11 Largest Crypto Exchange Hacks In History

Currently, cryptocurrency hack estimates range from $3 billion a year to $14 billion a year. Whether it's DeFi protocols or centralized platforms, hacks in the cryptocurrency space are all too common. 

Today, we'll look at the 11 biggest hacks in history specifically from centralized crypto exchanges.

This list is peppered with household names, highlighting the fact that you can never be too safe.

Overview

1. Coincheck for $532M

• Cause: Malware and Phishing
• Status: Users were refunded in 2018
• Date: January 26, 2018 

Japanese exchange Coincheck, established in 2012, suffered the world’s largest cryptocurrency exchange hack when hackers used a phishing and malware attack to access user hot wallets. NEM currency was used to ship user funds out, but after an investigation, Coincheck announced that all affected 260,000 users would be refunded for all assets taken.

2. Mt. Gox for $480M

• Cause: Security Breach
• Status: Repayment Expected in Oct 2023
• Date: February 24/25, 2014

Once responsible for processing 70% of all global Bitcoin transactions, Mt. Gox was hacked in 2014, with $480 million in Bitcoin taken. This followed a 2011 attack where $8.75 million was lost. Hackers gained control of an auditor’s computer, poured bogus Bitcoins into the exchange to drive the price down, and extracted money from hot wallets. CEO Mark Karpeles was found guilty of falsifying financial records.

3. FTX for $415M

• Cause: Unknown
• Status: Recovery efforts are in progress
• Date: November 2022

The collapse of FTX is the most recent significant hack. Over ten days (one day after filing for bankruptcy), user wallets were drained of their coins. The cause is unknown, with many in the crypto community speculating that it was an inside job. CEO Sam Bankman-Fried is awaiting trial in New York City while prosecutors continue their recovery efforts. Thankfully, most of FTX’s assets were liquid and in easily accessible fiat currency.

4. KuCoin for $281M

• Cause: Unknown
• Status: Assets were insured
• Date: September 25, 2020

Singaporean crypto exchange KuCoin lost at least $281 million in various cryptocurrencies, including Bitcoin, Ethereum, and Litecoin. The most commonly cited reason is DeFi protocols, but KuCoin has revealed little else. It’s known that the money was laundered through decentralized exchanges. The culprits are believed to be North Korean, but quick action to disable online transactions limited the damage, and the exchange’s insurance policy refunded users.

5. Bitmart for $196M

• Cause: Stolen private key
• Status: Refunds promised and undelivered
• Date: December 4, 2021

BitMart suffered a loss of $196 million in cryptocurrencies on the Ethereum blockchain and an additional $96 million on the Binance Smart Chain when leaked private keys were exploited by hackers. The coins were then laundered through 1inch, and funds were deposited into a privacy mixer, Tornado Cash. Refunds for the $196 million loss have been promised but have yet to be provided as of this writing.

6. Bitgrail for $146M

• Cause: Inside Job
• Status: Repayment in progress
• Date: February 2018

Taking place one month after the Coincheck hack, Bitgrail founder, known only as F. F. and based in Florence, Italy, is alleged by police to have participated in hacking his own exchange for $146 million worth of Nano. The hacker attacked the exchange’s stores of Nano coins via exploiting a bug he already knew about but failed to act on. Recovery efforts against F. F. remain ongoing, but thus far, no reimbursement has been made.

7. Liquid for $97M

• Cause: Phishing
• Status: Repayment expected in 2023 via collapsed FTX
• Date: August 10, 2020

Hackers accessed Liquid’s internal network via a social-engineered phishing attack to access hot wallet credentials. Due to a subsequent attack of this nature in November 2020, hackers may have exploited the same attack vector. Funds were converted to Ethereum, and then the stolen $97 million in crypto was laundered via decentralized exchanges.

8. AscendEx for $77M

• Cause: Hot Wallet Vulnerability
• Status: Refunds promised but undelivered
• Date: December 12, 2021

Hackers exploited a vulnerability in one of AscendEx’s hot wallets to steal $77 million in multiple cryptocurrencies. AscendEx moved to suspend transactions and transfer unaffected assets to cold wallets. The exchange promised to refund users fully, but this has yet to materialize.

9. Bitfinex for $71M

• Cause: Security vulnerability
• Status: Funds partially recovered
• Date: August 2016

The Bitfinex hack in 2016 saw $71 million stolen allegedly by Ilya Lichtenstein and spouse Heather R. Morgan by exploiting a vulnerability within Bitfinex’s security system, despite its multi-signature wallet security feature. Law enforcement caught the culprits after they attempted to launder the coins via AlphaBay and, subsequently, Hydra. Both pled guilty to the crime in August 2023 and face maximum sentences of 20 years.

10. Zaif for $60M

• Cause: Hot wallet security vulnerability
• Status: Users fully refunded by Fisco
• Date: September 14, 2018

Japanese cryptocurrency exchange Zaif saw hackers exploit a security vulnerability to access the company’s hot wallet, where $66 million in coins, including Bitcoin and MonaCoin, were stolen. Unfortunately, Zaif’s poor security measures meant the hack wasn’t detected for three days. This led to Fisco leading a $44.5 million acquisition of the firm and using the money to reimburse users in full.

11. Binance for $40M

• Cause: Phishing and viruses
• Status: Assets were insured
• Date: May 2019

In 2019, Binance lost 7,000 Bitcoin, worth $40 million at the time. The hackers used a variety of techniques like phishing, viruses, and other methods in a carefully orchestrated attack. The 7,000 Bitcoin was only 2% of Binance's total Bitcoin holdings. They covered the losses for its users via the SAFU insurance fund so no users actually lost any crypto.