Hot wallet leaks, API flaws, and DeFi exploits defined 2020-2025’s worst crypto security failures
Cryptocurrency exchanges and DeFi platforms have been prime targets for hackers, with billions stolen through cunning exploits between 2020 and 2025. From state-sponsored cyberattacks to smart contract flaws, these heists have shaken markets and exposed critical vulnerabilities. This listicle dives into the top 10 biggest crypto hacks, ranked by the estimated USD value of stolen assets at the time of the breach, drawing from web sources and X posts for a detailed look at each incident.
The largest crypto hack in history struck Bybit, a leading centralized exchange, when North Korea’s Lazarus Group exploited a critical flaw in its cold wallet software. In a matter of minutes, hackers drained 400,000 ETH, valued at $1.5 billion, from what was thought to be secure offline storage. The attack likely involved phishing or a supply chain compromise, allowing hackers to bypass multi-signature protocols with pre-signed transactions. The fallout was seismic: Ethereum’s price dropped 10%, and investor confidence plummeted. Bybit raised $320 million in emergency funding to stabilize operations but announced its closure by December 2025, citing unsustainable losses. Users endured weeks of withdrawal restrictions, and despite cooperation with Chainalysis and law enforcement, most funds were laundered through decentralized exchanges. This heist sparked industry-wide calls for stricter cold wallet security standards.
Also read: Crypto scammers hijacked OpenAI’s press account on X to promote fake token
Japan’s DMM Bitcoin suffered a devastating loss of 4,500 BTC, worth $305 million, in a breach cloaked in mystery. The attack, likely involving stolen private keys or address poisoning, redirected funds by manipulating wallet addresses. Experts suspect a compromised employee device or social engineering, given the speed and precision of the theft. The hack sent Bitcoin and Ethereum prices tumbling 5-7%, reflecting Japan’s weight in crypto markets. DMM Bitcoin halted withdrawals and faced intense scrutiny from Japan’s Financial Services Agency. The exchange plans to transfer assets to SBI VC Trade by March 2025, signaling a potential wind-down. Partial fund recovery was reported, but details remain scarce, leaving Japan’s crypto security under a harsh spotlight.
KuCoin, a Singapore-based exchange, was hit hard when hackers breached its hot wallets, stealing $281 million in Bitcoin, Ethereum, and ERC-20 tokens. The attackers gained access to private keys, likely through a phishing campaign targeting employees, and moved funds to mixer services. KuCoin’s swift response – freezing affected wallets and collaborating with exchanges like Binance – recovered over 80% of the stolen assets. Trading was disrupted for days, but the broader market avoided significant damage. KuCoin fully compensated users using its insurance fund and rolled out two-factor authentication (2FA) and enhanced cold storage protocols. This hack, while severe, became a model for effective recovery through global cooperation with law enforcement and exchanges.
India’s largest crypto exchange, WazirX, lost $234.9 million which is nearly half its $500 million reserves to the Lazarus Group in a devastating attack. The hackers exploited a vulnerability in a multisig wallet’s smart contract, altering it to grant full control. Six transactions drained assets like $100 million in SHIB and $52 million in ETH, which were laundered through Tornado Cash. The breach impacted 15 million users, prompting WazirX to suspend trading and withdrawals. A proposed 55-45 loss-sharing plan (55% user recovery, 45% loss) was abandoned after fierce backlash on X and Telegram. In November 2024, authorities arrested Masud Alam for allegedly aiding the hack with a fake account. The Singapore High Court approved a creditor meeting in January 2025 to explore recovery, but WazirX’s reputation remains tarnished amid demands for transparency.
Also read: WazirX hack: Confusing aftermath of the biggest cyberattack on Indian crypto exchange
The Cetus Protocol, a decentralized finance (DeFi) platform, suffered a massive $200-260 million breach, one of the largest DeFi hacks of 2025. Hackers exploited a smart contract flaw, likely a reentrancy issue or logic error, to drain liquidity pools of multiple tokens. The attack sent shockwaves through the DeFi community, with X posts labeling it a “wake-up call” for decentralized platforms. Token prices tied to Cetus cratered, impacting related ecosystems. The Cetus team issued a post-mortem, promising rigorous audits and a compensation plan, but recovery efforts have been hampered by laundered funds. This incident underscored the fragility of DeFi protocols and pushed developers to prioritize bulletproof smart contract testing.
BitMart was hit for $196 million when hackers compromised two hot wallets, stealing $100 million in Ethereum and $96 million in Binance Smart Chain tokens. A stolen private key, likely obtained through phishing or malware, enabled the rapid transfer of funds to obscure wallets. BitMart paused withdrawals, frustrating users, but the broader market escaped significant disruption. The exchange committed to reimbursing users through its reserves and insurance, a process that stretched into 2025 and drew criticism on X for delays. BitMart adopted stricter key management protocols post-hack, highlighting the persistent risks of hot wallet storage for mid-tier exchanges.
Iran’s largest crypto exchange, Nobitex, lost $90 million in a hack possibly linked to geopolitical tensions, with speculation pointing to Israeli state actors. The breach targeted wallet security through a mix of phishing and server-side exploits, with funds quickly moved to mixer services. The attack disrupted Iran’s crypto market, already strained by sanctions, and fueled debates on X about state-sponsored cyberattacks. Recovery efforts have stalled due to laundering, and Nobitex’s operations remain constrained in a sanctioned environment. This hack highlighted how global conflicts can infiltrate the crypto space, adding a layer of complexity to security.
India’s CoinDCX faced a $44.2 million breach targeting an internal operational wallet used for liquidity provisioning. A sophisticated server breach, possibly via a compromised API or employee credentials, allowed hackers to access the wallet. The attacker funneled funds through Tornado Cash, bridging them across Solana and Ethereum for obfuscation. No customer funds were affected, and CoinDCX covered losses from its treasury, but a 17-hour disclosure delay, flagged by blockchain sleuth ZachXBT, sparked criticism. Web3 trading was briefly halted, shaking user confidence. CoinDCX responded with a bug bounty program and a $6 million Crypto Investors Protection Fund, inspired by the earlier WazirX hack, to bolster India’s crypto security.
Also read: How to identify and protect yourself from digital arrest scams
BigONE was swept up in a $1.5 billion hack wave in July 2025, losing $27 million in a wallet-focused breach. The attack likely exploited hot wallet vulnerabilities or phishing targeting staff, with funds moved to decentralized exchanges. While overshadowed by larger hacks, the incident added to 2025’s record-breaking $2.17 billion in crypto thefts. BigONE quickly compensated users and implemented mandatory 2FA and offline storage upgrades. The exchange’s rapid response minimized market impact, but the hack underscored the relentless pace of attacks in 2025 and the need for robust security protocols.
The Lifi Protocol, a DeFi bridge, lost $9.7 million in stablecoins (USDC, USDT, DAI) across Ethereum and Arbitrum chains. Hackers exploited an unchecked external call vulnerability in the bridge’s smart contract, executing the theft in a single transaction. The attack disrupted cross-chain bridging, a critical DeFi function, and prompted urgent warnings for users to revoke contract access. X posts buzzed with concern over bridge security. Lifi issued a patch and collaborated with auditors to prevent future exploits, achieving partial recovery. The incident fueled calls for standardized security practices in DeFi, where bridges remain a weak link.
These heists, totaling billions in losses, expose the crypto industry’s vulnerabilities: hot wallets, multisig flaws, and smart contract weaknesses. North Korea’s Lazarus Group, behind Bybit and WazirX, has perfected phishing and laundering through mixers like Tornado Cash, making recovery a nightmare. India’s WazirX and CoinDCX hacks highlight the risks in high-adoption markets, with 2025 seeing over $2.17 billion stolen. Exchanges are fighting back with cold storage, bug bounties, and blockchain analytics, but hackers stay one step ahead. For crypto users, the lesson is clear: secure your assets with hardware wallets and beware of phishing scams.
