The Seven Biggest Crypto Hacks — So Far
The year 2021 was the year cryptocurrencies truly hit the mainstream. Many projects including Bitcoin, Ethereum and Dogecoin hit new all-time highs, grabbing headlines around the world. Dogecoin was even featured on the late-night comedy show Saturday Night Live alongside the world’s richest man, Elon Musk.
However, 2021 was also the year that saw some of the largest cryptocurrency hacks this space has ever seen. Due to the anonymous nature of Bitcoin and other cryptocurrencies, it is difficult to determine exactly how much money was lost to exploits but estimates range anywhere from $2 billion to $10.5 billion.
In this article, we look at the biggest crypto hacks to date, including a nine-figure exploit that happened in 2022.
List of the Biggest Crypto Hacks
7. Paid Network — $127 Million
Paid Network (PAID), a decentralized application fell victim to what is known as an “infinite mint” attack where the hacker was able to print unlimited tokens and sell them for profit.
In the aftermath, researchers noted that ownership of the minting contract had been transferred to an external account, implying that one of the team members had either “rug pulled” the project — a colloquial term used for when an insider steals users’ funds, or there had been a security breach leading to private keys being exposed.
Community members began speculating about what had happened and the price of the PAID token dropped significantly following the incident.
The team later announced that they will take a snapshot of the blockchain prior to the incident and restore everyone’s balances back to before the attack took place.
6. Cream Finance — $130 Million
In late October last year, Cream Finance (CREAM), the decentralized multi-chain lending protocol, suffered a flash loan attack to the tune of $130 million.
Put simply, a flash loan attack is when a hacker is able to manipulate a smart contract to give up all of the tokens deposited into a pool, without having to provide collateral.
The highly complicated hack involved numerous different assets and cost thousands of dollars to carry out.
This became apparent later as researchers began reverse-engineering the incident to discover what had happened.
Unfortunately by that time, it was too late to recuperate the losses.
5. Compound Finance — $147 million
Compound Finance (COMP) is another lending and borrowing protocol that enables users to take out loans and earn interest on their existing holdings.
In September last year, the platform was hit by a bug that resulted in millions of dollars being paid out to users in unearned rewards— much like an ATM throwing out wads of banknotes.
Developers quickly spotted the error and submitted a fix, however, this was not before substantial amounts of COMP had been claimed by users.
The CEO, Robert Leshner, later went on to Twitter to ask recipients to return the funds although it remains unknown how many users obliged.
4. Wormhole — $326 Million
Wormhole is a popular cryptocurrency protocol that offers a bridge between the Ethereum and Solana blockchains.
The platform enables users to move their assets across the different blockchains seamlessly and at a low cost.
On February 2, 2022, blockchain analysts noticed that an exploit had taken place in which an attacker was able to take control of over $320 million worth of digital assets by moving them to a different wallet.
The Wormhole team later tried to negotiate with the hacker through on-chain messages by offering a 10% bounty in exchange for the funds and details of the hack.
However, it remains to be seen whether this offer is accepted.
As it stands, trading firm Jump Trading has replenished the lost funds in support of the Wormhole team and the affected users.
3. Poly Network — $610 Million
The largest hack in the crypto space occurred on August 10, 2021, and involved a project called Poly Network, which enables users to swap tokens across different blockchains.
The protocol operates on various different networks including Binance Smart Chain, Ethereum, and Polygon.
Through a highly sophisticated attack, hackers were able to override the smart contracts associated with each blockchain allowing them to divert the funds to their own personal wallets.
In total, over $600 million worth of crypto assets were stolen from thousands of participants.
However, in a turn of events, the hackers began returning the funds in the days that followed and even refused a $500,000 reward from the Poly Network team.
While the identity of the hacker remains unknown, the incident serves as a reminder of both the security risks of this industry and the surprising nature of crypto enthusiasts.
2. Axie Infinity's Ronin Bridge — $612 Million
On 29 March 2022, Ronin Network tweeted that a security breach had occurred on the bridge that connects the popular Axie Infinity game to other blockchains.
According to the announcement, 173,600 Ethereum was stolen along with 25.5 million USDC which is a stablecoin pegged to the dollar.
The total exploit is worth a combined $612 million at the time of writing, making it the biggest hack to date at the time it happened.
Interestingly, it appears that the hack occurred on March 23, or 6 days before the developers noticed.
1. Bitfinex Exchange — $5 Billion
In 2016, Bitfinex, one of the most popular cryptocurrency exchanges at the time was hacked and 119,756 BTC was stolen from the company's wallets.
Most of the coins remained dormant for years until April 2021 when blockchain analytics bots noticed transactions being made again from the associated wallets.
The transfers caused volatility in the markets despite the BTC being blacklisted by major exchanges.
On February 1, 2022, blockchain analysts noticed a series of transactions being made again from wallets tied to the Bitfinex hacker.
This time, 94,000 BTC worth $3.6 billion were being transferred to different wallets.
In a surprising turn of events, it was revealed on February 8 that the funds had been seized by the US government and two individuals were arrested for their involvement in the hacking.
Bitfinex later posted a statement revealing that they would use 80% of the recovered funds to repurchase and burn UNUS SED LEO tokens, the platform's native cryptocurrency.