Author: Huo Huo, Plain Language Blockchain
Last Saturday, the world's second-largest CEX Bybit suffered a hacker attack, resulting in the theft of a total of $1.46 billion in ETH, setting a record for the largest single-token theft in history. Just on February 24, the crypto financial card service provider Infini also fell victim to a hacker attack, with approximately $49.5 million stolen from its Ethereum address. This series of security incidents has further exacerbated the already sluggish crypto market, exposing the inadequacies in asset security management on crypto platforms and further weakening market liquidity, making security issues a focal point of industry concern once again.
It can be said that crypto security incidents have been frequent in recent years, involving various targets such as CEX, DeFi platforms, and cross-chain bridges. According to a report by blockchain analysis firm Chainalysis, hackers stole approximately $2.2 billion in crypto assets in 2024, with the total amount stolen to date exceeding $5 billion (equivalent to over 36 billion RMB).
Today, we will review the top ten crypto security incidents from the past (including the Bybit theft incident in February 2025). The 36 billion RMB worth of assets lost in these ten security incidents serves as a "bloody lesson" for the owners. What important tips can individuals derive from these incidents to protect their crypto assets?
Top 10 Crypto Security Incidents
The following chart ranks the top ten crypto security incidents by the amount lost, covering a variety of complex attack methods from smart contract vulnerabilities to private key leaks and database attacks.
Through analysis, we can see that these theft incidents not only exposed specific security vulnerabilities but also reflected the weak links in the crypto industry's technical protection and risk management.
Next, we will categorize and analyze these incidents based on their causes and the lessons they brought, to better understand the underlying security risks and provide references for future prevention.
1) Wallet Private Key or Security Issues
Ronin Network Theft Incident (March 2022): $625 million
Ronin Network is a scaling solution designed for blockchain games and NFTs, created by the Axie Infinity development team Sky Mavis, aimed at addressing Ethereum's limitations in transaction fees and processing speed.
In March 2022, Ronin Network was attacked by the North Korean-supported hacker group Lazarus Group, resulting in a loss of approximately $625 million in Ethereum and USDC. The hackers successfully controlled five nodes by attacking the network's validation nodes, allowing them to create and sign malicious transactions, ultimately transferring the funds to addresses they controlled.
Coincheck Theft Incident (January 2018): $534 million
Coincheck is one of the more well-known CEXs in the Japanese crypto market, established in 2012, dedicated to providing secure and convenient trading services.
In January 2018, Coincheck suffered a hacker attack due to security issues with its hot wallet, resulting in a loss of approximately $534 million in NEM tokens.
DMM Bitcoin Theft Incident (May 2024): $305 million
DMM Bitcoin is also a crypto CEX based in Japan, established in 2018.
In May 2024, DMM Bitcoin was attacked by hackers, leading to the theft of approximately 4,500 bitcoins (valued at about $305 million at the time). Although the specific method of the attack is still under investigation, reports suggest that a leaked private key may have been a key factor in the hackers' intrusion.
KuCoin Theft Incident (September 2020): $275 million
KuCoin is a well-known CEX in Singapore, established in 2017.
In September 2020, KuCoin suffered a hacker attack, resulting in a loss of approximately $275 million in various crypto tokens. The hackers successfully stole a large amount of assets by obtaining the private key of the CEX's hot wallet.
Summarizing these four theft incidents, it is evident that they all resulted from insufficient security of hot wallets or nodes. Validation nodes and hot wallets, due to their internet connectivity and convenience, are easy targets for hacker attacks. There are various methods of attack, including malware, phishing attacks, or exploiting internal platform vulnerabilities to obtain private keys. Once an attack is successful, hackers can quickly transfer assets, leading to irretrievable losses. In contrast, cold wallets and other storage methods that are not connected to the internet can effectively avoid the risks of online attacks, making them a relatively safer choice for storing crypto assets.
Additionally, for CEXs, ensuring strict management and storage security of private keys is key to preventing large-scale fund theft; for individual users, properly safeguarding private keys is equally crucial for asset security. Once a private key is lost or leaked, users will completely lose control over their assets, as no third party can help recover the funds. Therefore, both CEXs and individuals need to establish more comprehensive key protection measures to reduce security risks.
2) Smart Contract Vulnerabilities
Poly Network Theft Incident (August 2021): $600 million
Poly Network is a cross-chain protocol that allows users to seamlessly transfer and exchange assets across multiple blockchain platforms, enabling cross-chain transactions and collaboration.
In August 2021, the Poly Network cross-chain bridge was hacked due to a smart contract vulnerability, resulting in a loss of approximately $600 million in various tokens. The hackers exploited the vulnerability to bypass permission controls and transferred a large number of tokens to their own addresses. However, unexpectedly, the hackers later negotiated with the platform and gradually returned most of the stolen funds.
Wormhole Theft Incident (February 2022): $320 million
Wormhole is a decentralized cross-chain bridge protocol that allows users to transfer assets between multiple blockchain networks without relying on a single chain's ecosystem.
In February 2022, the Wormhole cross-chain bridge was attacked while connecting the Solana and Ethereum blockchains, resulting in approximately $320 million in wrapped Ethereum (wETH) being stolen. The attackers exploited a vulnerability in the cross-chain bridge's smart contract to bypass the verification mechanism, unauthorizedly minting a large amount of wETH and withdrawing it to their own addresses.
The security incidents of Poly Network and Wormhole exposed the vulnerabilities in asset transfer and verification processes of cross-chain protocols. Particularly in the management and verification of cross-chain assets, vulnerabilities can easily be exploited by hackers, leading to significant losses. This reminds us that the design of cross-chain protocols must pay more attention to permission control in smart contracts to ensure the validity of operations, especially in the management and verification of cross-chain assets.
To enhance security, cross-chain platforms need to conduct regular comprehensive security audits and vulnerability checks to promptly identify and fix potential issues. Additionally, it is recommended to introduce multi-signature mechanisms and stricter permission management in contract design to avoid single points of failure or hackers controlling key permissions. Furthermore, updates and maintenance of cross-chain protocols should follow strict processes to ensure that every fix and upgrade undergoes thorough testing to enhance the security of cross-chain platforms, reduce attack risks, and protect user assets.
3) System Vulnerabilities or Database Leaks
Mt. Gox Theft Incident (February 2014): $473 million
Mt. Gox was once the largest Bitcoin CEX in the world, with trading volume at one point accounting for about 70% of global Bitcoin trading. Established in 2010 and headquartered in Japan, it played a key role in the early booming development of the crypto industry.
However, in 2014, this CEX suffered multiple security breaches, leading to the theft of approximately 850,000 bitcoins (valued at about $473 million at the time), ultimately going bankrupt and becoming one of the most sensational scandals in crypto history. This attack exposed the inadequacies in monitoring mechanisms and slow responses to suspicious activities, while the specific methods used by the hackers remain unclear to this day.
Mixin Network Theft Incident (September 2023): $200 million
Mixin Network is a decentralized cross-chain protocol aimed at solving interoperability issues between blockchains.
In September 2023, the Mixin Network peer-to-peer trading network was attacked due to a database leak from a cloud service provider, resulting in approximately $200 million in Bitcoin and Ethereum assets being stolen.
These two incidents exposed the serious risks of system vulnerabilities and database leaks in the crypto industry. The Mt. Gox incident highlighted the lack of adequate security monitoring and response mechanisms in crypto CEXs, while the Mixin Network incident reminded us to be particularly cautious when relying on third-party cloud services. To avoid similar issues, platforms should strengthen multi-layered security defenses, establish comprehensive monitoring and emergency response systems, and ensure that collaborations with third-party vendors have sufficient security guarantees.
In responding to such incidents, first, do not put all your "eggs" in one basket; secondly, we need to pay attention to whether this "basket" has sufficient compensation capacity when problems arise. Especially in the crypto field, when choosing CEXs or other platforms, it is essential to ensure they have sufficient reserves and financial health to cope with potential large losses. Additionally, assessing the platform's risk response mechanisms, insurance policies, and historical compensation records is also necessary. After all, risks are sometimes unavoidable, and choosing a platform that can take responsibility during a crisis is also a way to be responsible for oneself.
4) Front-End Tampering Fraud
Bybit Theft Incident (February 2025): $1.5 billion
Bybit is a crypto CEX established in 2018 and headquartered in Singapore, primarily providing crypto derivatives products.
After being attacked by hackers on February 22, 2025, Bybit lost approximately $1.5 billion in Ethereum and related staked assets. This incident involved manipulation of cold wallet transactions, where hackers displayed a deceptive signature interface showing the correct address while altering the underlying smart contract logic to transfer funds to unauthorized addresses. This attack method indicates that even cold wallets are not absolutely secure.
Although cold wallets are safer than hot wallets, the Bybit theft incident shows us that security awareness is always the most important. In addition to choosing a CEX with a good security record, wallet management, transaction verification, and secure operational processes are also crucial, as cold wallets are not a panacea.
It is reported that the root cause of the Bybit theft incident is attributed to issues with the Safe multi-signature and the attack method. The attackers initiated malicious spoofing transactions against Bybit through a compromised signing wallet Safe developer's machine, indicating that due to insufficient security protection of the developer's device and credentials, even without obvious smart contract vulnerabilities or source code issues, hackers can still intrude.
This reminds us that in addition to choosing a CEX with a good security record, wallet management, transaction verification, and secure operational processes are crucial. The security awareness of developers' machines, credential management, and every operational step should be strengthened. Additionally, users need to be particularly cautious when signing transactions and remain highly vigilant to ensure that no steps are overlooked.
5) Flash Loan Attacks
Euler Finance Theft Incident (March 2023): $197 million
Euler Finance is a decentralized financial platform built on Ethereum and Layer 2 networks like Optimism, dedicated to providing seamless and efficient borrowing and lending services.
In March 2023, the Euler Finance decentralized lending platform suffered a flash loan attack, resulting in the theft of approximately $197 million in various tokens. The attackers exploited a vulnerability in the platform's smart contract, manipulating market prices through flash loans, triggering the platform's liquidation mechanism, and illegally siphoning off funds.
This incident once again revealed the potential vulnerabilities in the smart contract design and market mechanisms of decentralized finance platforms. Flash loan attacks typically rely on manipulating market prices and triggering liquidation mechanisms, exposing the platform's weaknesses in price oracle and market stability. To counter such attacks, platforms should focus on reviewing the smart contract code, especially in areas involving market manipulation and liquidation mechanisms, and strengthen security protections.
Additionally, security audits and historical reputation are key factors in assessing a project's reliability. Even if a project promises high returns, one should not overlook potential risks to avoid falling into traps. Whether entrusting funds to centralized platforms or using decentralized applications, caution must be maintained, and one should never let their guard down.
Speculation, fraud, and money laundering can also trigger financial risks! To prevent "crypto assets" from spiraling out of control, these measures must be considered - Weekly Magazine
What Security Advice Can Be Given to Individual Holders?
Looking back at these security incidents, it is not difficult to find that security vulnerabilities in CEXs, mismanagement of private keys, and the upgrading of hacker techniques continuously threaten the security of crypto assets.
These incidents not only reveal the hidden risks in the world of digital assets but also provide us with valuable experiences. Learning to identify potential threats and adopting safer storage and trading methods is a topic that every crypto user needs to pay attention to.
Next, we will summarize several key security recommendations from these cases, hoping to provide practical references for everyone in managing digital assets, helping to reduce risks and avoid becoming the next victim.
1) Choose a Reputable Platform
Choosing a CEX or platform with a good security record and transparent disclosure of security measures is the first step in protecting personal assets.
2) Use Cold Storage to Protect Assets
Storing important digital assets in cold wallets is a crucial means to prevent hacker attacks.
3) Enable Two-Factor Authentication (2FA)
By binding a phone, email, or dedicated authenticator, users can add an extra layer of security when logging in, effectively preventing unauthorized access to accounts. Regularly checking and monitoring account activity is an effective way to promptly detect suspicious transactions and potential threats.
4) Diversify Investments to Reduce Risks
Distributing assets across multiple platforms or wallets can mitigate risks. For example, users can keep the majority of their assets in cold wallets while using a small amount for daily transactions or spreading them across different trusted CEXs to reduce the overall loss when a single platform encounters issues.
5) Trust No One
The most important feature of crypto assets is verifiability; do not blindly trust any third party to ensure your crypto security, including software and hardware provided by wallet developers. Always treat personal connected devices as "not completely secure" and personally verify the accuracy of every transaction information you submit and sign.
Conclusion
It can be said that security prevention is not only a response to problems but also a proactive strategic layout. Crypto asset management is not just about addressing immediate risks but also about ensuring long-term stable development. By cultivating daily security habits, gradually strengthening protective capabilities, and preventing risks at every step, we can effectively minimize risks.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
