker with just a few keystrokes...
Security is paramount, and the importance of safeguarding one's wealth is self-evident. Hacker attacks are not just a technical issue, but one of the biggest risks that can undermine the very foundation of the crypto industry.
As of February 2025, the known losses in the crypto sector in the first quarter have already exceeded $1.5 billion, with 20 hacking incidents, the high frequency and huge losses of which are staggering. In contrast, Immunefi's data shows that in the period from the beginning of 2024 to August of that year, the entire industry experienced 154 hacking and theft incidents, resulting in a total loss of $1.21 billion, while in the first 2 months of 2025, the loss amount has already nearly surpassed the same period record.
Shocking past hacking incidents
In the history of crypto, some protocols or exchanges have faced huge challenges and even disintegration due to hacking incidents.
In August 2021, the Poly Network cross-chain protocol was hacked, with a loss of $611 million (multi-chain assets). The hacker used a vulnerability in the smart contract to steal assets from the Ethereum, BNB Chain and Polygon wallets of Poly Network. Interestingly, the hacker claimed to have done it "just for fun" and eventually returned most of the funds (about $300 million unrecovered). The incident revealed the complexity and potential risks of DeFi protocols.
In February 2022, the Wormhole cross-chain bridge was hacked, with a loss of 120,000 wETH. The hacker exploited a vulnerability in the Solana VAA verification to forge messages and mint wrapped ETH out of thin air. The funds were not recovered, shaking the trust in cross-chain protocols.
In March 2022, the Ronin Network cross-chain bridge was hacked, with a loss of 173,600 ETH and 25.5 million USDC, worth $620 million. The hacker gained control of 5 out of 9 Ronin network validators through a 51% attack and stole the cross-chain bridge funds of the Axie Infinity game. The FBI confirmed that the Lazarus group was behind it. The incident exposed the vulnerability of cross-chain bridges, and Sky Mavis spent years raising funds to compensate users, highlighting the high cost of remediation.
In October 2022, the Binance cross-chain bridge was hacked, with a loss of 2 million BNB. The hacker exploited a vulnerability in the BSC Token Hub smart contract to forge withdrawal proofs and generate BNB out of thin air. Binance quickly froze most of the assets, but still suffered heavy losses. This case prompted the industry to re-examine the security design of cross-chain bridges.
The above are just the most severe and largest hacking security incidents in the past few years, and there are countless others with losses in the hundreds of millions or billions.
In the past few months, the crypto industry has experienced several rather serious hacking security incidents.
In February 2025, the stablecoin digital bank Infini lost $49.5 million, as the Infini attack was due to the hacker secretly retaining administrative privileges.
In February 2025, Bybit was hacked for over 510,000 native ETH and various derivative ETH, with a loss of over $1.4 billion. The hacker breached the multi-signature members' devices through UI spoofing, social engineering and delegatecall vulnerabilities, and manipulated the cold wallet smart contract to transfer the huge funds. Suspected to be the work of the North Korean Lazarus group.
In November 2024, the Thala Labs DeFi platform was hacked for $25.5 million, which was later fully recovered through the collaboration of white hat hackers and the community. The incident highlighted the potential of DeFi protocols in emergency response, but also exposed the fragility of private key management.
In November 2024, the on-chain trading platform Dexx was hacked, with a loss of 21 million USDT (over $150 million). The attack involved more than 1,000 users and 8,000 addresses, suspected to be due to the platform's private keys being stored and transmitted in plain text, and the possibility of internal collusion was not ruled out. The founder promised compensation, but the attacker's assets have not been fully transferred.
Why are hackers so rampant?
The rampant hacking in the crypto industry is mainly due to the interweaving of multiple factors such as technology, human nature, economics and regulation. From a technical perspective, the irreversibility of blockchain transactions makes it difficult to recover funds once stolen, and the complexity of smart contracts also harbors vulnerability risks, such as the delegatecall issue in the Bybit incident, which gave hackers an opportunity to exploit. In addition, human weaknesses are also an important reason, as social engineering attacks have repeatedly succeeded, such as phishing of multi-signature members or lack of security awareness of employees, rendering the protection system ineffective.
At the economic level, the high liquidity and anonymity of crypto assets provide hackers with money laundering convenience, and the huge returns also attract the participation of professional groups like the Lazarus group. The low-risk, high-return nature of the attacks has led to a serious imbalance between attack costs and returns. Finally, the lack of regulation has further exacerbated the problem. The decentralized nature of the industry has endowed it with freedom, but also lacks unified security standards and law enforcement mechanisms, making it difficult to effectively curb hacker activities. These factors have combined to make the crypto industry a paradise for hackers, challenging not only technical security, but also threatening user trust and ecosystem development, which the entire industry urgently needs to address.
How do hackers threaten the industry's foundation?
Hackers' threats to the crypto industry have penetrated to the very foundation of the industry, shaking its trust, market stability and development prospects. First, they directly erode user trust, as large-scale theft not only causes retail investors to panic and withdraw, but also makes institutional investors doubt the security of crypto, and this trust crisis may trigger a "bank run" effect, leading to platform liquidity depletion and even collapse. Secondly, hacker attacks trigger violent market fluctuations, such as the short-term plunge in BNB price after the $570 million hack of the Binance cross-chain bridge, with panic selling rippling through the entire ecosystem, amplifying losses and further undermining market confidence.
In addition, industry development is also hindered, as the huge theft cases make potential investors hesitant, slowing the influx of institutional capital, while developers may reduce innovation attempts due to security pressures, such as facing stricter scrutiny for cross-chain bridge and smart contract projects after the Ronin and Wormhole incidents.
At a deeper level, hackers have exposed the industry's technical and governance shortcomings. The irreversibility of blockchains and decentralization, while advantages, become double-edged swords in the face of security. If these root problems are not solved, the long-term reputation and mainstream adoption of the crypto industry will be limited. Hackers are not only plunderers of funds, but also destroyers of the industry ecosystem, and their threats have gone beyond individual incidents to become systemic risks.
How to fight back?
Facing the severe threat of hackers, the crypto industry can fight back on multiple fronts, including technology upgrades, education reinforcement, collaborative mechanisms and insurance systems. First, the technical layer is the core defense line, and the industry needs to strengthen smart contract code audits, promote formal verification tools to ensure vulnerabilities are fixed before launch, and also improve multi-signature mechanisms and cold wallet designs to reduce single points of failure. Secondly, enhancing education is crucial, as users and practitioners need to undergo systematic security training to identify social engineering scams and reduce the success rate of phishing attacks, while platforms should also popularize best practices for private key management.
In addition, the industry should establish cross-platform collaboration and information sharing mechanisms to quickly respond to emerging threats, and explore the construction of decentralized security insurance systems to provide users with protection against losses. Only by taking a comprehensive approach can the crypto industry effectively resist the rampant hacking activities and restore user confidence in the long run.
In addition, industry collaboration can significantly improve the efficiency of counterattacks, establishing a real-time threat intelligence sharing network, allowing exchanges, DeFi projects, and security companies to jointly track the flow of hacker funds, as the case of Thala Labs recovering $25.5 million has proven the potential of community collaboration; the appropriate introduction of regulation can also drive platforms to implement security responsibilities and form deterrence.
Finally, promoting the cryptocurrency asset insurance mechanism can provide a buffer for users and mitigate the impact of losses, like the practice of KuCoin event where insurance compensated part of the funds, which is worth learning from. If these measures can be synergistically promoted, not only can they curb the rampant trend of hackers, but they can also turn crises into opportunities, promoting the maturity of industry technology and rebuilding trust, allowing the cryptocurrency ecosystem to steadily move forward amid challenges.
