Author: Huohuo, Bai Hua Blockchain
Last Saturday, the world's second-largest CEX Bybit was attacked by hackers, resulting in the theft of $1.46 billion worth of ETH, setting a new record for the largest single-token theft in history. And on February 24, the crypto financial card service provider Infini was also attacked by hackers, with about $49.5 million stolen from its Ethereum address. This series of security incidents has further exacerbated the already depressed crypto market, not only exposing the lack of rigor in asset security management by crypto platforms, but also further weakening market liquidity, making security issues a focus of industry attention again.
It can be said that crypto security incidents have occurred frequently in recent years, involving various targets such as CEXs, DeFi platforms, and cross-chain bridges. According to a report by blockchain analysis company Chainalysis, hackers stole about $2.2 billion worth of crypto assets in 2024, and the cumulative amount stolen has exceeded $5 billion (equivalent to over RMB 36 billion).
Today, let's review the top 10 crypto security incidents (including the Bybit theft incident in February 2025). The loss of RMB 36 billion in these top 10 security incidents is a "blood and tears lesson" for the victims, and what important tips can we as individuals get from them to protect our crypto assets?
Top 10 Crypto Security Incidents
The image below shows the top 10 crypto security incidents ranked by the amount of loss. These incidents cover a variety of complex attack methods, from smart contract vulnerabilities to private key leaks and database attacks.
Through analysis, we can see that these theft incidents not only expose specific security vulnerabilities, but also reflect the weak links in the crypto industry's technical protection and risk management.
Next, we will categorize and analyze these incidents based on the causes and lessons learned, in order to better understand the underlying security risks and provide references for future prevention.
1) Wallet Private Key or Security Issues
Ronin Network Theft Incident (March 2022): $625 million
Ronin Network is an expansion solution designed for blockchain games and Non-Fungible Tokens, created by the Axie Infinity development team Sky Mavis.
In March 2022, the Ronin Network was attacked by the North Korea-backed hacker group Lazarus Group, resulting in the loss of about $625 million in ETH and USDC. The hackers successfully controlled 5 of the network's validator nodes, allowing them to create and sign malicious transactions to transfer the funds to addresses under their control.
Coincheck Theft Incident (January 2018): $534 million
Coincheck is one of the more well-known CEXs in the Japanese crypto market, founded in 2012 and dedicated to providing secure and convenient trading services.
In January 2018, Coincheck was hacked due to hot wallet security issues, resulting in the loss of about $534 million worth of NEM tokens.
DMM Bitcoin Theft Incident (May 2024): $305 million
DMM Bitcoin is also a crypto CEX headquartered in Japan, founded in 2018.
In May 2024, DMM Bitcoin was attacked by hackers, resulting in the theft of about 4,500 bitcoins (worth about $305 million at the time). Although the specific attack method is still under investigation, leaked private keys may have been a key factor in the hacker's intrusion.
KuCoin Theft Incident (September 2020): $275 million
KuCoin is a well-known CEX based in Singapore, founded in 2017.
In September 2020, KuCoin was attacked by hackers, resulting in the loss of about $275 million worth of various crypto tokens. The hackers were able to steal a large amount of assets by obtaining the private keys of the CEX's hot wallets.
Summarizing these four theft incidents, we can see that they were all due to insufficient security of the validator nodes or hot wallets. Validator nodes and hot wallets, due to their connection to the internet and higher convenience, are easy targets for hacker attacks. Hackers can use various methods, such as malware, phishing attacks, or exploiting platform vulnerabilities to obtain private keys. Once the attack is successful, the hackers can quickly transfer the assets, causing irreparable losses. In comparison, cold wallets and other storage locations not connected to the internet can effectively avoid the risk of online attacks, becoming a relatively more secure choice for crypto asset storage.
Furthermore, for CEXs, ensuring strict management and storage security of private keys is the key to preventing large-scale fund theft; for individual users, proper safekeeping of private keys also determines the security of their assets. Once the private key is lost or leaked, the user will completely lose control of the assets, as no third party can help recover the funds. Therefore, both CEXs and individuals need to establish more comprehensive key protection measures to reduce security risks.
2) Smart Contract Vulnerabilities
Poly Network Theft Incident (August 2021): $600 million
Poly Network is a cross-chain protocol that allows users to seamlessly transfer and exchange assets between multiple blockchain platforms, enabling cross-chain transactions and collaboration.
In August 2021, the Poly Network cross-chain bridge was hacked due to a smart contract vulnerability, resulting in the loss of about $600 million worth of various tokens. The hackers exploited the vulnerability to bypass the permission control and transfer a large amount of tokens to their own addresses. However, surprisingly, the hackers later negotiated with the platform and gradually returned most of the stolen funds.
Wormhole Theft Incident (February 2022): $320 million
Wormhole is a decentralized cross-chain bridge protocol that allows users to transfer assets between multiple blockchain networks without relying on a single chain's ecosystem.
In February 2022, the Wormhole cross-chain bridge was attacked by hackers when connecting the Solana and Ethereum blockchains, resulting in the theft of about $320 million worth of wrapped ETH (wETH). The attackers exploited vulnerabilities in the cross-chain bridge's smart contract to bypass the verification mechanism and mint a large amount of wETH without authorization, which they then withdrew to their own addresses.
The security incidents of Poly Network and Wormhole exposed the fragility of cross-chain protocols in asset transfer and verification processes. Particularly in the management and verification of cross-chain assets, vulnerabilities are easily exploited by hackers, resulting in huge losses. This reminds us that the design of cross-chain protocols must pay more attention to permission control in smart contracts, ensuring the verification of operations, especially in the management and verification of cross-chain assets.
To improve security, cross-chain platforms need to conduct comprehensive security audits and vulnerability checks regularly, and promptly fix potential issues. It is also recommended to introduce multi-signature mechanisms and stricter permission management in contract design, to avoid single points of failure or hackers controlling critical permissions. In addition, the update and maintenance of cross-chain protocols should also have strict processes to ensure that each repair and upgrade is thoroughly tested, in order to improve the security of cross-chain platforms, reduce attack risks, and protect user assets.
3) System Vulnerabilities or Database Leaks
Mt. Gox Theft Incident (February 2014): $473 million
Mt. Gox was once the world's largest Bitcoin CEX, with its trading volume accounting for about 70% of global Bitcoin trading at one point. It was founded in 2010 and headquartered in Japan, playing a key role in the early prosperous development of the crypto industry.
However, in 2014, this CEX went bankrupt due to multiple security vulnerabilities that led to the theft of about 850,000 bitcoins (worth about $473 million at the time), becoming one of the most sensational scandals in crypto history. This attack exposed issues with insufficient monitoring mechanisms and slow response to suspicious activities, while the hackers' specific modus operandi remains unclear to this day.
Mixin Network Theft Incident (September 2023): $200 million
Mixin Network is a decentralized cross-chain protocol aimed at solving the interoperability problem between blockchains.
In September 2023, the Mixin Network peer-to-peer transaction network was attacked by hackers due to a data breach at a cloud service provider, resulting in the theft of about $200 million worth of Bitcoin and Ethereum assets.
These two events exposed the serious risks of system vulnerabilities and database leaks in the crypto industry. The Mt. Gox incident highlighted the lack of adequate security monitoring and response mechanisms in crypto CEXs, while the Mixin Network incident reminded us to be extra cautious when relying on third-party cloud services. To avoid similar issues, platforms should strengthen multi-layered security protection, establish a comprehensive monitoring and emergency response system, and ensure sufficient security guarantees in their cooperation with third-party vendors.
When dealing with such incidents, we should first avoid putting all our "eggs in one basket"; secondly, we need to pay attention to whether the "basket" has sufficient compensation capacity when problems occur. Especially in the crypto field, when choosing a CEX or other platform, we must ensure that they have sufficient reserves and financial health to withstand potential large-scale losses. It is also necessary to evaluate the platform's risk response mechanisms, insurance policies, and historical compensation records.
4) Front-end Tampering Fraud
Bybit Hacking Incident (February 2025): $150 million
Bybit is a crypto CEX founded in 2018, headquartered in Singapore, and primarily provides crypto derivative products.
After being hacked on February 22, 2025, it lost about $150 million in related pledged assets such as Ethereum. This incident involved the manipulation of cold wallet transactions, where the hackers used a deceptive signing interface to display the correct address while changing the underlying smart contract logic to transfer funds to unauthorized addresses. This attack method shows that even cold wallets are not absolutely secure.
Although cold wallets are more secure than hot wallets, the Bybit hacking incident also shows that security awareness is always the most important. In addition to choosing a CEX with a good security record, wallet management, transaction verification, and secure operating procedures are equally crucial, as cold wallets are not omnipotent.
Reportedly, the root cause of the Bybit hacking incident was the Safe multi-signature issue and the attack method. The attackers initiated malicious impersonation transactions against Bybit through the compromised signing wallet Safe developer's machine, indicating that even without obvious smart contract vulnerabilities or source code issues, hackers can still infiltrate due to insufficient security protection of the developer's devices and credentials.
5) Flash Loan Attacks
Euler Finance Hacking Incident (March 2023): $19.7 million
Euler Finance is a decentralized finance platform built on Ethereum and Layer 2 networks like Optimism, dedicated to providing seamless and efficient lending and borrowing services.
In March 2023, the Euler Finance decentralized lending platform was hit by a flash loan attack, resulting in the theft of around $19.7 million in various tokens. The attacker exploited vulnerabilities in the platform's smart contracts, manipulating market prices through flash loans to trigger the platform's liquidation mechanism and illegally seize the funds.
This incident once again reveals the potential vulnerabilities in the smart contract design and market mechanisms of decentralized finance platforms. Flash loan attacks often rely on manipulating market prices and triggering liquidation mechanisms, exposing the platform's weaknesses in price oracles and market stability. To address such attacks, platforms should focus on reviewing the code of their smart contracts, especially the parts related to market manipulation and liquidation mechanisms, and strengthen their security protection.
In addition, security audits and historical reputation are key factors in assessing the reliability of a project. Even if a project promises high returns, do not overlook the potential risks and fall into a trap. Whether entrusting funds to a centralized platform or using a decentralized application, caution is always necessary, and one should never be complacent.
What security advice can be given to individual holders?
Reviewing these security incidents, we can see that the security vulnerabilities of CEXs, the mistakes in private key management, and the evolving hacking techniques are constantly threatening the security of crypto assets.
These events not only reveal the risks lurking in the digital asset world, but also provide us with valuable experience. Learning to identify potential threats and adopt safer storage and trading methods is a topic that every crypto user needs to focus on.
Next, we will summarize a few key security recommendations from these cases, hoping to provide practical references for users in managing their digital assets and helping to reduce risks and avoid becoming the next victim.
1) Choose a reputable platform
Selecting a CEX or platform with a good security track record and transparent disclosure of security measures is the first step in protecting personal assets.
2) Use cold storage to protect assets
Storing important digital assets in a cold wallet is an important means of preventing hacker attacks.
3) Enable two-factor authentication (2FA)
By binding a mobile phone, email, or dedicated authenticator, users can add an extra layer of security when logging in, effectively preventing unauthorized access to their accounts. Regularly checking and monitoring account activity is an effective way to timely detect suspicious transactions and potential threats.
5) Diversify investments to reduce risks
Diversifying assets across multiple platforms or wallets can diversify risks. For example, users can store the majority of their assets in cold wallets, while using a small amount of funds for daily transactions, or diversifying across different trusted CEXs, reducing the overall loss in the event of a single platform encountering problems.
6) Distrust
The most important feature of crypto assets is verifiability. Do not default to trusting any third party to ensure your crypto security, including the software and hardware provided by wallet developers. At the same time, default to treating your internet-connected devices as "not completely secure devices" and always verify the accuracy of every transaction information you submit and sign.
Summary
It can be said that security prevention is not only a response to problems, but also a proactive strategic layout. Crypto asset management is not only about addressing immediate risks, but also ensuring long-term stable development. By cultivating daily security habits, gradually strengthening protection capabilities, and preventing risks at every step, we can effectively minimize risks.
