Lost or stolen crypto?
Contact our Investigations team

Article Series: 12 Largest Crypto / DeFi Hacks

12 Largest Crypto Hacks
The most comprehensive ranked list of the biggest crypto hacks in history (Up until November 1, 2022. We suspect an even larger one is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which ones were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while we were conducting our research; that’s how we know this will be the most accurate and up-to-date list of the top 12 hacking incidents in crypto’s history. 1. Poly Network: $611M At $611M, the Poly Network exploit of August 10, 2021 ranks as the largest crypto hack to date in terms of mark-to-market value. Using a series of data manipulation techniques in the high-level code of the Ethereum smart contract, the attacker was able to steal around $274M in crypto assets from the Poly network’s Ethereum wallet, around $253M from the BNB Chain wallet, and another roughly $85M from the Polygon wallet. All the stolen funds were returned, but the identity of the hacker is still unknown. Read an in-depth analysis of the Poly Network...
Read More
Binance Bridge Hack
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the hack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent hack of Binance’s native cross-chain bridge BSC Token Hub revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very “decentralized”. How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does this all have to do with decentralization? Let’s go through this in order. How the BSC Token Hub was Hacked The BSC Token Hub is a cross-chain bridge native to Binance that allows users to transfer tokens between the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC). On October 6, 2022, an attacker interacted with the BSC Token Hub smart contract in a way that allowed them to print two million BNB tokens (the native token on the BNB Smart Chain), worth approximately $566 million at the time. This was achieved using...
Read More
Beanstalk Farms
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must yield a profit. If the trade doesn’t yield a profit, the transaction is cancelled and the loan is not approved. On the other hand, if it does yield a profit then a fee is paid to the platform issuing the loan, such as Aave for example, and the remainder is kept by the trader. If that all sounds too good to be true, it’s because it kind of is. You’ll pay a lot in gas fees, even for failed transactions, and the vast majority of your transactions will probably fail. There are programs to help you organize the trades...
Read More
Nomad Bridge Hack
One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing. Decentralization is a hot-button topic in 2022. To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized solution to these problems, but web3 has some kinks to work out before it can replace the established infrastructure of web2. One of those kinks involves exploitable smart contracts, a $190 million liquidity pool, and simple human nature. This is the full story behind the Nomad Bridge Hack of August, 2022. The Nomad Bridge Hack Timeline August 1, 2022: Source: https://twitter.com/nomadxyz_/status/1554246853348036608?s=20&t=bbAzgxq95hczZKUsXIabgw Ethereum block 15259101 at 21:32:31 UTC contains four transactions at indices 0, 1, 3, and 124. Each transaction is a fraudulent withdrawal from the Nomad bridge for 100 WBTC (~$2.3M at the time). An attacker has found a bug in the smart contract that verifies Ethereum transactions on the bridge, and it’s as easy as copy/pasting the fraudulent transaction details and replacing the...
Read More
Poly Network Hack
The $611M Poly Network exploit is the largest crypto hack to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown. Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident. But how was the hack carried out? Why did they return the funds? And how did they manage to remain anonymous? We’ll explore these questions, but first.. What is the Poly Network? The Poly Network is a DeFi platform that enhances blockchain interoperability by enabling users to transfer information and cryptocurrencies between various blockchains. Using the Poly Chain consortium blockchain as its framework, the Poly Network deploys a series of smart contracts to establish bridges between Bitcoin, Ethereum, BNB Smart Chain, and more than 20 other blockchains. In simplified terms, Poly Network lets blockchains talk to each other using smart contracts. How the Poly Network Hack Happened A comprehensive technical report by Kraken Security Labs less than 2 months after the incident revealed the mechanics of the attack. Through a series of data manipulation...
Read More
Wintermute Hack
Getting to the bottom of the exploit that led to one of the biggest hacks in the history of decentralized finance.  In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is. Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as Kraken or Binance. It sounds great, but now you have a new problem because you’ll need to constantly ensure the exchange always has enough liquidity to maintain trading, especially in DeFi markets where liquidity is a primary target for exploiters to attempt malicious activities and try to drain the funds. It would be great if you could deploy an algorithm to perform this constant liquidity observation and management for you – that’s essentially what an algorithmic market maker does. Wintermute offers this service on both centralized and decentralized exchanges, among other services such as OTC trading and early-stage start up investments. They incentivize users to provide liquidity into their protocol, and then their protocol manages the markets and liquidity pools across the project’s various...
Read More
BitMart Hack
A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing. When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public. In the case of BitMart’s security breach, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on. This is the fullest story you’ll find on what happened with the $200M BitMart hack. Timeline of the BitMart Hack December 04, 2021: At approximately 22:30 UTC, BitMart staff identifies a security breach involving two hot wallets (lower-security wallets that are connected to the internet). They respond by immediately shutting down various systems, including withdrawals and the freezing of certain trading pairs. We learn in a later update that the security breach involved the attacker gaining access to two private keys, which allowed them to take various cryptocurrencies from the two wallets. December 05, 2021: At 00:28 UTC, just under 2 hours after BitMart noticed the hack and paused...
Read More
1 2

Let us help you realize and protect the benefits of the new economy