Biggest Crypto Hacks & Exploits, Ranked by Loss

DeFi Intel Research Desk · Updated 2026-05-28 · technical exploits and thefts, ranked by USD stolen

The biggest crypto hack of all time is the Bybit Cold Wallet Compromise, with $1.46 billion stolen on February 21, 2025. Across 15 tracked major exploits and thefts, over $5.4 billion has been lost, ranked here by total USD stolen. The list spans exchange hacks, bridge exploits, DeFi attacks, and governance exploits dating from 2018 to 2025.

While some hacks resulted in full recoveries—such as the Poly Network and Euler Finance incidents—many funds remain lost. The ranking highlights the ongoing security challenges in the crypto space, with bridge exploits and exchange vulnerabilities dominating the top losses.

  1. #1 Bybit Cold Wallet Compromise (Feb 21, 2025) $1.46B 2025-02-21 · Exchange hack

    On February 21, 2025, Bybit's Ethereum cold wallet was drained of approximately 401,346 ETH plus various staked-ETH derivatives in a single execution, totaling $1.46B at the time o

  2. #2 Ronin Bridge Validator Compromise (March 23, 2022) $620M 2022-03-23 · Bridge exploit

    On March 23, 2022, the Ronin Bridge - the canonical bridge between Ethereum and the Ronin sidechain that hosted Sky Mavis's Axie Infinity ecosystem - was drained of 173,600 ETH and

  3. #3 Poly Network Cross-Chain Exploit (August 10, 2021) $611M 2021-08-10 · Cross-chain bridge exploit / fully recovered

    On August 10, 2021, an attacker exploited Poly Network, a cross-chain interoperability protocol that bridged assets between Ethereum, BNB Chain, Polygon, and several other networks

  4. #4 BNB Chain Token Hub IAVL Proof Forgery (Oct 7, 2022) $568M 2022-10-07 · Cross-chain bridge exploit

    On October 6-7, 2022, an attacker exploited a verification flaw in the IAVL+ Merkle proof library used by the BSC Token Hub - the native cross-chain bridge between Binance Beacon C

  5. #5 Coincheck NEM Hot-Wallet Theft (Jan 26, 2018) $530M 2018-01-26 · Exchange hack

    On January 26, 2018, Tokyo-based crypto exchange Coincheck reported the unauthorized transfer of 523 million NEM (XEM) tokens from a single hot wallet, with a market value at the t

  6. #6 Wormhole Bridge Signature Bypass (Feb 2, 2022) $326M 2022-02-02 · Bridge exploit

    On February 2, 2022, the Wormhole Bridge - the principal cross-chain bridge between Ethereum and Solana, carrying approximately $1B in locked Ethereum assets at the time - was expl

  7. #7 WazirX Exchange Hack (Jul 18, 2024) $235M 2024-07-18 · Exchange hack

    On July 18, 2024, WazirX, India's largest cryptocurrency exchange by spot trading volume, lost approximately $235M in customer assets to a compromise of its Liminal Custody-managed

  8. #8 Cetus Protocol Exploit on Sui (May 22, 2025) $230M 2025-05-22 · DEX exploit

    On May 22, 2025, Cetus Protocol, the dominant concentrated-liquidity DEX on the Sui Network, suffered a $230M exploit driven by an integer-overflow bug in the decimal-handling logi

  9. #9 Euler Finance donateToReserves Exploit (March 13, 2023) $197M 2023-03-13 · DeFi lending exploit / fully recovered

    On March 13, 2023, an attacker exploited Euler Finance, an Ethereum-based money market that supported permissionless listing and leveraged lending, draining approximately $197M acr

  10. #10 Beanstalk Flash-Loan Governance Attack (April 17, 2022) $182M 2022-04-17 · Governance exploit

    On April 17, 2022 at 12:24 UTC, the Beanstalk Farms decentralized stablecoin protocol was drained of approximately $182M of locked assets in a single atomic transaction. The attack

  11. #11 Cream Finance Third Hack of 2021 (Oct 27, 2021) $130M 2021-10-27 · DeFi exploit

    On October 27, 2021, Cream Finance, a Compound-fork lending protocol that had been a substantial player in DeFi credit markets through 2020-21, suffered its third major exploit of

  12. #12 Atomic Wallet Mass Seed-Phrase Compromise (Jun 3, 2023) $100M+ 2023-06-03 · Non-custodial wallet mass compromise

    Beginning approximately June 2, 2023 and continuing in waves through the following weeks, users of Atomic Wallet, a non-custodial multi-asset wallet client offered by Estonia-regis

  13. #13 Curve Finance Vyper Reentrancy Compiler Bug (July 30, 2023) $73M 2023-07-30 · Compiler vulnerability

    On July 30, 2023, multiple Curve Finance stable pools were drained via a previously-unknown bug in the Vyper smart-contract compiler's @nonreentrant decorator. Vyper versions 0.2.1

  14. #14 Bitfinex Multisig Compromise (Aug 2, 2016) $72M (119,756 BTC) 2016-08-02 · Exchange hack

    On August 2, 2016, the Hong Kong-based exchange Bitfinex disclosed the theft of 119,756 BTC, valued at approximately $72M at the time of the breach and approximately $4.5B at the N

  15. #15 The DAO Reentrancy Exploit (June 17, 2016) $60M 2016-06-17 · Smart-contract exploit / governance crisis

    On June 17, 2016, an unidentified attacker exploited a reentrancy vulnerability in The DAO, a $150M Ethereum-based investment vehicle that at the time held approximately 14% of all

Frequently asked questions

What is the biggest crypto hack ever?

The biggest crypto hack ever is the Bybit Cold Wallet Compromise on February 21, 2025, with a loss of $1.46 billion. It is an exchange hack where a cold wallet was compromised.

How much has been stolen in crypto hacks?

According to this list of 15 tracked hacks and exploits, a total of $5.4 billion has been stolen. This includes both recovered and unrecovered funds.

What types of crypto hacks are most common among the largest losses?

Bridge exploits and exchange hacks dominate the list. Examples include Ronin Bridge ($620M), Poly Network ($611M), BNB Chain Token Hub ($568M), and Coincheck ($530M). DeFi and governance exploits also appear.

Have all the biggest crypto hacks been recovered?

No. While some funds were fully recovered, such as the Poly Network ($611M) and Euler Finance ($197M) exploits, most losses remain unrecovered, including the $1.46B Bybit hack.