Article Series: 12 Largest DeFi / Crypto Hacks

12 Largest Crypto Hacks

The 12 Biggest Hacking Incidents in the History of Crypto

The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. I suspect a larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while we were conducting our research; that’s how we know this will be the most accurate and up-to-date list of the top 12 hacking incidents in crypto’s history. 1. Poly Network: $611M At $611M, the Poly Network exploit of August 10, 2021 ranks as the largest crypto hack to date in terms of mark-to-market value. Using a series of data manipulation techniques in the high-level code of the Ethereum smart contract, the attacker was able to steal around $274M in crypto assets from the Poly network’s Ethereum wallet, around $253M from the BNB Chain wallet, and another roughly $85M from the Polygon wallet. All the stolen funds were returned, but the identity of the hacker is still unknown. Read an in-depth analysis of the Poly Network Hack. 2. Binance...
Binance Bridge Hack

How the Big Binance Bridge Hack Will Change the way People View Web3

$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very "decentralized". How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does this all have to do with decentralization? Let's go through this in order. How the BSC Token Hub was Hacked The BSC Token Hub is a cross-chain bridge native to Binance that allows users to transfer tokens between the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC). On October 6, 2022, an attacker interacted with the BSC Token Hub smart contract in a way that allowed them to print two million BNB tokens (the native token on the BNB Smart Chain), worth approximately $566 million at the time. This was achieved using falsified transactions that convinced the bridge...
Beanstalk Farms

How a $1B Flash Loan Led to the $182M Beanstalk Farms Exploit

Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must yield a profit. If the trade doesn’t yield a profit, the transaction is cancelled and the loan is not approved. On the other hand, if it does yield a profit then a fee is paid to the platform issuing the loan, such as Aave for example, and the remainder is kept by the trader. If that all sounds too good to be true, it’s because it kind of is. You’ll pay a lot in gas fees, even for failed transactions, and the vast majority of your transactions will probably fail. There are programs to help you organize the trades and find...
Nomad Bridge Hack

How the Nomad Bridge Hack can Help Us Explore the Potential Downsides of Decentralization

One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing. Decentralization is a hot-button topic in 2022. To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized solution to these problems, but web3 has some kinks to work out before it can replace the established infrastructure of web2. One of those kinks involves exploitable smart contracts, a $190 million liquidity pool, and simple human nature. This is the full story behind the Nomad Bridge Hack of August, 2022. The Nomad Bridge Hack Timeline August 1, 2022: Source: https://twitter.com/nomadxyz_/status/1554246853348036608?s=20&t=bbAzgxq95hczZKUsXIabgw Ethereum block 15259101 at 21:32:31 UTC contains four transactions at indices 0, 1, 3, and 124. Each transaction is a fraudulent withdrawal from the Nomad bridge for 100 WBTC (~$2.3M at the time). An attacker has found a bug in the smart contract that verifies Ethereum transactions on the bridge, and it’s as easy as copy/pasting the fraudulent transaction details and replacing the receiving wallet address with one’s own to replicate...
Poly Network Hack

How Crypto’s Biggest Hacker was Found but Never Identified

The $611M Poly Network exploit is the largest crypto hack to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown. Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident. But how was the hack carried out? Why did they return the funds? And how did they manage to remain anonymous? We’ll explore these questions, but first.. What is the Poly Network? The Poly Network is a DeFi platform that enhances blockchain interoperability by enabling users to transfer information and cryptocurrencies between various blockchains. Using the Poly Chain consortium blockchain as its framework, the Poly Network deploys a series of smart contracts to establish bridges between Bitcoin, Ethereum, BNB Smart Chain, and more than 20 other blockchains. In simplified terms, Poly Network lets blockchains talk to each other using smart contracts. How the Poly Network Hack Happened A comprehensive technical report by Kraken Security Labs less than 2 months after the incident revealed the mechanics of the attack. Through a series of data manipulation techniques in the high-level code of...
Wintermute Hack

The $160M Wintermute Hack: Inside Job or Profanity Bug?

Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.  In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is. Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as Kraken or Binance. It sounds great, but now you have a new problem because you’ll need to constantly ensure the exchange always has enough liquidity to maintain trading, especially in DeFi markets where liquidity is a primary target for exploiters to attempt malicious activities and try to drain the funds. It would be great if you could deploy an algorithm to perform this constant liquidity observation and management for you – that’s essentially what an algorithmic market maker does. Wintermute offers this service on both centralized and decentralized exchanges, among other services such as OTC trading and early-stage start up investments. They incentivize users to provide liquidity into their protocol, and then their protocol manages the markets and liquidity pools across the project’s various partners’ and...
BitMart Hack

Trying to Solve the Mysterious $200M BitMart Hack

A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing. When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public. In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on. This is the fullest story you’ll find on what happened with the $200M BitMart hack. Timeline of the BitMart Hack December 04, 2021: At approximately 22:30 UTC, BitMart staff identifies a security breach involving two hot wallets (lower-security wallets that are connected to the internet). They respond by immediately shutting down various systems, including withdrawals and the freezing of certain trading pairs. We learn in a later update that the security breach involved the attacker gaining access to two private keys, which allowed them to take various cryptocurrencies from the two wallets. December 05, 2021: At 00:28 UTC, just under 2 hours after BitMart noticed the hack and paused withdrawals, blockchain security and data analytics company PeckShield...
Coincheck Hack

What the $534M Coincheck Hack Taught Us All About Safe Storage of Digital Assets

The biggest crypto heist in history at the time it occurred in 2018 was an eye-opener for many reasons, not least of which for the way the stolen assets were being stored.  Seasoned crypto enthusiasts and early adopters of the disruptive new technology know now that safely storing your digital assets is half the battle, but it wasn’t always so. Insufficiently secured storage was the norm for almost a decade after Bitcoin’s creation, with many people simply keeping their crypto on centralized exchanges, hot wallets, or even just USB sticks without any password protection. With the $534M Coincheck hack in January of 2018, security and responsible self-custody of crypto assets quickly became a hot topic of discussion in the media and the crypto community. You’ll see why. The Full Story Behind the Coincheck Hack Coincheck is today one of Japan’s largest crypto exchanges, still trading 10’s of millions of dollars worth of crypto each day, denoted in Japanese Yen (JPY). At the time of the attack, it was the largest crypto exchange in Japan, and the attack represented the largest crypto heist of all time in terms of US dollar amount, surpassing the hack of another Japanese Exchange, Mt. Gox. The incident At 17:57 UTC on...
Axie Infinity

What the Biggest Blockchain Game’s Hack Reveals about the Future of Crypto Adoption

Axie Infinity’s Ronin Bridge Hack for $551M worth of crypto assets could paradoxically lead to higher rates of blockchain adoption by showing that it’s a lot easier to track stolen cryptocurrency than people think. The popular misconception that cryptocurrencies are private and untraceable fuels the equally popular misconception that it’s impossible to track and recover stolen crypto assets. In fact, even some of the most high-profile and sophisticated crypto theft operations have been exposed through the use of blockchain forensics and crypto investigations. The infiltration of Sky Mavis leading to the Axie Infinity Ronin bridge exploit and the subsequent postmortem is a perfect example. How Axie Infinity’s Ronin Bridge was Hacked In short, it was a phishing attack against employees at Sky Mavis that led to a successful 51% attack on the Ronin network, but let’s start at the beginning. Axie Infinity was at one time the world’s most popular play-to-earn blockchain game. It has its own layer 2 blockchain called Ronin, built on Ethereum. In order for users to transfer funds from the Ethereum blockchain to the Ronin blockchain, a bridge is required. This is what we’re referring to when we talk about the Ronin bridge. Bridges require sufficient liquidity on both blockchains so they...
Wormhole Bridge Hack

Diving into the $320M Wormhole Bridge Hack

The full story behind the exploit that led to the fraudulent minting of 120,000 wETH and threatened to crash Solana. Early February of 2022 was a low-point for the cryptocurrency asset class; one of many more to come throughout the year. The price of BTC was on a relentless downtrend from a high of $69,044.77 on Nov 10, 2021, to under $40,000 by February 02, 2022. This is the market atmosphere in which the $320M Wormhole bridge exploit occurred. The Wormhole bridge exists to help users move their assets from one blockchain to another – most often from Ethereum to Solana. The bridge, like any other, requires that users deposit their assets from one chain, such as ETH for example, and then they get the equivalent in a “debt token” (wETH or wrapped ETH) on the chain they wish to bridge to. From there, they can use the wETH to interact with dApps (decentralized apps) or exchange it for other assets, such as SOL or USDC. The hack involved falsifying on-chain messages and transactions which allowed the attacker to steal the funds. How the Exploit was Executed By using a fake ‘sysvar’ account to invoke the “verify_signatures” function, the attacker was able to create a...
KuCoin Hack

How KuCoin Survived a Massive Hack of $285M Worth of Crypto Assets

When attacked, some crypto projects and exchanges buckle and fold under pressure; KuCoin set the standard in 2020 for how to react to crypto hacks, even on the largest scale. KuCoin is a Singapore-based crypto exchange that consistently ranks among the top 5 exchanges in terms of daily volume serving the crypto markets in Asia. As of November 2022, they offer over 900 trading pairs of 700+ different cryptocurrencies, putting them firmly in the top 10 among both centralized and decentralized exchanges in terms of sheer amount of coins offered. On September 25, 2020, KuCoin suffered one of the biggest incidents of theft in human history, let alone the short lifespan of the cryptocurrency asset class. More than 150 different cryptocurrencies made up the loot, which were valued at roughly $285M at the time according to KuCoin’s CEO. You can imagine it’s difficult to calculate the precise value of the stolen digital assets because of the volatility of their varying prices, but it’s not impossible. In fact, blockchains record all the information required to calculate the exact value of the assets at the time of the hack; they also record all the information required to trace the digital assets to their final...
Mt Gox Hack

What You Need to Know about the $460M MtGox Hack of 2014

The full story behind the first major crypto hack and how much really was lost. MtGox was one of the very first platforms on which people could buy, sell, and trade bitcoin. Launched in July 2010, by 2014 the Tokyo-based company was handling over 70% of all BTC transactions globally. It was on a trajectory that could have put it alongside or even in place of the major exchanges we know today, such as Coinbase, Kraken, Binance, etc. In fact, the domain name ‘mtgox.com’ was initially purchased in 2007 by the MtGox founder, Jed McCaleb, with the intention of building a Magic: The Gathering trading website where users could trade their MtG cards online like stocks (MtGox = Magic the Gathering Online Exchange); there’s no doubt they would have been early adopters of NFTs as well. The website was transitioned into one of the world’s first crypto exchanges after McCaleb read about bitcoin in an online publication called Slashdot and saw the opportunity to build a business. However, in early 2014, at the height of its operations and no longer in the hands of McCaleb (who sold in 2011 to French developer Mark Karpelès), everything ground to an abrupt halt in the...
BitGrail Hack

Gleaming Wisdom from the Strange $170M BitGrail Hack

Around $170M worth of cryptocurrency was allegedly stolen from an obscure Italian crypto exchange called BitGrail in 2018; it’s still unclear exactly how or by whom. Just weeks after Japanese crypto exchange Coincheck was hacked – an event dubbed “the biggest theft in the history of the world” at the time – the Italian crypto exchange BitGrail announced they were unable to account for millions of Nano (XNO), valued around $170M. Similar to the Coincheck hack, this incident involved BitGrail’s hot wallet allegedly being compromised. However, that’s where the similarities end. Coincheck was praised for taking full responsibility and returning 90% of stolen funds to affected users from their own capital just months after the attack, whereas it was nearly a year before the owner of BitGrail was ordered by Italian courts to face insolvency and attempt to repay what was lost by users of his exchange. The lesson we all learned was to do our due diligence when deciding on a crypto exchange to use. The BitGrail Hack Timeline February 08, 2018: BitGrail announces XRB markets are down (XRB is the former ticket of the NANO cryptocurrency, now XNO). No further information is provided. Source: https://twitter.com/BitGrail/status/961643213936300032?s=20&t=-l1G0Cv_bBWy7xzyhk-KnA We will later learn that BitGrail was already aware of...