Blockchains have become popular due to their ability to offer users financial freedom and facilitate fast transactions. However, the new technology has attracted bad actors looking to steal crypto assets stored in these blockchains. As of July 2023, over $15.5 billion in cryptocurrencies has been stolen in the past twelve years. 80% of this figure is made up of funds stolen from Decentralized Finance protocols.
In this article, we will explore some of the biggest hacks in the history of the blockchain industry.
Mt. Gox Exploit
The now-collapsed crypto trading platform Mt. Gox was the first blockchain project to suffer a massive attack. In 2011, the crypto exchange processed 65% of all BTC transactions. That year, it lost over 25,000 Bitcoin to hackers. These digital coins had a combined value of about $405,000. Three years later, Mt. Gox lost another 740,000 BTC, which accounted for 6% of the circulating Bitcoins at the time.
Binance Encounters a BNB-Related Exploit
Binance, the World’s largest crypto exchange by trading volume, suffered a $570 million loss last year when cybercriminals exploited a vulnerability in the exchange’s blockchain BNB. According to the report released by Binance, the hackers used BSC Token Hub (a cross-chain bridge) to generate over 2 million BNB coins.
FTX Hacked Hours After Filing for Bankruptcy Protection
The attack on the now-fallen crypto exchange FTX happened less than 24 hours after the company filed for Chapter 11 bankruptcy protection last November. The bad actors made way with over $605 million from FTX’s crypto wallets. This incident left several users of the exchange tokenless.
The Biggest-Ever Hack: Ronin Network
The biggest blockchain hack occurred in March last year when attackers stole over $626 million in USDC and ETH from Ronin Network, the blockchain that supports the Play-to-Earn (P2E) game Axie Infinity. The United States authorities linked the North Korean criminal group Lazarus to the exploit. It is reported that these cybercriminals got access to private keys, which enabled them to initiate transactions on Ronin.
Major Attack on Poly Network
This attack occurred on June 2021, when the hacker targeted a Decentralized Finance platform of Poly Network, stealing over $610 million in various crypto assets. The Poly Network developers negotiated with the attacker to return the assets, and within two days after the exploit, half of the stolen funds were returned. The hacker said they targeted the DeFi protocol just for fun.
Wormhole Attack
Well-known bridge service Wormhole was exploited last year, suffering a $325 million loss in the process. The tokens stolen were Wrapped Ethereum, which users receive after locking their ETH. Fortunately, the affected users were compensated a few hours after the hack thanks to Wormhole’s parent firm Jump Trading which replaced the stolen tokens.
Nomad Exploited, Suffers a $190 Million Loss
Last August, the Nomad token bridge was attacked severally within a few days, losing a combined $190 million. The original hacker encouraged other bad actors to exploit the same vulnerability in the project’s smart contract before the issue got fixed.
Governance Attacks
Governance attacks have been on the rise in recent months. They happen when bad actors manipulate the governance system of a particular blockchain project. For example, in 2022, DeFi protocol Beanstalk Farms encountered a governance attack that involved the attacker using a flash loan to buy the platform’s governance tokens, which they used to take control and then passed malicious proposals, stealing over $75 million in various stablecoins.
But it’s important to mention that attacks on crypto projects have reduced significantly in 2023. Since January, only forty attacks have been executed, with $420 million stolen. This figure represents just 35% of the exploits that happened within the first six months of last year. In addition, the average stolen amount has dropped by two-thirds to about $15 million.
What’s strange is that most hackers have been returning the stolen funds to victims. Indeed, they may be hacking blockchain projects “for fun” just to uncover weaknesses in their smart contracts.