Lost or stolen crypto?
Contact our Investigations team

Article Series: 12 Largest Crypto and DeFi Hacks

Learning from the Past: A Deep Dive into the 12 Largest Crypto and DeFi Hacks

DeFi Hacks

The world of cryptocurrency, blockchain and decentralized finance (DeFi) is a dynamic and rapidly evolving landscape. While these technologies have opened up exciting new opportunities, they have also been accompanied by significant risks, as evidenced by a number of high-profile hacks.

In this list, we will take a close look at the 12 largest crypto and DeFi hacks to date. We’ll delve into the details of each DeFi hacks incident, exploring how they happened, what was at stake, and the aftermath of these security breaches.

But our purpose here is not just to recount these DeFi hacks. Instead, we aim to extract valuable lessons from these incidents. By understanding the vulnerabilities that were exploited and the mistakes that were made, we can better prepare for the future and contribute to the development of more secure and resilient systems.

Whether you’re a seasoned crypto enthusiast, a newcomer to DeFi, or a cybersecurity professional, this list will provide valuable insights into the challenges and risks inherent in these groundbreaking technologies.

(And if you have already been hacked and these lessons are too late, contact our Crypto Investigators service.)

12 Largest Crypto Hacks
The most comprehensive ranked list of the biggest DeFi and crypto hacks in history (Up until November 1, 2022. We suspect an even larger crypto hack is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which crypto hacks were the biggest in terms of total value of the stolen digital assets at the time of the incident. Two of the entries occurred while we were conducting our research; that’s how we know this will be the most accurate and up-to-date list of the top 12 hacking incidents in crypto’s history. Crypto Hack 1. Poly Network: $611M At $611M, the Poly Network exploit of August 10, 2021 ranks as the largest crypto hack to date in terms of mark-to-market value. Using a series of data manipulation techniques in the high-level code of the Ethereum smart contract, the attacker was able to steal around $274M in crypto assets from the Poly network’s Ethereum wallet, around $253M from the BNB Chain wallet, and another roughly $85M from the Polygon wallet. All the stolen funds were returned, but the identity of the hacker is still unknown. Read an...
Read More
Binance Bridge Hack
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the attack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent Binance bridge hack – hack of Binance’s native cross-chain bridge BSC Token Hub, revealed to the world what many early adopters of blockchain technology already knew: The BNB Smart Chain (formerly Binance Smart Chain) is not very “decentralized”. How did the BNB Smart Chain bridge get hacked, how did Binance stop it, and what does the Binance bridge hack have to do with decentralization? Let’s go through this in order. How the BSC Token Hub was Hacked The BSC Token Hub is a cross-chain bridge native to Binance that allows users to transfer tokens between the BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC). On October 6, 2022, an attacker interacted with the BSC Token Hub smart contract in a way that allowed them to print two million BNB tokens (the native token on the BNB Smart Chain), worth approximately $566 million at...
Read More
Beanstalk Farms
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. Beanstalk Farms Hack is a great example of DeFi hacks. A flash loan is, like it sounds, a very fast loan. It happens within a single blockchain transaction and no collateral is needed. Instead, the borrower needs to set up a series of trades using smart contracts that can all be executed at once, and they must yield a profit. If the trade doesn’t yield a profit, the transaction is cancelled and the loan is not approved. On the other hand, if it does yield a profit then a fee is paid to the platform issuing the loan, such as Aave for example, and the remainder is kept by the trader. If that all sounds too good to be true, it’s because it kind of is. You’ll pay a lot in gas fees, even for failed transactions, and the vast majority of your transactions will probably...
Read More
Nomad Bridge Hack
One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing. Decentralization is a hot-button topic in 2022. To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the flow of information, and bad data privacy and data monetization practices. Proponents of distributed blockchain technology offer web3 as the decentralized solution to these problems, but web3 has some kinks to work out before it can replace the established infrastructure of web2. One of those kinks involves exploitable smart contracts, a $190 million liquidity pool, and simple human nature. This is the full story behind one of the largest DeFi hacks, the Nomad Bridge Hack of August, 2022. The Nomad Bridge Hack Timeline August 1, 2022: Source: https://twitter.com/nomadxyz_/status/1554246853348036608?s=20&t=bbAzgxq95hczZKUsXIabgw Ethereum block 15259101 at 21:32:31 UTC contains four transactions at indices 0, 1, 3, and 124. Each transaction is a fraudulent withdrawal from the Nomad bridge for 100 WBTC (~$2.3M at the time). An attacker has found a bug in the smart contract that verifies Ethereum transactions on the bridge, and it’s as easy as copy/pasting the...
Read More
Poly Network Hack
The $611M Poly Network hack is the largest crypto and DeFi hacks to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown. Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date gave all the stolen crypto assets back within 15 days of the incident. But how was the Poly Network hack carried out? Why did they return the funds? And how did they manage to remain anonymous? We’ll explore these questions, but first… What is the Poly Network? The Poly Network is a DeFi platform that enhances blockchain interoperability by enabling users to transfer information and cryptocurrencies between various blockchains. Using the Poly Chain consortium blockchain as its framework, the Poly Network deploys a series of smart contracts to establish bridges between Bitcoin, Ethereum, BNB Smart Chain, and more than 20 other blockchains. In simplified terms, Poly Network lets blockchains talk to each other using smart contracts. How the Poly Network Hack Happened A comprehensive Poly Network hack technical report by Kraken Security Labs less than 2 months after the incident revealed the mechanics of the...
Read More
Wintermute Hack
Wintermute Hack – getting to the bottom of the exploit that led to one of the biggest DeFi hacks in the history of decentralized finance.  In order to understand the $160M Wintermute hack, we first need to understand algorithmic market makers and how they work in DeFi (decentralized finance), since that’s what Wintermute is. Imagine you’re the developer of a crypto project and you expect to get your token listed on a large exchange, even a top 10 such as Kraken or Binance. It sounds great, but now you have a new problem because you’ll need to constantly ensure the exchange always has enough liquidity to maintain trading, especially in DeFi markets where liquidity is a primary target for exploiters to attempt malicious activities and try to drain the funds. It would be great if you could deploy an algorithm to perform this constant liquidity observation and management for you – that’s essentially what an algorithmic market maker does. Wintermute offers this service on both centralized and decentralized exchanges, among other services such as OTC trading and early-stage start up investments. They incentivize users to provide liquidity into their protocol, and then their protocol manages the markets and liquidity pools...
Read More
BitMart Hack
BitMart Hack – A missing pile of Safemoon and other cryptocurrencies, accusations of broken promises, and then nothing. When a high-profile cyber attack takes place and hundreds of millions of dollars are lost, usually a healthy balance is struck between safeguarding information to protect ongoing investigations and maintaining a level of transparent communication with the public. In the case of BitMart hack, they chose to keep a lot under wraps. We can still get a general idea of what happened and what went wrong from a string of statements they made early on. This is the fullest story you’ll find on what happened with the $200M BitMart hack. Timeline of the BitMart Hack December 04, 2021: At approximately 22:30 UTC, BitMart staff identifies a security breach involving two hot wallets (lower-security wallets that are connected to the internet). They respond by immediately shutting down various systems, including withdrawals and the freezing of certain trading pairs. We learn in a later update that the BitMart hack involved the attacker gaining access to two private keys, which allowed them to take various cryptocurrencies from the two wallets. December 05, 2021: At 00:28 UTC, just under 2 hours after BitMart noticed the hack...
Read More
1 2

Let us help you realize and protect the benefits of the new economy