12 Largest Crypto Exchange Hacks In History

Coincheck was the largest crypto exchange hack ever, with $532M lost. It’s followed by Mt. Gox ($480M) and the recent FTX ($415M).

Updated: Apr 20, 2024

Largest Crypto Exchange Hacks

Currently, cryptocurrency hack estimates range from $3 billion to $14 billion a year. Whether it's DeFi protocols or centralized platforms, hacks in the cryptocurrency space are all too common. 

Today, we'll look at the 12 biggest hacks in history from centralized crypto exchanges.

This list is peppered with household names, highlighting the fact that you can never be too safe.

Overview

Total Loss ($M)

Crypto Exchange

Cause

Date

$532

Coincheck

Malware & Phishing

2018

$480

Mt. Gox

Security Breach

2014

$415

FTX

Unknown

2022

$281

KuCoin

Unknown

2020

$196

Bitmart

Stolen Private Key

2021

$146

Bitgrail

Inside Job

2018

$125

Poloniex

Private Key Compromise

2023

$97

Liquid

Phishing

2020

$77

AscendEx

Hot Wallet Vulnerability

2021

$71

Bitfinex

Security Vulnerability

2016

$60

Zaif

Hot Wallet Vulnerability

2018

$40

Binance

Phishing & Viruses

2019

1. Coincheck for $532M

  • Cause: Malware and Phishing
  • Status: Users were refunded in 2018
  • Date: January 26, 2018 

Japanese exchange Coincheck, established in 2012, suffered the world’s largest cryptocurrency exchange hack when hackers used a phishing and malware attack to access user hot wallets. NEM currency was used to ship user funds out, but after an investigation, Coincheck announced that all affected 260,000 users would be refunded for all assets taken.

2. Mt. Gox for $480M

  • Cause: Security Breach
  • Status: Repayment Expected in Oct 2023
  • Date: February 24/25, 2014

Once responsible for processing 70% of all global Bitcoin transactions, Mt. Gox was hacked in 2014, with $480 million in Bitcoin taken. This followed a 2011 attack where $8.75 million was lost. Hackers gained control of an auditor’s computer, poured bogus Bitcoins into the exchange to drive the price down, and extracted money from hot wallets. CEO Mark Karpeles was found guilty of falsifying financial records.

3. FTX for $415M

  • Cause: Unknown
  • Status: Recovery efforts are in progress
  • Date: November 2022

The collapse of FTX is the most recent significant hack. Over ten days (one day after filing for bankruptcy), user wallets were drained of their coins. The cause is unknown, with many in the crypto community speculating that it was an inside job. CEO Sam Bankman-Fried is awaiting trial in New York City while prosecutors continue their recovery efforts. Thankfully, most of FTX’s assets were liquid and in easily accessible fiat currency.

4. KuCoin for $281M

  • Cause: Unknown
  • Status: Assets were insured
  • Date: September 25, 2020

Singaporean crypto exchange KuCoin lost at least $281 million in various cryptocurrencies, including Bitcoin, Ethereum, and Litecoin. The most commonly cited reason is DeFi protocols, but KuCoin has revealed little else. It’s known that the money was laundered through decentralized exchanges. The culprits are believed to be North Korean, but quick action to disable online transactions limited the damage, and the exchange’s insurance policy refunded users.

5. Bitmart for $196M

  • Cause: Stolen private key
  • Status: Refunds promised and undelivered
  • Date: December 4, 2021

BitMart suffered a loss of $196 million in cryptocurrencies on the Ethereum blockchain and an additional $96 million on the Binance Smart Chain when leaked private keys were exploited by hackers. The coins were then laundered through 1inch, and funds were deposited into a privacy mixer, Tornado Cash. Refunds for the $196 million loss have been promised but have yet to be provided as of this writing.

6. Bitgrail for $146M

  • Cause: Inside Job
  • Status: Repayment in progress
  • Date: February 2018

Taking place one month after the Coincheck hack, Bitgrail founder, known only as F. F. and based in Florence, Italy, is alleged by police to have participated in hacking his own exchange for $146 million worth of Nano. The hacker attacked the exchange’s stores of Nano coins via exploiting a bug he already knew about but failed to act on. Recovery efforts against F. F. remain ongoing, but thus far, no reimbursement has been made.

7. Poloniex for $125M

  • Cause: Private Key Compromise
  • Status: Still Developing
  • Date: November 10, 2023

Poloniex encountered a severe security breach with over $100 million in crypto assets drained. The hack, which was a result of a suspected private key compromise, saw funds from their wallet being moved to external accounts. In response, the exchange disabled the wallet, and Justin Sun, the exchange's owner, has offered a 5% bounty for the recovery of the funds and promised to reimburse affected users.

8. Liquid for $97M

  • Cause: Phishing
  • Status: Repayment expected in 2023 via collapsed FTX
  • Date: August 10, 2020

Hackers accessed Liquid’s internal network via a social-engineered phishing attack to access hot wallet credentials. Due to a subsequent attack of this nature in November 2020, hackers may have exploited the same attack vector. Funds were converted to Ethereum, and then the stolen $97 million in crypto was laundered via decentralized exchanges.

9. AscendEx for $77M

  • Cause: Hot Wallet Vulnerability
  • Status: Refunds promised but undelivered
  • Date: December 12, 2021

Hackers exploited a vulnerability in one of AscendEx’s hot wallets to steal $77 million in multiple cryptocurrencies. AscendEx moved to suspend transactions and transfer unaffected assets to cold wallets. The exchange promised to refund users fully, but this has yet to materialize.

10. Bitfinex for $71M

  • Cause: Security vulnerability
  • Status: Funds partially recovered
  • Date: August 2016

The Bitfinex hack in 2016 saw $71 million stolen allegedly by Ilya Lichtenstein and spouse Heather R. Morgan by exploiting a vulnerability within Bitfinex’s security system, despite its multi-signature wallet security feature. Law enforcement caught the culprits after they attempted to launder the coins via AlphaBay and, subsequently, Hydra. Both pled guilty to the crime in August 2023 and face maximum sentences of 20 years.

11. Zaif for $60M

  • Cause: Hot wallet security vulnerability
  • Status: Users fully refunded by Fisco
  • Date: September 14, 2018

Japanese cryptocurrency exchange Zaif saw hackers exploit a security vulnerability to access the company’s hot wallet, where $66 million in coins, including Bitcoin and MonaCoin, were stolen. Unfortunately, Zaif’s poor security measures meant the hack wasn’t detected for three days. This led to Fisco leading a $44.5 million acquisition of the firm and using the money to reimburse users in full.

12. Binance for $40M

  • Cause: Phishing and viruses
  • Status: Assets were insured
  • Date: May 2019

In 2019, Binance lost 7,000 Bitcoin, worth $40 million at the time. The hackers used a variety of techniques like phishing, viruses, and other methods in a carefully orchestrated attack. The 7,000 Bitcoin was only 2% of Binance's total Bitcoin holdings. They covered the losses for its users via the SAFU insurance fund so no users actually lost any crypto.

Author

At RankFi.com, our goal is to be your trusted source for crypto reviews, guides and research. We seek out researchers with extensive crypto knowledge and firsthand experience using dozens of CeFi and DeFi platforms.

🔥 Crypto Tools

Best No KYC, No VPN exchange (Up to 200x leverage)

Avoid geo-blocks and protect your IP address (54% Off!)

Hunt the most anticipated crypto airdrops!

Trade up to 100x leverage ($30,000 in bonuses)! 

Build an audience of thousands of crypto investors

Keep Reading


60+ Tools for Web3

Grab our ultimate list of tools covering Airdrops, DeFi, Bitcoin, and everything in-between!