Biggest Crypto Hack: BadgerDAO’s $120.3 million hack was one of the highest profile crimes of the 2021 holiday season. It seems like a lot of money, but it’s not even enough to crack the 10 top cryptocurrency heists of all time. This notorious list highlights the dangers of storing your crypto assets in exchange wallets or even participating in new projects.
Many crypto users are paranoid and prefer to store their coins and tokens in their own custodial wallets. This ensures you are in full control, which can also be a problem as we saw illustrated when QuadrigaCX CEO Gerry Cotton died in early 2019 with sole ownership over the private keys needed to unfreeze about $190 million in customer assets.
Here we breakdown the top 10 crypto thefts of all time (so far…) to determine what other lessons we can learn to be more mindful with our holdings.
10. Cream Finance – $130 Million
Cream Finance is a decentralized finance (DeFi) lending protocol that promised to let users earn yield like a traditional savings account but for crypto.
Its native token CREAM is an ERC-20 token that can run the Ethereum Virtual Machine. It supports multiple chains, including Ethereum, Binance, and Polygon.
Unfortunately, the platform was the target of multiple hacks in 2021, including $38 million stolen in February, $19 million in August, and a $130 million theft in late October. Each of these attacks caused the token’s price to plummet as users lost a lengthy list of altcoins.
9. Vulcan Forged – $140 Million
Vulcan Forged is a blockchain video game studio and NFT marketplace behand the VulcanVerse.
It’s a massive multiplayer online role-playing game (MMORPG) with a play-to-earn model on an open-word design and one of the best looking NFT video games, using the $PYR token as currency and $LAVA NFTs for in-game assets.
The Polygon-based PYR token’s price took a nosedive after a December 2021 hack in which 4.5 million PYR (equivalent to $140 million at the time) was stolen.
The hackers stole the private wallet keys of the 96 largest whales on the platform, and Vulcan Forged refunded those affected from its treasury.
8. Bitgrail – $146 Million
Bitgrail was a relatively small Italian crypto exchange that declared bankruptcy in 2019.
This followed a series of hacks that robbed over 230,000 customers of around $146 million worth of Nano ($NANO).
The State Police of Italy found the platform’s founder Francesco Firano responsible for fraudulent activity in relation to it.
7. Bitmart – $196 Million
Bitmart is another crypto market that was was targeted by cybercriminals in December 2021.
Hackers stole an estimated $196 million (originally reported as $150 million) of crypto assets. $100 million of those stolen assets came from Ethereum, and $96 million were on the Binance Smart Chain.
The stolen funds were taken from the exchange’s hot wallets and transferred through Tornado Cash to anonymous accounts.
6. PancakeBunny – $200 Million
PancakeBunny is a yield-farming decentralized exchange (DEX) and automated market maker on PancakeSwap.
It’s focused on expanding the Binance Smart Chain and has a BUNNY token that governs its internal ecosystem. This protocol was manipulated in May 2021 through a flash loan exploit in which one specific trading pair was taken for 697,000 BUNNY and 114,000 BNB, worth $200 million.
The BUNNY token’s price dropped to nearly $0 in the process, and Bunny Finance’s other project PolyBunny (a Polygon fork) was hit with the same flash loan attack for $2.1 million.
5. KuCoin – $285 Million
KuCoin is a popular crypto exchange and one of the most liquid markets in the world.
It provides advanced trading options like spot and margin trading to its userbase of over six million people. In September 2021, the exchange was hacked, and $285 million worth of tokens (across 154 tokens) was stolen.
The exchange was able to recover $240 million of those funds. $222 million was recovered by KuCoin’s internal team and exchange partners. $17.45 million was recovered by law enforcement. That left the exchange with a loss of $45.55 million when all was said and done.
4. Mt Gox – $460 Million
Mt Gox: The Gathering card game website was one of the earliest and most popular bitcoin exchanges.
By 2013, it handled over 70 percent of all $BTC transactions until February 2014 when the company shut down. It was reported that 850,000 bitcoins (valued at $460 million at the time) were stolen, starting in 2011.
By 2021, creditors and users were still trying to get their money back. It is estimated only 0.23 BTC is in custody for every bitcoin owed, but the price of bitcoin has skyrocketed since the shutdown.
Still, the return of 150,000 BTC to the circulating supply has many worried about a bitcoin price crash.
3. Coincheck – $523 Million
Coincheck advertises itself as the easiest way to buy and sell cryptocurrencies. This Tokyo, Japan-based bitcoin wallet and exchange got hit by cybercriminals in January 2018.
They stole $523 million worth of NEM ($XEM) coins. To this day, we still don’t know who’s responsible, despite the wallets involved being labeled as part of the hack.
However, 30 people have been charged in Japan with trading $96 million worth of the NEM coins marked as stolen in January 2021. The company was able to reimburse affected users with its treasury though, highlighting just how profitable these exchanges can be.
2. Poly Network – $610 Million
The Poly Network aims to enable cross-chain interoperability in the web3 infrastructure. It’s integrated into some of the largest and most popular blockchains, including Ethereum, Polygon, Avalanche, Neo, Zilliqa, and Ontology. According to its website, it has facilitated the transfer of over $15 billion in assets across chains.
Poly Network was the target of a major security breach in August 2021. A hacker exploited a vulnerability in the coding to steal over $600 million worth of digital tokens. The hacker eventually gave the money back voluntarily and was rewarded a $500,000 bounty by Poly Network for doing so.
1. Thodex – $2 Billion
Thodex was a popular cryptocurrency exchange in Turkey until it suspended operations April 2021, citing a “partnership offer.”
Local media outlets reported the platform’s founder, Faruk Fatih Ozer, fled Turkey for Albania with an estimated $2 billion of investor funds from its 400,000 users (Ozer denies the numbers involved nor any criminal behavior on his part).
Interpol issued a red notice for Ozer, while his siblings and senior employees of the company were jailed. The total assets in the company’s portfolio were estimated at closer to $109 million, but this centralized exchange still pulled the largest scam in cryptocurrency history.
Despite these crimes, crypto investments are still relatively safe. Fiat currencies like the US Dollar are involved in countless crimes too, and tracing the stolen funds is typically easier using digital currency ledgers. Still, be sure to secure your owned assets to avoid any potential problems.
The author has no position in any of the stocks mentioned. Financhill has a disclosure policy. This post may contain affiliate links or links from our sponsors.