Home › Crypto Hack & Collapse Database

Every major crypto hack, collapse & fraud

A running, sourced record of the disasters that shaped cryptocurrency: exchange hacks, bridge exploits, DeFi drains, Ponzi schemes and the great collapses. 60 incidents, each with the amount, the date, what happened and how it ended. Filter by type or sort by size.

60
Incidents documented
2012 to today
~$81.1B
Combined losses*
see note below
$40B
Largest single event
Terra / LUNA, 2022
$8B
Biggest exchange failure
FTX, 2022

* A combined figure that mixes different measures: funds stolen (hacks), market value wiped (Terra, ~$40B), customer shortfalls (FTX, ~$8B) and scheme sizes (the big Ponzis). It is illustrative, not a single “funds stolen” total. Every entry is individually sourced; disputed figures are flagged in the data.

Sort
$285M
DeFi exploit

Drift Protocol exploit

Apr 2026

Solana perpetuals DEX Drift Protocol was drained of about $285M on 1 April 2026 after attackers ran a months-long social-engineering campaign and abused Solana durable nonces to trick Security Council members into pre-signing dormant transactions, then whitelisted a worthless fake token (CVT) as collateral to withdraw real assets.

Outcome: Chainalysis, TRM Labs and Elliptic assessed it as a suspected DPRK-linked operation tied to the same actors as the October 2024 Radiant Capital hack (Mandiant's UNC4736); it was the largest DeFi exploit of H1 2026 and the funds were not recovered.

sources

$292M
Bridge hack

KelpDAO rsETH bridge exploit

Apr 2026

KelpDAO's rsETH LayerZero bridge was exploited for about $292M (roughly 116,500 rsETH) on 18 April 2026 after attackers compromised LayerZero's off-chain verification layer (a single 1-of-1 DVN) to fake a cross-chain token burn and trigger release of funds, the largest crypto exploit of 2026.

Outcome: The attack was attributed to North Korea's Lazarus Group; KelpDAO paused contracts to block a further roughly $95M theft and the Arbitrum Security Council froze over 30,000 ETH of downstream funds, but most of the stolen value was not recovered.

sources

$223M
DeFi exploit

Cetus Protocol exploit

May 2025

Cetus, the largest DEX on the Sui network, was exploited for about $223M on May 22 2025 via an integer-overflow bug in a third-party math library (integer-mate) that let the attacker mint near-free liquidity positions.

Outcome: Sui validators coordinated to freeze roughly $162M by refusing to process the attacker's transactions (about $60M had already bridged to Ethereum), and Cetus relaunched using recovered funds plus a $30M Sui Foundation loan; the attacker was not identified.

sources

$1.4B
Exchange hack

Bybit hack

Feb 2025

On Feb 21 2025 attackers compromised the Safe{Wallet} developer infrastructure and tricked Bybit signers into approving a malicious transaction during a cold-wallet transfer, stealing about 401,347 ETH plus staked-ETH tokens in the largest crypto theft in history.

Outcome: The FBI attributed the theft to North Korea, which it tracks as TraderTraitor (Lazarus); Bybit stayed solvent using loans and reimbursed users, but the vast majority of funds were laundered, with only a small fraction frozen.

sources

$73M
Exchange hack

Phemex hack

Jan 2025

Singapore-based exchange Phemex had hot wallets drained across 16-plus blockchains on Jan 23 2025, with total losses estimated between roughly $70M and $85M.

Outcome: On-chain investigators attributed the theft to North Korea's Lazarus Group; Phemex reimbursed users and resumed withdrawals within days, though the stolen funds were not recovered.

sources

$50M
DeFi exploit

Radiant Capital hack

Oct 2024

Cross-chain lending protocol Radiant Capital lost about $50M on Oct 16 2024 after malware on developers' devices spoofed the Safe signing interface and compromised 3 of 11 multisig keys.

Outcome: Mandiant attributed the attack to North Korea (UNC4736/Lazarus); the funds were not recovered and Radiant ultimately wound down its operations.

sources

$235M
Exchange hack

WazirX hack

Jul 2024

Indian exchange WazirX lost about $235M on Jul 18 2024 when a Safe multisig wallet held under Liminal Custody was drained through a malicious contract-upgrade and phishing attack.

Outcome: The US, Japan and South Korea jointly attributed the theft to North Korea's Lazarus Group in Jan 2025; WazirX suspended trading and pursued a court-supervised restructuring (scheme of arrangement) in Singapore, and funds were not recovered.

sources

$305M
Exchange hack

DMM Bitcoin hack

May 2024

Japanese exchange DMM Bitcoin lost 4,502.9 BTC (about $305M) on May 31 2024, the largest crypto theft of 2024, via a compromise tied to wallet-software partner Ginco and social engineering of an employee.

Outcome: The FBI, DC3 and Japan's NPA attributed it to North Korea's TraderTraitor (Lazarus); funds were not recovered and DMM Bitcoin wound down, transferring customer accounts and assets to SBI VC Trade by March 2025.

sources

$120M
Exchange hack

Poloniex hack

Nov 2023

On November 10, 2023, the Justin Sun-linked exchange Poloniex had a hot wallet compromised, with roughly $120 million in ETH, TRX, stablecoins, and other tokens drained, consistent with a private-key compromise.

Outcome: Justin Sun pledged full reimbursement and offered a $10 million white-hat bounty and said the attacker was identified; most funds were not returned, and analysts later linked the attack to Lazarus.

sources

$200M
DeFi exploit

Mixin Network hack

Sep 2023

On September 23, 2023, Hong Kong-based Mixin Network lost about $200 million after the database of its cloud-service provider was breached, the largest single crypto theft of 2023. Deposits and withdrawals were suspended.

Outcome: Funds were largely not recovered; founder Feng Xiaodong announced a plan to initially refund 50% of affected users' assets, and the incident was not attributed to Lazarus.

sources

$126M
Bridge hack

Multichain bridge exploit

Jul 2023

In early July 2023, roughly $126 million was drained from Multichain's cross-chain bridges (nearly $120 million from the Fantom bridge) via unauthorized withdrawals from MPC-controlled addresses. The team then announced it was ceasing operations after CEO Zhaojun was detained by Chinese police.

Outcome: Funds were not recovered; Multichain shut down permanently and the CEO and his sister were detained in China.

figure disputed sources

$100M
Nation-state

Atomic Wallet hack

Jun 2023

Beginning around June 2-3, 2023, users of the non-custodial Atomic Wallet had their wallets drained of over $100 million across roughly 5,500 accounts. Elliptic attributed the theft to North Korea's Lazarus Group.

Outcome: Most funds were not recovered (only ~$1M+ frozen); the Lazarus attribution was later corroborated by the FBI, and Atomic Wallet faced a class-action lawsuit.

sources

$197M
DeFi exploit

Euler Finance exploit

Mar 2023

On March 13, 2023, the Ethereum lending protocol Euler Finance was drained of about $197 million in DAI, wBTC, stETH, and USDC through a flash-loan attack that exploited a flawed donation/liquidation flow with a missing health check.

Outcome: After on-chain negotiations the attacker returned essentially all recoverable funds over the following weeks, with Euler recovering the bulk of the ~$197M by early April 2023.

sources

$3.5B
Collapse

Genesis Global collapse

Jan 2023

Genesis Global Capital, the crypto lending arm of Digital Currency Group, halted withdrawals in November 2022 after the FTX collapse and filed for Chapter 11 bankruptcy on 19 January 2023, owing more than $3.5 billion to its top 50 creditors. Its lending book had been crippled during 2022 by the Three Arrows Capital default and FTX/Alameda exposure.

Outcome: Completed its restructuring plan and began distributing roughly $4 billion to creditors; the failure also drew New York Attorney General litigation over the Gemini Earn lending program.

sources

$1B
Collapse

BlockFi bankruptcy

Nov 2022

Crypto lender BlockFi filed for Chapter 11 bankruptcy on 28 November 2022, felled by roughly $1 billion of exposure to FTX and Alameda (a $680 million defaulted Alameda loan plus a $275 million loan to FTX US) after already being weakened by the Three Arrows Capital collapse earlier in 2022.

Outcome: Reached an $875 million settlement with the FTX and Alameda bankruptcy estates and, after selling its FTX claims, ultimately achieved full recovery for eligible customer and unsecured-creditor claims.

sources

$8B
Collapse

FTX / Alameda Research collapse

Nov 2022

The FTX crypto exchange and its affiliated trading firm Alameda Research collapsed in early November 2022 and filed for Chapter 11 on 11 November 2022, revealing an approximately $8 billion shortfall in customer funds that Alameda had secretly used. It was the largest failure of the 2022 contagion.

Outcome: Founder Sam Bankman-Fried was convicted on seven fraud and conspiracy counts (November 2023) and sentenced to 25 years in prison with an $11 billion forfeiture order (March 2024); lieutenants including Caroline Ellison pleaded guilty, and the estate has since repaid customers the full petition-date value of their claims.

sources

$577M
Fraud / Ponzi

HashFlare

Nov 2022

HashFlare was an Estonia-based cloud-mining operation that sold bitcoin-mining contracts while holding only a tiny fraction (reportedly under 1%) of the advertised hashpower, showing customers fabricated 'mining' dashboards. The DOJ says sales exceeded $577 million.

Outcome: Founders Potapenko and Turogin were arrested in Estonia in November 2022, extradited to the US, and pleaded guilty to wire-fraud conspiracy in 2025, agreeing to forfeit over $400 million for victim restitution.

sources

$110M
DeFi exploit

Mango Markets manipulation

Oct 2022

On October 11, 2022, Avraham Eisenberg used large self-trades to pump the MNGO token price feeding Mango's oracle, then borrowed roughly $110M against the artificially inflated collateral; he publicly called it a 'highly profitable trading strategy'.

Outcome: Eisenberg was arrested in December 2022 and convicted of wire fraud, commodities fraud and manipulation in April 2024, but a federal judge vacated all convictions in May 2025 (prosecutors appealed); he had earlier returned ~$67M via a DAO deal, keeping ~$47M.

figure disputed sources

$160M
DeFi exploit

Wintermute DeFi hack

Sep 2022

On September 20, 2022, crypto market maker Wintermute lost about $160M from its DeFi operations after a hot wallet generated with the flawed 'Profanity' vanity-address tool had its private key brute-forced.

Outcome: No funds were recovered and no arrests were made; Wintermute stated it remained solvent with CeFi and OTC operations unaffected and offered the attacker a 10% bounty.

sources

$190M
Bridge hack

Nomad Bridge exploit

Aug 2022

A faulty smart-contract upgrade set a trusted root to zero, allowing any message to pass verification; once the first exploit transaction was public, it became a chaotic 'free-for-all' as hundreds of copycat wallets replayed it, draining about $190M.

Outcome: White-hat actors returned over $22M; Nomad offered a 10% bounty for returned funds; a key suspect was later extradited to the US and the FTC pursued the operator to repay users.

sources

$1.3B
Collapse

Voyager Digital collapse

Jul 2022

Crypto broker Voyager Digital suspended withdrawals and filed for Chapter 11 bankruptcy on 5 July 2022 after its roughly $650 million loan (15,250 BTC plus 350 million USDC) to Three Arrows Capital defaulted; it held about $1.3 billion of crypto assets for customers.

Outcome: A rescue acquisition by FTX collapsed alongside FTX in November 2022 and a follow-on $1.02 billion Binance.US deal also fell through, so Voyager self-liquidated and returned a portion of assets to customers (about 35% in the initial distribution).

sources

$3.5B
Collapse

Three Arrows Capital (3AC) insolvency

Jun 2022

The Singapore-based crypto hedge fund 3AC became insolvent in June 2022 after heavy losses on Terra/LUNA and leveraged positions, defaulting on loans and missing margin calls across the industry. A British Virgin Islands court ordered its liquidation on 27 June 2022.

Outcome: Placed into liquidation and filed for Chapter 15 bankruptcy (July 2022) owing about $3.5 billion to 27 creditors; the founders fled overseas, and Su Zhu was later jailed for 4 months in Singapore for failing to cooperate with liquidators.

sources

$1.2B
Collapse

Celsius Network collapse

Jun 2022

Crypto lender Celsius froze all customer withdrawals on 12 June 2022 amid a liquidity crisis, then filed for Chapter 11 bankruptcy on 13 July 2022 with a roughly $1.2 billion balance-sheet deficit and about $4.7 billion owed to more than 100,000 users.

Outcome: Founder and CEO Alex Mashinsky pleaded guilty to fraud and was sentenced to 12 years in prison (May 2025) and ordered to forfeit $48 million; a reorganization plan returned crypto and other assets to creditors.

sources

$100M
Bridge hack

Harmony Horizon Bridge hack

Jun 2022

Attackers compromised multiple multisig signer keys controlling Harmony's Horizon cross-chain bridge and drained roughly $100M in ETH, wBTC, BNB, USDC and other assets; the theft was reported on June 24, 2022.

Outcome: The FBI confirmed in January 2023 that North Korea's Lazarus Group was responsible; the funds were laundered via Tornado Cash and Railgun and largely not recovered, though some was frozen at exchanges such as Binance and Huobi.

sources

$40B
Fraud / Ponzi

Terra / LUNA / UST collapse

May 2022

Terraform Labs' algorithmic stablecoin TerraUSD (UST) lost its dollar peg in early May 2022 and its sister token LUNA hyperinflated to near zero within days, erasing roughly $40 billion in value and igniting the broader 2022 crypto contagion.

Outcome: Terraform Labs and Do Kwon settled with the SEC for about $4.55 billion (2024); Kwon was extradited from Montenegro to the US (March 2025), pleaded guilty to fraud (August 2025), and was sentenced to 15 years in prison (December 2025).

sources

$182M
DeFi exploit

Beanstalk Farms governance exploit

Apr 2022

An attacker took a ~$1B flash loan to acquire a supermajority of Beanstalk's governance tokens and pass a malicious emergency proposal that drained the protocol's assets, extracting about $182M of collateral in a single transaction.

Outcome: No arrests; the attacker netted roughly $76M (24,930 ETH) after repaying the flash loan and laundered the proceeds through Tornado Cash; the stablecoin protocol later relaunched via community effort.

sources

$620M
Bridge hack

Ronin Network (Axie Infinity) bridge hack

Mar 2022

Attackers used validator private keys obtained through a fake LinkedIn job-offer social-engineering attack to control 5 of 9 Ronin bridge validators and forge withdrawals of 173,600 ETH and 25.5M USDC. The breach occurred March 23 and was discovered and publicly disclosed on March 29, 2022.

Outcome: US Treasury OFAC attributed it to North Korea's Lazarus Group and sanctioned the receiving wallet addresses (April 2022); over $30M was later seized, and Sky Mavis raised $150M to reimburse users and relaunched the bridge.

sources

$320M
Bridge hack

Wormhole bridge exploit

Feb 2022

An attacker exploited a signature-verification flaw on the Solana side of the Wormhole token bridge to mint 120,000 wrapped ETH (wETH) without posting collateral, stealing roughly $320M. It was one of the largest DeFi exploits at the time.

Outcome: No arrests and the funds were not recovered from the attacker; parent firm Jump Crypto replenished the 120,000 ETH within days to keep the bridge solvent.

sources

$120M
DeFi exploit

BadgerDAO front-end hack

Dec 2021

Around 2 December 2021 attackers used a compromised Cloudflare API key to inject malicious code into BadgerDAO's website front-end, tricking users into approving token allowances to the attacker and draining roughly $120M (including about 900 BTC from a single wrapped-BTC vault).

Outcome: About $9M was frozen before it could be withdrawn; Badger engaged Mandiant and Chainalysis and governance later passed a restitution plan to compensate users, but the attacker was not publicly identified.

sources

$196M
Exchange hack

BitMart hack

Dec 2021

On 4-5 December 2021 attackers stole a private key controlling two BitMart hot wallets and drained roughly $100M in assets on Ethereum and $96M on Binance Smart Chain, then laundered the proceeds via 1inch and Tornado Cash.

Outcome: No arrests or recovery; BitMart CEO Sheldon Xia pledged to compensate affected users from company funds and resumed deposits/withdrawals within days.

figure disputed sources

$130M
DeFi exploit

Cream Finance flash-loan exploit (October 2021)

Oct 2021

On 27 October 2021 an attacker used MakerDAO and Aave flash loans across dozens of assets to manipulate the price of Cream Finance's yUSD collateral and inflate perceived collateral value, draining approximately $130M in one of the largest DeFi exploits at the time.

Outcome: No funds were recovered and no arrests were made; Cream offered a 10% bounty that went unanswered and the protocol was effectively wound down afterward.

sources

$97M
Exchange hack

Liquid (Liquid Global / QUOINE) hack

Aug 2021

On 18-19 August 2021 the Japan-based exchange Liquid detected unauthorized access to its warm wallets and lost roughly $97M across dozens of assets (including ~$45M in ERC-20 tokens plus BTC, XRP and TRX), with proceeds swapped on DEXes and routed through Tornado Cash.

Outcome: Little was recovered and no arrests were made; FTX extended Liquid a $120M loan and later acquired it (April 2022), though Liquid halted withdrawals when FTX collapsed in November 2022.

sources

$610M
Bridge hack

Poly Network hack

Aug 2021

On 10 August 2021 an attacker exploited a vulnerability in Poly Network's cross-chain smart contracts to move over $610 million in assets across the Ethereum, BNB Chain and Polygon networks, the largest crypto/DeFi hack at the time.

Outcome: The attacker, dubbed 'Mr White Hat', returned essentially all of the funds over about 15 days (complete by 25 August 2021); Tether froze $33M of USDT and Poly Network offered a $500,000 bounty and a security-advisor role; no arrests were made.

sources

$223M
Fraud / Ponzi

Africrypt

Apr 2021

Africrypt was a South African crypto investment platform run by brothers Ameer and Raees Cajee that promised very high returns; in April 2021 the founders told clients the platform had been 'hacked' and then went dark. Early headlines claimed about 69,000 BTC (roughly $3.6 billion) was missing.

Outcome: The brothers fled abroad, denied wrongdoing and blamed a hack; South African authorities and liquidators investigated but no convictions have been secured, and the pair reportedly resurfaced in South Africa by 2026.

figure disputed sources

$2B
Fraud / Ponzi

Thodex

Apr 2021

Thodex was one of Turkey's largest crypto exchanges; in April 2021 it abruptly halted trading and founder Faruk Fatih Ozer fled to Albania, leaving several hundred thousand users unable to access their funds in what became a notorious exit scam.

Outcome: Ozer was extradited to Turkey and in September 2023 sentenced, alongside two siblings, to 11,196 years in prison for fraud, money laundering and running a criminal organisation.

figure disputed sources

$281M
Exchange hack

KuCoin hack

Sep 2020

On 25-26 September 2020 the hot wallets of Singapore-based exchange KuCoin were drained of roughly $281 million across more than 150 cryptocurrencies after attackers obtained the wallets' private keys. Analysts including Chainalysis attributed the theft to North Korea's Lazarus Group based on its laundering patterns.

Outcome: KuCoin recovered or froze about 84% (~$239.45M) of the assets through on-chain tracking, partner/issuer freezes and law enforcement and covered the remaining ~16% from its insurance fund, so users were fully reimbursed; no arrests were reported.

sources

$118K
Fraud / Ponzi

Twitter Bitcoin scam hack

Jul 2020

On 15 July 2020 attackers used social engineering against Twitter employees to hijack about 130 high-profile verified accounts (Obama, Biden, Musk, Gates, Apple and others) and posted a Bitcoin doubling/giveaway scam, collecting roughly $118,000 in BTC.

Outcome: Ringleader Graham Ivan Clark, a 17-year-old from Florida, was arrested on 31 July 2020 and pleaded guilty in March 2021 to state fraud charges (three years in prison), while two others were charged federally.

sources

$1.1B
Fraud / Ponzi

WoToken

2020

WoToken was a China-based Ponzi, dubbed 'PlusToken 2.0', that used a fake automated crypto-trading platform and an MLM structure to defraud more than 700,000 people between 2018 and its 2019 collapse. Court records tied a key PlusToken operator to WoToken.

Outcome: Four operators were convicted in China in 2020 and jailed for terms of roughly 2.5 to nearly 9 years, and authorities seized hundreds of millions in illicit gains.

sources

$340M
Fraud / Ponzi

Forsage

2020

Forsage was a self-styled 'decentralised' investment platform whose Ethereum, BNB Chain and Tron smart contracts operated as a pyramid-and-Ponzi scheme, automatically routing new investors' money to earlier ones. It launched in January 2020 and was flagged as a Ponzi by the Philippine SEC that same year.

Outcome: The US SEC charged 11 people in August 2022, and the DOJ indicted four Russian-national founders in February 2023 over a scheme that raised roughly $340 million.

sources

$722M
Fraud / Ponzi

BitClub Network

Dec 2019

BitClub Network was a crypto mining-pool Ponzi (operating roughly 2014-2019) that took investors' money supposedly to buy mining hardware and share profits, but instead reported fabricated returns and paid earlier investors with later investors' funds. The DOJ unsealed charges in December 2019 alleging it took in about $722 million.

Outcome: Several operators were arrested in December 2019 and some pleaded guilty; however, in 2025 the DOJ moved to dismiss the case against alleged mastermind Matthew Goettsche, a reversal that drew public scrutiny.

sources

$49M
Exchange hack

Upbit hack

Nov 2019

342,000 ETH (~$49M) was moved out of South Korean exchange Upbit's hot wallet in a single transaction on Nov 27, 2019.

Outcome: Upbit covered the loss from its own reserves so users were unaffected, and in 2024 South Korean police and the FBI attributed the theft to North Korea's Lazarus and Andariel groups, with only a tiny fraction recovered.

sources

$40M
Exchange hack

Binance hack

May 2019

Attackers used stolen API keys, 2FA codes and phishing/malware to withdraw 7,000 BTC (~$40M) from Binance's hot wallet in a single transaction on May 7, 2019.

Outcome: Binance covered the entire loss from its Secure Asset Fund for Users (SAFU) so no customers lost funds, and the stolen BTC was never recovered.

sources

$16M
Exchange hack

Cryptopia hack

Jan 2019

A compromised private key let attackers drain ETH and numerous ERC-20 tokens from New Zealand exchange Cryptopia's hot wallets starting Jan 14, 2019, affecting tens of thousands of wallets.

Outcome: Cryptopia entered liquidation in May 2019 under Grant Thornton with US bankruptcy protection and the hackers were never caught, but liquidators later began returning assets, distributing ~NZ$400M (~$225M) to holders in Dec 2024.

sources

$190M
Collapse

QuadrigaCX

Jan 2019

QuadrigaCX, then Canada's largest crypto exchange, collapsed in January 2019 after founder and CEO Gerald Cotten died in India in December 2018; about C$250 million (roughly US$190 million) owed to some 115,000 clients was missing or locked in cold wallets only Cotten controlled. Ontario's securities regulator later concluded he had run it as a fraud and Ponzi.

Outcome: No criminal charges were laid because Cotten was deceased; the company went into bankruptcy and liquidation, and the OSC concluded in June 2020 that about C$169 million in client losses stemmed largely from Cotten's fraudulent trading and misuse of client funds.

sources

$2B
Fraud / Ponzi

PlusToken

2019

PlusToken was a China-based Ponzi that posed as a high-yield crypto wallet and drew in more than 3 million people, mostly in China, Korea and Japan; it collapsed in mid-2019, and later sell-offs of its seized BTC were blamed for pressuring bitcoin's price.

Outcome: Chinese authorities arrested more than 100 suspects across 2019 and 2020; several ringleaders were convicted and jailed for up to 11 years, and authorities seized crypto later valued at around $4.2 billion.

sources

$660M
Fraud / Ponzi

Pincoin / iFan

Apr 2018

Ho Chi Minh City-based Modern Tech ran the Pincoin and iFan ICOs as an MLM and Ponzi operation promising returns of up to about 40% per month; in early 2018 the operators switched payouts to worthless tokens and then vanished in an exit scam.

Outcome: The roughly seven-person team disappeared with investor funds; the collapse, put at about $660 million from around 32,000 victims, sparked protests in Vietnam but produced no known major convictions.

sources

$170M
Exchange hack

BitGrail hack

Feb 2018

Italian exchange BitGrail reported about 17 million Nano (XRB) stolen from its hot wallet, disclosed by founder Francesco Firano on Feb 9, 2018.

Outcome: BitGrail and Firano were declared bankrupt and an Italian court (Jan 2019) ordered him to repay victims, finding much of the Nano had actually left the exchange months earlier, allegedly with his knowledge, and his personal assets were seized.

figure disputed sources

$530M
Exchange hack

Coincheck hack

Jan 2018

Hackers stole roughly 523 million NEM (XEM) from Coincheck's internet-connected hot wallet, at the time the largest crypto theft ever; the hot-wallet private key was compromised via malware/phishing aimed at staff.

Outcome: Coincheck reimbursed about 260,000 affected users (~$430M) from its own funds and was acquired by Monex Group in April 2018, while 30 people were later charged in Japan for handling the stolen NEM though the hackers themselves were never identified.

sources

$2.4B
Fraud / Ponzi

BitConnect

Jan 2018

BitConnect ran a crypto 'lending' and trading-bot program promising returns of up to about 40% per month; it was a Ponzi that collapsed in January 2018 when it abruptly shut its lending platform and the BCC token crashed to near zero. US authorities say it took in roughly $2.4 billion from investors worldwide.

Outcome: Founder Satish Kumbhani was indicted in February 2022 but remains a fugitive; lead US promoter Glenn Arcaro pleaded guilty in 2021 and was sentenced to 38 months, and over $17 million has been paid to victims in restitution.

sources

$64M
Exchange hack

NiceHash hack

Dec 2017

On Dec 6, 2017 attackers used a NiceHash engineer's compromised credentials (a spear-phishing/social-engineering attack) to steal ~4,700 BTC (~$64M at the time) from the mining marketplace's wallet.

Outcome: NiceHash reimbursed all affected users (a 4,640 BTC repayment program completed by 2020); in 2021 the US indicted North Korea's Lazarus Group for the theft.

sources

$150M
DeFi exploit

Parity wallet freeze

Nov 2017

On Nov 6-8, 2017 a user ('devops199') triggered a bug in Parity's shared multisig library contract, became its owner, and called its self-destruct, freezing 513,774 ETH plus tokens across ~587 wallets.

Outcome: The funds were frozen (not stolen) and remain permanently inaccessible; recovery proposals such as EIP-999 failed to reach consensus.

sources

$4B
Fraud / Ponzi

OneCoin

2017

OneCoin was a Bulgaria-based multi-level-marketing scheme that sold a fake cryptocurrency with no real blockchain; US prosecutors say victims invested over $4 billion worldwide. It began unravelling after co-founder Ruja 'Cryptoqueen' Ignatova vanished in October 2017.

Outcome: Ignatova disappeared in 2017 and remains on the FBI Ten Most Wanted list; co-founder Karl Sebastian Greenwood pleaded guilty and was sentenced to 20 years in September 2023, and several associates were also convicted.

figure disputed sources

$72M
Exchange hack

Bitfinex hack

Aug 2016

Attackers subverted Bitfinex's BitGo-based multisig withdrawal controls to steal 119,756 BTC, worth about $72M at the time; the BTC price then fell ~20%, cutting the value to ~$58M.

Outcome: In Feb 2022 the US DOJ seized ~94,000 of the stolen BTC (then ~$3.6B) and arrested Ilya Lichtenstein and his wife Heather Morgan ('Razzlekhan'); Lichtenstein admitted the hack and was sentenced to 5 years (Nov 2024), Morgan to 18 months.

sources

$60M
DeFi exploit

The DAO hack

Jun 2016

On June 17, 2016 an attacker exploited a reentrancy bug in The DAO's splitDAO function to recursively drain ~3.6 million ETH (about a third of the fund) into a child DAO.

Outcome: The Ethereum community executed a contentious hard fork on July 20, 2016 to reverse the theft and refund holders, splitting the chain into Ethereum (ETH) and Ethereum Classic (ETC); no one was charged.

sources

$5M
Exchange hack

Bitstamp hack

Jan 2015

Attackers compromised Bitstamp's operational hot wallet after a weeks-long spear-phishing campaign against employees, stealing 18,866 BTC (~$5.2M).

Outcome: Bitstamp covered the losses from reserves, reopened, and migrated to BitGo multisig; no arrests were publicly reported.

sources

$473M
Collapse

Mt. Gox

Feb 2014

Tokyo-based Mt. Gox, then the largest Bitcoin exchange, halted withdrawals on 7 February 2014 and filed for bankruptcy on 28 February, revealing about 850,000 BTC missing (~750,000 customers' and ~100,000 its own), roughly 7% of all bitcoin then in existence, mostly stolen gradually from its hot wallet since 2011.

Outcome: About 200,000 BTC were later recovered; CEO Mark Karpeles was convicted only of data falsification in 2019 (suspended sentence) and acquitted of embezzlement; creditor repayments in BTC and BCH began in mid-2024 with the deadline later extended to October 2026.

sources

$40M
Rug pull

Sheep Marketplace

Dec 2013

The darknet market Sheep Marketplace vanished in late November and December 2013 in an exit scam; it blamed a vendor for exploiting a bug to steal 5,400 BTC, but users' actual losses were far larger.

Outcome: Operator Tomas Jirikovsky was arrested in the Czech Republic (2015) and sentenced to 9 years in 2017; two Floridians later pleaded guilty to related wire fraud and about $4M was seized.

figure disputed sources

$1M
Exchange hack

Inputs.io

Nov 2013

The Australian custodial Bitcoin wallet service Inputs.io was drained of about 4,100 BTC in two breaches on 23 and 26 October 2013 (disclosed 7 November), reportedly via compromised old email accounts used to bypass two-factor authentication.

Outcome: The operator promised only partial refunds (40-75%) and many users were never made whole; no arrests were made and some suspected an inside job, which was never proven.

sources

$5M
Fraud / Ponzi

Bitcoin Savings and Trust (Trendon Shavers / 'pirateat40')

Aug 2012

From 2011 to August 2012 Trendon Shavers ran Bitcoin Savings and Trust, a Ponzi scheme that promised up to 7% weekly returns and took in at least 700,000 BTC, paying earlier investors with later investors' coins. It is regarded as the first US federal Bitcoin securities-fraud case.

Outcome: The SEC won a ~$40.7M judgment (Sept 2014); Shavers pleaded guilty to securities fraud and was sentenced to 18 months in prison plus ~$1.23M in restitution and forfeiture (July 2016).

sources

$300K
Exchange hack

Bitcoinica

Mar 2012

The Bitcoin margin-trading platform Bitcoinica was hacked twice in 2012: about 43,000 BTC was taken in the March Linode server breach and a further 18,547 BTC in a direct server compromise on 11 May 2012.

Outcome: The exchange shut down into insolvency in 2012 and entered a prolonged liquidation and litigation over remaining funds; the perpetrator(s) were never identified.

sources

Cite this page

Free to reuse under CC BY 4.0. A link back is all we ask.

Bitcoin: The Complete Guide. “The Crypto Hack & Collapse Database.” Accessed 17 Jul 2026. https://bitcoincompleteguide.com/crypto-hacks/

Sources & method

Each incident links to authoritative sources: major financial press, regulatory and law-enforcement filings (DOJ, SEC, FBI, FSCA), and blockchain-analytics firms (Chainalysis, Elliptic, TRM Labs). Amounts are approximate and stated at the value most reporting uses; where a figure is disputed or is a market-value or scheme-size estimate rather than funds stolen, it is flagged. Sensational, unsupported figures were deliberately excluded in favour of documented ones.

Why do these keep happening, and how do you avoid being next?