Source: Plain Language Blockchain

Last Saturday, the world's second largest CEX Bybit was hacked, and a total of US$1.46 billion of ETH was stolen, setting a record for a single token theft case in history. On February 24, crypto financial card service provider Infini was also hacked, with about $49.5 million of funds stolen from its Ethereum address. This series of security incidents have made the already sluggish crypto market worse, not only exposing that the encryption platform is still not rigorous in asset security management, but also further weakens market liquidity. Security issues have once again become the focus of industry attention.

It can be said that crypto security incidents have occurred frequently in recent years, and involve various targets such as CEX, DeFi platforms and cross-chain bridges. According to a report by blockchain analysis company Chainalysis, hackers stole about US$2.2 billion in crypto assets in 2024. So far, the cumulative amount of stolen has exceeded US$5 billion (approximately RMB 36 billion).

Today, we will take a look at the top ten crypto security incidents in the past (including the Bybit theft incident in February 2025). The 36 billion yuan of assets lost in these ten security incidents are a "bloody and tears lesson" for the owners. For individuals, what important tips can we get to protect crypto assets?

01 Encrypted security incidents TOP10

The following figure is the top ten encrypted security incidents sorted by the amount of loss. These incidents cover a variety of complex attack methods, from smart contract vulnerabilities to private key leakage and database attacks.

Through analysis, we can see that these theft incidents not only expose specific security vulnerabilities, but also reflect the weak links in technical protection and risk management in the crypto industry.

Next, we will classify and analyze the causes of these events and the lessons learned in order to better understand the security risks behind them and provide reference for future prevention.

1) Wallet Private Key or Security Issues

Ronin Network Theft (March 2022): $625 million

Ronin Network is an extended solution designed for blockchain gaming and NFTs, created by Axie Infinity development team Sky Mavis to address Ethereum’s limitations on transaction fees and processing speed.

In March 2022, the Ronin network was attacked by the North Korean-backed hacker group Lazarus Group, which lost about $625 million in Ethereum and USDC. By attacking the network's verification nodes, the hacker successfully controlled 5 nodes, which was able to create and sign malicious transactions and eventually transfer funds to the address they controlled.

Coincheck theft (January 2018): US$534 million

Coincheck is one of the more well-known CEXs in the Japanese crypto market. It was established in 2012 and is committed to providing safe and convenient transaction services. In January 2018, Coincheck was hacked due to hot wallet security issues and lost about $534 million in NEM tokens.

DMM Bitcoin Theft Incident (May 2024): US$305 million

DMM Bitcoin is also a crypto CEX headquartered in Japan, founded in 2018.

In May 2024, DMM Bitcoin was hacked, resulting in the stolen 4,500 Bitcoins (with a market value of about $305 million at the time). Although the specific methods of the attack are still under investigation, according to relevant reports, the leaked private key may be a key factor in hacking.

KuCoin theft (September 2020): US$275 million

KuCoin is a well-known CEX in Singapore, founded in 2017.

In September 2020, KuCoin was hacked and lost about $275 million in various crypto tokens. The hacker successfully stole a large number of assets by obtaining the private key of the CEX hot wallet.

Summarizing these four stolen incidents, it can be seen that they were all stolen because of insufficient security of hot wallets or nodes. Verification nodes and hot wallets are highly convenient for Internet connection and are easily targeted by hackers. There are many ways to hack, including obtaining private keys through malware, phishing attacks, or exploiting internal vulnerabilities of the platform. Once the attack is successful, the hacker can quickly transfer assets, causing irreparable losses. Relatively speaking, storage places such as cold wallets that are not connected to the Internet can effectively avoid the risk of online attacks and become a relatively safer choice for crypto asset storage.

In addition, for CEX, ensuring strict management and storage security of private keys is the key to preventing large-scale funds from being theft; for individual users, properly custodying private keys also determines the security of assets. Once the private key is lost or leaked, the user will completely lose control of the assets because no third party can help retrieve the funds. Therefore, both CEX and individuals need to establish more complete key protection measures to reduce security risks.

2) Smart contract vulnerability

Poly Network theft incident (August 2021): US$600 million

Poly Network is a cross-chain protocol that allows users to seamlessly transfer and exchange assets between multiple blockchain platforms, thereby achieving cross-chain transactions and collaborative work.

In August 2021, the Poly Network cross-chain bridge was hacked due to a smart contract vulnerability, losing about US$600 million in various tokens. Hackers exploited the vulnerability to bypass permission control and transferred a large number of tokens to their own addresses. However, surprisingly, the hacker then negotiated with the platform and returned it one after another.Most of the stolen funds were stolen.

Wormhole Theft Incident (February 2022): US$320 million

Wormhole is a decentralized cross-chain bridge protocol that allows users to transfer assets between multiple blockchain networks without relying on a single chain ecosystem.

In February 2022, the Wormhole cross-chain bridge was hacked while connecting Solana and the Ethereum blockchain, resulting in the stolen $320 million in packaged Ethereum (wETH). The attacker exploited the vulnerability of the cross-chain bridge smart contract, bypassed the verification mechanism, foiled a large amount of wETH without authorization, and extracted it to his own address.

Security incidents in Poly Network and Wormhole expose the vulnerability of cross-chain protocols in asset transfer and verification processes. Especially in the management and verification of cross-chain assets, vulnerabilities are easily exploited by hackers and cause huge losses. This reminds us that the design of cross-chain protocols must pay more attention to permission control in smart contracts to ensure the verification of operations, especially in the management and verification of cross-chain assets.

In order to improve security, cross-chain platforms need to conduct regular comprehensive security audits and vulnerability inspections to promptly discover and fix potential problems. At the same time, it is recommended to introduce a multi-sign mechanism and stricter permission management in the contract design to avoid single point of failure or hackers controlling key permissions. In addition, the update and maintenance of cross-chain protocols should also have strict processes to ensure that each repair and upgrade is fully tested to improve the security of cross-chain platforms, reduce attack risks, and protect user assets.

3) System vulnerability or database leak

Mt. Gox theft incident (February 2014): US$473 million

Mt. Gox was once the world's largest Bitcoin CEX, and its trading volume once accounted for about 70% of the global Bitcoin transaction volume. It was founded in 2010 and is headquartered in Japan. It played a key role in the early boom of the crypto industry.

However, in 2014, the CEX eventually went bankrupt after several security breaches caused about 850,000 bitcoins to be stolen (worth about $473 million at the time) and became one of the most sensational scandals in crypto history. The attack exposed the problems of insufficient surveillance mechanism and slow response to suspicious activities, and the specific methods of the hackers' crime have not been fully identified yet.

Mixin Network Theft Incident (September 2023): US$200 million

Mixin Network is a decentralized cross-chain protocol designed to solve the interoperability problem between blockchains.

In September 2023, the Mixin Network peer-to-peer trading network was hacked due to a database leak from a cloud service provider, resulting in the stolen $200 million in Bitcoin and Ethereum assets.

These two events exposed system vulnerabilities and databasesSerious risks of leaking in the crypto industry. The Mt. Gox incident highlights the lack of sufficient security monitoring and response mechanisms for encrypted CEX, while the incident of Mixin Network reminds us that we must take extra care when relying on third-party cloud services. In order to avoid similar problems, the platform should strengthen multi-level security protection, establish a complete monitoring and emergency response system, and ensure that cooperation with third-party suppliers has sufficient security guarantees.

When dealing with such incidents, first of all the "eggs" should not be placed in the same basket; secondly, we also need to pay attention to whether this "basket" has sufficient compensation capacity when problems occur. Especially in the crypto space, when choosing CEX or other platforms, it is necessary to ensure that they have sufficient reserves and financial health to cope with potential large losses. At the same time, it is also necessary to evaluate the platform's risk response mechanism, insurance and historical compensation records. After all, risks are sometimes inevitable, and choosing a platform that can take responsibility in a crisis is also responsible for yourself.

4) Front-end tampering fraud

Bybit theft incident (February 2025): US$1.5 billion

Bybit is a crypto CEX established in 2018. It is headquartered in Singapore and mainly provides crypto derivative products.

After being hacked on February 22, 2025, it lost about US$1.5 billion in related pledged assets such as Ethereum. This incident involved cold wallet transaction manipulation. The hacker displayed the correct address through a deceptive signature interface, and at the same time changed the underlying smart contract logic to transfer funds to an unauthorized address. This attack method shows that even a cold wallet is not absolutely safe.

Although cold wallets are safer than hot wallets, we have also seen through the Bybit theft incident that security awareness is always the most important. In addition to choosing a CEX with a good security record, wallet management, transaction verification and secure operation processes are equally crucial, because cold wallets are not omnipotent.

It is reported that the root cause of the Bybit stolen incident is attributed to Safe multi-signature problems and attack methods. The attacker initiated a malicious masquerading transaction against Bybit through a damaged wallet Safe developer machine, indicating that even without obvious smart contract vulnerabilities or source code issues can be hacked due to insufficient security protection for developers' devices and credentials.

This reminds us that in addition to choosing a CEX with a good security record, wallet management, transaction verification and security operation processes are crucial, and developers' machine, credential management and every link of operations should strengthen security awareness. At the same time, users need to be extra cautious when signing transactions and be highly vigilant to ensure that every step of operation is not negligent.

5) Lightning loan attack

Euler Finance theft (March 2023): $197 million

Euler Finance is a based on Ethereum and OptimThe decentralized financial platform built by the Layer 2 network such as ism is committed to providing seamless and efficient borrowing and borrowing services.

In March 2023, Euler Finance's decentralized borrowing platform encountered a flash loan attack, resulting in the stolen of about US$197 million in various tokens. The attacker took advantage of the vulnerability in the platform's smart contract to manipulate market prices through lightning loans, triggering the platform's clearing mechanism, thereby illegally stealing funds.

This incident once again reveals the potential loopholes in the design of smart contracts and market mechanisms of decentralized financial platforms. Lightning loan attacks usually rely on manipulating market prices and triggering liquidation mechanisms, exposing the platform's weak links in price predictions and market stability. In order to deal with such attacks, platforms should focus on reviewing the code of smart contracts, especially in the parts involving market manipulation and liquidation mechanisms, and need to strengthen security protection.

In addition, security audits and historical reputation are key factors in evaluating project reliability. Even if a project promises high returns, do not ignore potential risks and avoid falling into traps. Whether you hand over funds to a centralized platform or use decentralized applications, you need to be cautious and do not take it lightly.

02What safety advice do you bring to individual coin holders?

Recalling these security incidents, it is not difficult to find that CEX's security vulnerabilities, mistakes in private key management, and upgrades of hacker methods are constantly threatening the security of crypto assets.

These events not only reveal the risks hidden in the digital asset world, but also provide us with valuable experience. Learning how to identify potential threats and adopt safer storage and transaction methods is a topic that every crypto user needs to pay attention to.

Next, we will summarize several key security suggestions from these cases, hoping to provide you with practical reference when managing digital assets, help reduce risks and avoid becoming the next victim.

1) Choose a reputable platform

Choose a CEX or platform with a good security record and transparent disclosure of security measures is the first step in protecting personal assets.

2) Use cold storage to protect assets

Storing important digital assets in cold wallets is an important means to prevent hackers.

3) Enable Two-Factor Authentication (2FA)

By binding a mobile phone, email or a dedicated validator, users can add an additional layer of security when logging in, which can effectively prevent the account from being accessed by unauthorized. Regular inspection and monitoring of account activities is an effective means to promptly detect suspicious transactions and potential threats.

5) Diverify investment and reduce risks

Disper assets to multiple platforms or wallets can diversify risks. For example, users can keep most of their assets in cold wallets and use a small amount of funds for daily transactions, or spread them into different trustworthy CEXs to reduce the overall losses caused by a single platform when encountering problems.

6) Trust

The most important feature of encrypted assets is that they are verified. Do not trust any third party by default to protecting their encryption security, including the software and hardware provided by wallet developers. At the same time, by default, personal networked devices are operated as "non-complete security devices". Be sure to personally verify that each transaction information submitted and signed by you is accurate.

03 Summary

It can be said that security prevention is not only a response to the problem, but also an active strategic layout. Crypto asset management is not only to deal with immediate risks, but also to ensure long-term and stable development. Only by cultivating daily safety habits, gradually strengthening protection capabilities, and preventing risks in every link can we effectively minimize risks.