8 of the biggest crypto thefts of all time

Privacy news
6 mins
biggest crypto thefts

It’s easy to see why crypto heists capture the public imagination. First, there’s the sheer amount of money to be pilfered—legacy banking institutions rarely get robbed of such vast amounts of money. Secondly, cryptocurrencies have only recently started to pique the public interest, so any hack invariably makes the news. On top of that, the money is very hard to trace, making its theft something of a perfect crime. The most likely targets are crypto exchanges, where large amounts of currency are stored by numerous users.

With all that laid out, let’s take a look at the biggest cryptocurrency heists of all time.

[Get all the privacy news. Sign up for the ExpressVPN Blog Newsletter.]

1. Poly Network

In one of the largest cryptocurrency thefts to date, a hacker stole over 600 million USD worth of digital tokens in August 2021. Poly Network, a DeFi (decentralized finance) platform, had a vulnerability in its network exploited by a hacker that the media calls “Mr. White Hat.” 

Since the initial theft, the story grew stranger by the day. Not only did Mr. White Hat maintain a public and steady discourse with Poly Network, but they also returned everything that was stolen around a week later. At one point, Poly Network offered Mr. White Hat a bounty of 500,000 USD to return all stolen funds in addition to a job offer to become their chief security officer.

At the end of the ordeal, Mr. White Hat stated that: “My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style… The consensus was reached in a painful and obscure way, but it works. Some people even suspect that the whole story is a PR stunt.

PR stunt or not, it certainly had people talking!

2. Coincheck

Japanese crypto exchange Coincheck was hacked to the tune of 500 million NEM (or about 532 million USD) in January 2018. While Coincheck itself had been in operation since 2014, the currency in question, NEM, and its cold wallet hadn’t been set up properly.

The hack was initially blamed on state-sponsored operatives from North Korea, but it was later revealed that the attack possibly had Russian origins. Personal laptops of some of the exchange’s employees were infected with malware, with the hackers able to exploit system vulnerabilities after gaining access.

To the surprise of most observers, Coincheck was able to make its customers whole again, using the massive profits it had amassed in the process. It did however inspire Japan’s financial regulator to further restrict its nascent exchange ecosystem.

The Coincheck hack is the largest cryptocurrency heist in history, judging by the fiat equivalent at the time.

3. Mt. Gox

The Mt. Gox hack reverberated throughout global crypto communities and for good reason. It is still not entirely clear how many attackers were able to steal exactly how much, but we do know that a vulnerability that allowed users to withdraw more Bitcoin than they owned persisted for quite some time. Mt. Gox had a massive market share around the time it collapsed, and was the dominant exchange with up to 90% of all trades happening on its platform in the years prior.

Initially the company declared a loss of 850,000 Bitcoin, worth about 450 million USD at the time.

Mt. Gox was initially set up by Jed McCaleb as a place to trade in-game tokens. The exchange was upgraded to include Bitcoin after McCaleb noticed the currency’s growing popularity and wanted to help traders. However, it never reached the levels of sophistication required to enable secure transactions. As Bitcoin trading levels grew, the activity didn’t go unnoticed by hackers.

About 200,000 of the Bitcoin initially reported lost have been recovered, but pending court cases and claims have prevented their return to the rightful owners.

4. Bitfinex

The Bitfinex hack was first announced in August 2016 and involved a total of about 120,000 Bitcoin, representing a fiat equivalent of 72 million USD at the time. Unlike with Mt. Gox, the coins were stolen in a single attack out of the company’s wallets, despite them having set up some precautions to prevent such failure. It is still unclear how and which mechanisms failed and allowed the attackers to get away with such a heist.

Bitfinex offered to compensate its users using an ‘IOU’ in the form of a token. Token holders could immediately sell it at a discount or wait until Bitfinex could buy it back using business profits. Within a year, Bitfinex had purchased about 95% of all issued tokens.

Bitfinex continues to operate to this day. In July 2019, two Israelis were arrested on suspicion of having carried out the hack.

5. NiceHash

Occupying a place on our list is NiceHash, which was defrauded of 4,700 Bitcoin (or about 64 million USD) in December 2017. NiceHash was a Slovenian cryptocurrency mining marketplace, where independent miners could rent out hash power to users who didn’t have their own mining machines.

NiceHash operated a number of hot and cold wallets to distribute mining rewards among its members. It was these wallets that were targeted, but despite the large number of funds lost, NiceHash has been able to reimburse over 75% of all losses.

6. Zaif

Zaif was plundered of various cryptocurrencies, including Bitcoin, Bitcoin Cash, and Monacoin, losing about 62 million USD in fiat equivalent in September 2018.

It took the exchange three days to realize that funds were missing from its hot wallets, but it promptly announced that company funds would be used to compensate all customers.

7. Binance

Hackers swiped 7,000 Bitcoin from Binance, one of the world’s most popular crypto exchanges, in May 2019. The amount totaled about 40 million USD in equivalent fiat. Binance was able to reimburse its users with a dedicated ‘insurance fund’ set up for this purpose. Withdrawals, however, were suspended for a few days as the exchange tried to figure out what went wrong. The CEO, Zhao Changpeng, wrote a comprehensive blog post outlining the attack and engaged in a Twitter exchange to allay user concerns, pre-empting concerns raised especially during the Mt. Gox and Bitfinex crises.

8. BitGrail

Italian cryptocurrency exchange BitGrail was robbed of 17 million Nano (XRB) coins in February 2018, representing a fiat equivalent of 170 million USD at the time. BitGrail was not well known among cryptocurrency traders and only offered a handful of coins, with Nano comprising most of its trading liquidity. BitGrail offered to modify its Blockchain to cover for the losses but that suggestion, unsurprisingly, was rejected by Nano’s devs.

Never store your coins on an exchange

When you store your money in a traditional bank, you do so because you have few other options. Of course, it’s possible to sidestep banks and store money in the form of government bonds or cash under your mattress, but the lack of insurance, physical security and convenience dissuades people from doing so. Let’s be honest: Until recently, no one had much other choice.

The rise of cryptocurrencies gave people the option to “be their own bank.” Only software, or in some cases just a piece of paper, is needed to securely store any amount, no matter how high. Balances are easy to audit, hard to steal, and trivial to transfer. So why do users of cryptocurrencies instead store their “coins” with exchanges, which carry all the downsides of banks (you have to trust them) with none of the upsides (exchanges are not backed or insured by the government)?

When storing your crypto with an exchange, you have to trust the exchange with not running afoul of the law, its executives with not running away with your money, and its security policies providing robust protection. And as we’ve seen, the amount of crypto stored in an exchange has proved tempting for thieves, with numerous examples of successful break-ins.

Unlike with traditional banks, there is no need for cryptocurrency holders to keep their coins on an exchange. Instead, they can store them in a wallet on their phone or a dedicated device. Bitcoin likely still will be around in five to ten years, but the exchange of your choice might not.

Don’t lose your Bitcoin!

Phone protected by ExpressVPN.
Take back control of your privacy

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.