‘Biggest crypto hack in history’: Bybit exploit is latest security blow to industry

Cryptocurrency exchange Bybit was exploited for more than $1.4 billion on Feb. 21, making it the single largest hack in the industry’s 15-year history. In value terms, the single attack represented more than 60% of all crypto funds that were stolen in 2024, based on Cyvers data. 

Hacks and scams have become commonplace in crypto, creating a crisis of legitimacy for an industry most believe has been unjustly targeted for “facilitating crime.” However, as Chainalysis data shows, legitimate use cases for crypto have been growing much faster than illicit activity. 

Nevertheless, the economy of hacking continues to thrive, especially as crypto prices rally. By mid-2024, crypto hacks had reached a cumulative $19 billion, according to Crystal Intelligence. 

Below is a list of some of the biggest crypto hacks in history — and how they are all dwarfed by the latest Bybit exploit.

Related: Bybit exchange hacked, over $1.4 billion in ETH-related tokens drained

Ronin Network

Before Bybit, Ronin Network was the victim of the single largest crypto hack in history. In March 2022, the Ethereum sidechain built for the Axie Infinity play-to-earn game was exploited for more than $600 million worth of Ether (ETH) and USD Coin (USDC). Ronin was only able to ever retrieve a tiny portion of the stolen funds. 

The attack was pinned on Lazarus Group, an organization allegedly linked to the North Korean government. The shadow group is believed to have stolen $1.34 billion worth of crypto in 2024 alone. 

Since 2020, the group is believed to have laundered hundreds of millions of dollars worth of digital assets. 

Poly Network

In 2021, hackers exploited the crosschain protocol Poly Network to steal more than $600 million worth of funds in what cybersecurity firm SlowMist described as a “long-planned, organized” attack. 

The attack drained $273 million from Ethereum, $253 million from BNB Smart Chain and $85 million from the Polygon network. At the time, it was considered the largest-ever decentralized finance exploit.

According to Poly Network, the attacker eventually returned nearly all of the stolen funds, except for $33 million. 

Binance BNB Bridge

In October 2022, crypto exchange Binance’s BNB Chain was hacked for roughly $568 million. As Cointelegraph reported at the time, the attackers exploited the BSC Token Hub, a crosschain bridge, by using a loophole to issue 2 million BNB (BNB). The attacker immediately bridged $100 million worth of the stolen tokens to other networks. 

Former Binance CEO Changpeng Zhao confirmed that the exploit “resulted in extra BNB.” He later announced the temporary pause of BNB Smart Chain. 

Related: Offchain transaction validation could prevent 99% of crypto hacks, scams

Coincheck

One of the earliest crypto exploits occurred in early 2018 when the Japanese exchange Coincheck was robbed of $534 million worth of NEM (XEM) tokens. XEM was the token of the New Economy Movement (NEM), which launched in 2015 and is now considered “dead.”

The hackers stole the funds by exploiting a hot wallet and performing several unauthorized transactions. All the stolen funds belonged to exchange users. It was later reported that the attack may have been tied to a hacker group that installed a virus on Coincheck employee computers.

The exchange vowed to repay all 260,000 victims of the attack. According to BBC, the customers were eventually reimbursed. 

FTX

Just as FTX was imploding in November 2022, a series of unauthorized transactions drained the crypto exchange of $477 million. By January 2023, the exchange said it had identified $415 million in “hacked crypto.” 

Although no perpetrator was identified at the time, former FTX CEO Sam Bankman-Fried said he believed the attack was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer.” He claimed to have narrowed down the list of potential perpetrators to eight people before he was locked out of the company’s internal systems.

However, by January 2024, US federal prosecutors had identified and charged three people for allegedly carrying out the attack. 

Magazine: Trump’s Bitcoin policy lashed in China, deepfake scammers busted: Asia Express