Top 10 Biggest Crypto Hacks

In light of the recent Drift Protocol hack which saw over $250 million siphoned off, the scale of crypto exploits in 2026 is hard to ignore. Chainalysis’ 2026 Crypto Crime report shows over $1.7 billion has already been stolen this year alone, with a big chunk linked to state-backed groups and advanced social engineering attacks.

Beyond the infamous FTX, Terra Luna and Mt. Gox moments, here are some of the other major crypto hacks that shook the market.

10. BitMart Exchange: $196 Million (2021)

The BitMart hack was a classic case of compromised private keys. Attackers gained access to hot wallets and drained funds across Ethereum and BSC. BitMart later covered some of the user losses, but the incident reinforced the fact: if your keys are exposed, nothing else matters.

9. Euler Finance: $197 Million (2023)

This one was a textbook flash loan attack. The attacker manipulated the protocol’s lending logic and drained nearly $200 million in a matter of just 15 minutes. The attacker stole a mix of assets including DAI, WETH, WBTC, stETH, and millions in USDC.

8. Cetus Protocol: $223 Million (2025)

The Sui blockchain faced one of its biggest shocks in May 2025 when Cetus Protocol, a DEX, was exploited for $223 million. A flaw in liquidity calculations allowed attackers to extract massive value from the system.

7. KuCoin Exchange: $285 Million (2020)

The KuCoin hack happened after attackers gained access to private keys of hot wallets. What made this case unique was the recovery effort. A large portion of the funds was tracked, frozen, and later returned.

6. Drift Protocol: $285 Million (2026)

The most recent entry on this list, Drift was hit on April 1, 2026, losing $285 million in what was described as "an attack six months in the making." The Solana based DEX was targeted by a North Korean state sponsored hacking group that engaged in an elaborate social engineering campaign.

5. DMM Bitcoin Exchange: $305 Million (2024)

This one's a pretty clear reminder that centralized exchanges are still a big target for hackers. The hackers pulled off a clever social engineering attack by posing as a recruiter on LinkedIn and targeting an employee. They sent a malicious Python script disguised as a pre-employment test, and once it was uploaded to GitHub, they gained access to the systems and siphoned off. It was later confirmed that the North Korean hacking group TraderTraitor, an offshoot of the Lazarus Group, was behind the attack. The breach forced DMM to eventually discontinue operations.

4. Wormhole: $320 Million (2022)

The Wormhole bridge hack was a near catastrophe for the Solana DeFi ecosystem. An attacker fraudulently minted 120,000 wrapped Ethereum tokens worth over $320 million by forging signatures on the bridge. Simply put, they created value out of thin air. No doubt, bridges are still one of the weakest points in crypto.

3. Binance BNB Bridge: $569 Million (2022)

An attacker exploited a flaw in BSC Token Hub, forging proofs to withdraw 2 million BNB (~$569M). Binance quickly halted the network and coordinated validators, freezing about 80% of the funds and limiting losses to roughly $100M. Security researchers noted that the vulnerability could have allowed the attacker to forge unlimited messages, making the damage potentially far worse.

2. Poly Network: $611 Million (2021)

This one's the strangest of all! An anonymous attacker exploited a cross chain bridge vulnerability and stole $611 million across Ethereum, Binance Smart Chain, and Polygon. After blockchain security firm SlowMist reportedly tracked down the attacker's IP address, the hacker began returning the funds. In on chain messages, the hacker claimed they did it "for fun" and to expose security flaws, adding that they could have taken even more. Nearly all the stolen assets were returned within two weeks.

1. Bybit Exchange: $1.46 Billion (2025)

The 2025 exploit of Bybit is now the largest crypto hack ever recorded. Hackers carried out a sophisticated malware attack that tampered with the multi-signature approval process and subtly altered smart contracts to look legitimate while diverting funds. Investigators at Chainalysis linked it to Lazarus Group, noting its typical laundering patterns. Within hours, the stolen assets were swapped into native tokens and spread across hundreds of wallets.

Final Thoughts

Crypto is getting more advanced, but so are attackers. And as long as billions sit onchain, the incentive to exploit weaknesses is not going anywhere. 

If you enjoyed this, check out our other Top 10 feature on some of the biggest crypto fumbles out there.