In crypto, code is law — until it isn’t.
Over the past decade, the crypto space has seen meteoric growth, jaw-dropping innovation, and unfortunately, some of the biggest financial heists in modern history. From compromised validator keys to rogue insiders and smart contract bugs, hackers have exploited every weakness imaginable — sometimes draining hundreds of millions of dollars in minutes.
In this blog, we dive into the top 6 biggest hacks that rocked crypto projects with their own native tokens or coins. These aren’t just cautionary tales — they’re pivotal moments that reshaped how the industry thinks about security, decentralization, and trust.
Let’s break down what happened, how it happened, and what the aftermath tells us about where crypto security needs to go next.
1. Bybit – $1.5 Billion
In early 2025, the crypto community was shaken when Bybit, one of the world’s top exchanges, was hit by a record-breaking hack. The story began quietly—no immediate alarms, no obvious breach. But behind the scenes, a sophisticated cyberattack was underway.
How it Happened?
Hackers gained access through Safe{Wallet}, a multi-signature wallet provider used by Bybit. The Lazarus Group, a North Korean state-sponsored hacking collective, compromised a developer’s machine tied to the Safe{Wallet} codebase.
They injected malicious JavaScript into the wallet’s user interface hosted on AWS. When Bybit staff interacted with the platform, the code altered transaction details, granting the attackers unauthorized access to the cold wallet—where large amounts of Ethereum (ETH) were stored.
By the time Bybit discovered the breach, $1.5 billion in ETH had already been stolen, making it one of the largest crypto hacks in history. The loss sent shockwaves through the Web3 community and raised major concerns about security across exchanges.
The Aftermath: Response and Rebuilding
Bybit CEO Ben Zhou moved quickly, assuring users that the company would cover all losses using internal reserves and a bridge loan. The team worked with law enforcement and blockchain analytics firms to trace the stolen funds. However, most of the ETH was laundered through mixers and cross-chain swaps, complicating recovery.
The attack sparked urgent conversations around wallet security, third-party risks, and the rising sophistication of crypto exploits. For both Bybit and the broader Web3 industry, it was a clear reminder: no exchange is too big to fail, and proactive security is non-negotiable.
2. Ronin Network (Axie Infinity) — $625 million
In March 2022, the Ronin Network—an Ethereum sidechain built for the popular play-to-earn game Axie Infinity—was hit by one of the largest crypto hacks in history. Attackers drained $625 million in ETH and USDC from the network’s bridge, exploiting a critical security flaw.
Shockingly, the breach went undetected for nearly a week. It was only discovered when a user tried to withdraw 5,000 ETH and the transaction failed. At the time, this was the largest DeFi exploit ever recorded, sending shockwaves through both the Web3 gaming and DeFi ecosystems.
How it happened?
The core issue behind the Ronin Network hack was centralized validator control. The network relied on just 9 validator nodes, with only 5 needed to approve transactions. The attackers exploited this by gaining access to five private keys—four run by Sky Mavis (the team behind Axie Infinity) and one from a trusted partner, the Axie DAO.
The breach traced back to a temporary access rule set months earlier. In late 2021, Axie DAO had allowed Sky Mavis to sign transactions on its behalf to reduce network congestion. Although that permission was meant to be temporary, the whitelist access was never revoked, creating a major security loophole.
With control over the majority of validators, the attacker simply approved two large fake withdrawals and transferred the funds into their own wallet—without raising a single alarm.
The Aftermath
The hack was discovered on March 29, 2022 — six days after it occurred. By then, the attacker had begun laundering the funds using Tornado Cash, a popular Ethereum mixer. The breach triggered immediate action: Ronin Bridge was paused, and the team began coordinating with law enforcement, blockchain forensics firms, and exchanges to track the funds.
Shortly after, the FBI officially linked the attack to Lazarus Group, a notorious North Korean state-sponsored hacking collective. To address user losses, Sky Mavis raised $150 million in a funding round led by Binance and committed to reimbursing all affected users. The team also pledged to decentralize their validator set, increase security audits, and implement more robust monitoring tools going forward.
As the space matures, there’s a growing push toward models that reward participation and transparency — not just in gaming, but across the broader NFT and DeFi ecosystems. Projects like Spaace.io are embracing this shift, offering a 100% revenue-sharing NFT marketplace where users can claim a stake in the platform’s success. It’s a refreshing contrast to the old guard, where profits were siloed, and users were often left with nothing when things went wrong.
3. Poly Network — $611 million
In August 2021, Poly Network, a protocol enabling cross-chain asset transfers, was hit by one of the most astonishing exploits in crypto history. A single hacker managed to drain over $611 million from the platform by exploiting a flaw in its smart contract code. The breach spanned three major chains: Ethereum, Binance Smart Chain (BSC), and Polygon — making it one of the most complex and technically daring attacks the industry had ever seen.
How It Happened?
The attacker discovered a vulnerability in the cross-chain messaging protocol that allowed them to forge transactions and redirect funds to their own addresses. Essentially, they were able to trick the smart contract into thinking they were the legitimate owner of the funds. This wasn’t just a matter of sloppy coding — it was a fundamental design flaw in the way Poly Network verified cross-chain instructions.
By exploiting this logic bug, the hacker redirected hundreds of millions of dollars’ worth of cryptocurrencies to their own wallets. Despite the scale of the attack, no keys were stolen, no wallets were compromised — just one clever line of code, one massive payout.
The Aftermath
Then came the twist no one expected: the hacker started returning the funds.
Claiming they had no intention of keeping the money, the attacker described the hack as a “white-hat” move to expose the vulnerability. Over the course of several days, the hacker — who began calling themselves “Mr. White Hat” — returned most of the assets, sometimes even engaging with Poly Network’s team directly on-chain via embedded messages in transactions.
Poly Network responded by offering the hacker a $500,000 bounty and even a role as a security advisor — a move that sparked debate across the community. While the exploit highlighted serious security lapses, it also showed the power of transparency and public engagement in crypto’s open-source world.
Before DeFi became the wild west of exploits, the centralized world had its own disasters — and Coincheck’s 2018 hack remains one of the largest in crypto history. At the time, it was the biggest crypto theft ever, with attackers making off with a staggering $534 million worth of NEM tokens (XEM).
The breach rocked Japan’s crypto community and became a case study in how centralized exchanges, even with licenses and regulatory oversight, could fail users in catastrophic ways.
4. Coincheck – $534 Million
Before DeFi became the wild west of exploits, the centralized world had its own disasters — and Coincheck’s 2018 hack remains one of the largest in crypto history. At the time, it was the biggest crypto theft ever, with attackers making off with a staggering $534 million worth of NEM tokens (XEM). The breach rocked Japan’s crypto community and became a case study in how centralized exchanges, even with licenses and regulatory oversight, could fail users in catastrophic ways.
How It Happened
The root issue? Poor asset custody practices.
Coincheck was storing the vast majority of its NEM tokens in a hot wallet — meaning the private keys were connected to the internet. This is a big no-no in crypto security, where large holdings are typically kept in cold wallets, isolated from online threats. Once hackers gained access to the private key, it was game over. They quietly siphoned off 523 million XEM and sent it across hundreds of wallets in small batches.
There were no smart contracts involved, no code exploits — just a centralized company with bad operational hygiene and a massive honey pot left exposed.
The Aftermath
The hack was a wake-up call not just for Coincheck, but for Japan’s entire crypto regulatory landscape. The Financial Services Agency (FSA) launched an investigation, and Coincheck was hit with a business improvement order. Unlike many other high-profile hacks, Coincheck did eventually reimburse affected users using its own funds — but the damage to its reputation was severe.
The incident underscored a hard truth: even in regulated environments, users have limited control and visibility into how their assets are handled. As crypto matured, so did the appetite for platforms that offer on-chain transparency, self-custody, and models where users aren’t just passive participants, but true stakeholders.
5. Mt. Gox – $470 million
Before Ethereum, before NFTs, before DeFi summer — there was Mt. Gox, the first giant of crypto exchanges. At its peak, the Tokyo-based platform handled over 70% of all Bitcoin transactions worldwide. But in early 2014, it filed for bankruptcy after admitting it had lost over 850,000 BTC, valued at around $470 million at the time (and tens of billions today).
This wasn’t just a hack — it was the first existential crisis for Bitcoin itself.
How It Happened?
Unlike the surgical strikes we see in modern DeFi, the Mt. Gox debacle was a slow bleed. Hackers had been quietly draining BTC for years, exploiting lax internal controls and a gaping hole in the platform’s wallet management system. At one point, it’s believed the private keys to Mt. Gox’s hot wallet were stolen outright, and BTC just kept leaking.
There were also signs of internal mismanagement. Critical bugs went unnoticed, and withdrawals were often delayed without explanation. It wasn’t until the situation became completely unsustainable that the truth came out: the BTC was gone, the exchange was insolvent, and trust in centralized platforms was shattered.
The Aftermath
The fallout was massive. Mt. Gox filed for bankruptcy protection, and users entered a decade-long legal saga to recover their lost funds. Even in 2025, reimbursements are still ongoing — a painful reminder of how early crypto infrastructure often prioritized growth over governance.
6. FTX $400+ Million
When FTX collapsed in November 2022, it didn’t just lose customer funds — it lost the crypto world’s confidence in even the most respected names. Once hailed as a gold standard of professionalism in crypto, the exchange imploded almost overnight, wiping out billions in user assets and revealing a tangled web of fraud, misuse of funds, and utter lack of internal controls.
Although $400 million was hacked from FTX wallets during the chaos, the real loss was far greater — over $8 billion in customer funds were misappropriated by the time the dust settled.
How It Happened
FTX’s downfall wasn’t due to external attackers — it was an inside job. Sam Bankman-Fried (SBF), the founder of FTX, allegedly used customer deposits to fund risky bets at his hedge fund, Alameda Research, while projecting an image of safety and compliance. When cracks began to show, Binance’s CEO tweeted doubts about FTX’s solvency — and within days, it triggered the crypto equivalent of a bank run.
To make matters worse, right after filing for bankruptcy, over $400 million mysteriously vanished from FTX wallets in what appeared to be a hack — possibly by insiders. The new CEO described it as “unauthorized access,” but the full story is still unclear.
The Aftermath
The FTX collapse sent shockwaves through the crypto industry, with over $8 billion in customer funds misused for risky investments and personal luxuries. Bankruptcy filings revealed chaotic internal controls, where FTX and Alameda Research’s funds were commingled, and critical transactions went untracked. The fallout led to a full-scale investigation by regulators like the SEC and CFTC, with founder Sam Bankman-Fried facing charges of wire fraud, conspiracy, and money laundering. The failure of such a major exchange exposed the dangers of centralized platforms with weak governance and no transparent oversight.
The collapse marked a turning point for the crypto industry, with users rushing to self-custody solutions and decentralized finance to avoid future exposure. It also highlighted the need for proof-of-reserves, auditable smart contracts, and systems that prioritize user security. As the industry evolves, there’s a growing push for models that are more transparent and aligned with user interests, aiming to rebuild trust and ensure that such a catastrophic failure never happens again.
Conclusion
The massive hacks and collapses of major crypto platforms—Bybit, Ronin Network, Poly Network, Coincheck, Mt. Gox, and FTX—are stark reminders of the vulnerabilities still plaguing the crypto ecosystem. From coding flaws and poor management to outright fraud, these events exposed the risks users face when relying on centralized platforms without full transparency or control.
As the industry matures, it’s clear that the future of crypto lies in trustless, decentralized systems that prioritize user control and security. With the rise of more transparent platforms, we can only hope that these lessons lead to a safer, more resilient crypto landscape for all.
