Crypto Security Timeline
A history of expensive lessons in cryptocurrency security.
Total losses: $16,942,648,000+
Nobitex Hack
Iranian exchange Nobitex breached in attack linked to regional cyber operations, marking geopolitical crypto warfare.
Bybit Hack
Largest crypto hack in history. North Korean TraderTraitor group compromised Safe{Wallet} developer machine to drain Bybit cold wallet.
WazirX Hack
India's largest exchange WazirX lost $235M when hackers exploited multisig interface discrepancies on Liminal custody.
DMM Bitcoin Hack
Japanese exchange DMM Bitcoin lost $305M in one of 2024's largest hacks. North Korean attribution.
Orbit Bridge Hack
Attackers compromised validator keys to steal funds from Orbit Bridge during New Year period.
PlayDapp Exploit
Private key breach allowed attacker to mint 1.79B PLA tokens across two attacks on the gaming platform.
Poloniex Exchange Hack
Justin Sun's Poloniex exchange lost $130M from hot wallets. Private key compromise suspected.
HTX/Heco Bridge Hack
HTX exchange and Heco Chain bridge both suffered hacks within days, losing combined $113M.
Kyber Network Exploit
KyberSwap Elastic pools were exploited through a complex vulnerability in concentrated liquidity calculations.
Mixin Network Hack
Cloud service provider breach led to database compromise at Mixin Network. $200M in assets stolen.
Stake.com Hack
Crypto casino Stake.com lost $41M after hot wallet private keys were compromised. Lazarus Group attributed.
Milk Sad Vulnerability
Trust Wallet's WebAssembly had weak randomness, generating predictable mnemonics with 'milk sad' pattern.
Multichain Bridge Hack
Multichain CEO went missing along with private keys, leading to massive fund drainage. Single point of failure exploited.
Atomic Wallet Hack
Decentralized wallet Atomic Wallet was compromised, with North Korean Lazarus Group suspected. Users lost $100M+.
Euler Finance Hack
Flash loan attack exploited vulnerability in donation and liquidation logic. Attacker later returned most funds.
FTX Collapse
FTX filed bankruptcy amid revelations of misappropriated customer funds. $8B+ customer funds lost in fraud and subsequent hack.
BNB Bridge Hack
Attacker exploited bug in BNB Chain bridge to mint 2M BNB tokens. Chain was halted to prevent further damage.
Profanity Vanity Address Exploit
Profanity tool used only 32 bits of seed entropy. Attackers brute-forced all vanity addresses in hours.
Wintermute Hack
Market maker Wintermute lost $160M due to compromised DeFi operations wallet generated with Profanity tool.
Nomad Bridge Hack
Faulty smart contract upgrade allowed anyone to drain funds. Hundreds of copycats joined the 'decentralized robbery'.
Beanstalk Governance Attack
Attacker used flash loan to acquire governance tokens, passed malicious proposal, and drained protocol in single transaction.
Fei/Rari Capital Hack
Reentrancy attack on Rari Capital's Fuse pools. Borrow function lacked check-effects-interactions pattern.
Ronin Bridge Hack
North Korean Lazarus Group compromised 5 of 9 validator keys to steal 173,600 ETH and 25.5M USDC from Axie Infinity's bridge.
Wormhole Bridge Hack
Attacker exploited signature verification bug to mint 120,000 wETH on Solana without backing collateral.
BadgerDAO Exploit
Attacker compromised Cloudflare API key to inject malicious scripts, tricking users into approving token transfers.
Vulcan Forged Hack
Private keys of 96 wallets were compromised, draining 4.5M PYR tokens from the gaming platform.
Cream Finance Hack
Flash loan attack exploited vulnerability in yUSD pricePerShare calculation, inflating prices to double true value.
Poly Network Hack
Cross-chain protocol exploit allowed attacker to steal $610M. The 'Mr. White Hat' hacker later returned all funds.
PancakeBunny Exploit
Eight flash loan attacks manipulated PancakeBunny's pricing algorithm, inflating BUNNY token value before dumping.
xToken Exploit
Attacker used dYdX flash loan of 61K ETH to manipulate xToken protocol, exploiting SNX token pricing.
Akropolis Reentrancy
Reentrancy attack allowed attacker to mint unbacked dsUSD tokens, stealing 2.04M DAI across 17 transactions.
Harvest Finance Exploit
Flash loan attack manipulated stablecoin prices in Curve pools to drain Harvest Finance vaults.
KuCoin Hack
Hackers stole private keys to KuCoin's hot wallets, draining multiple cryptocurrencies. Most funds were later recovered.
bZx Flash Loan Attacks
DeFi protocol bZx was hit by two flash loan attacks exploiting price oracle manipulation and margin trading vulnerabilities.
Upbit Hack
Korean exchange Upbit lost 342,000 ETH during a transfer between hot and cold wallets.
Binance Hack
Hackers used phishing and malware to steal 7,000 BTC from Binance's hot wallet.
Bithumb Third Hack
Bithumb was hacked for the third time, losing nearly $20M in EOS and XRP. Suspected insider involvement.
Cryptopia Hack
New Zealand exchange Cryptopia suffered a security breach, losing funds from multiple wallets. The exchange eventually went into liquidation.
Zaif Hack
Japanese exchange Zaif had $60M in BTC, BCH, and MonaCoin stolen from hot wallets during server maintenance.
Bithumb Second Hack
Bithumb suffered its second major hack, losing $31M worth of XRP tokens from hot wallets.
BitGrail Hack
Italian exchange BitGrail lost 17 million Nano tokens. The exchange claimed it was hacked but evidence suggested insider involvement.
Coincheck Hack
Japanese exchange Coincheck lost 523M NEM tokens stored in a hot wallet. One of the largest crypto thefts in history.
NiceHash Hack
Cryptocurrency mining marketplace NiceHash was breached, losing approximately 4,700 BTC from its payment system.
Parity Wallet Freeze
A user accidentally killed Parity's library contract, permanently freezing 513,774 ETH.
Bithumb First Hack
Korean exchange Bithumb suffered its first hack, losing $7M in Bitcoin and Ethereum from compromised hot wallets.
Parity Multisig Hack
A vulnerability in Parity's multisig wallet allowed attackers to take ownership and drain funds.
Bitfinex Hack
120,000 BTC stolen from Bitfinex through compromised BitGo multisig implementation. Ilya Lichtenstein later admitted to the theft.
The DAO Hack
A reentrancy vulnerability in The DAO smart contract allowed an attacker to drain 3.6M ETH, leading to Ethereum's hard fork.
Bitstamp Hack
Social engineering attack on Bitstamp employee led to malware infection. Attackers obtained hot wallet backup passphrase and stole 19,000 BTC.
Blockchain.info RNG Bug
A flaw in blockchain.info's random number generation resulted in predictable private keys being generated.
Mt. Gox Collapse
Mt. Gox filed for bankruptcy after losing 850,000 BTC. Transaction malleability and poor security were blamed.
Android SecureRandom Bug
Android's Java SecureRandom had insufficient entropy, causing duplicate R values in ECDSA signatures, exposing private keys.
Linode Hack
Hackers broke into Linode's servers and stole Bitcoin from several hosted wallets including Bitcoinica.
Mt. Gox First Hack
Hackers compromised Mt. Gox auditor's computer and changed the price of Bitcoin to $0.01, buying millions of BTC.
Key Lessons Learned
Not Your Keys, Not Your Coins
Mt. Gox, FTX, and countless exchange hacks prove: self-custody is the only guarantee.
Randomness is Everything
Android RNG bug, Profanity exploit, Milk Sad - weak entropy has cost hundreds of millions.
Bridges Are Risky
Ronin, Wormhole, Multichain - cross-chain bridges are prime targets with billions lost.
Audit Everything
The DAO, Parity - even audited contracts fail. Multiple audits and formal verification help.
Cold Storage Saves
Hot wallet hacks are common. Keep minimal funds online, majority in cold storage.
Key Management is Critical
Multichain CEO disappearing with keys shows single points of failure are unacceptable.