CryptoTrade.wiki

Biggest Crypto Exchange Hacks: Cases, Causes, and Lessons

Discover the biggest crypto exchange hacks — from Mt.Gox and Bitfinex to Coincheck, Binance, KuCoin, FTX and Bybit. Learn how attacks unfolded, what losses they caused, how exchanges reacted, and the key lessons for protecting your assets.

Written byCryptoTrade Research
|
Reviewed byCryptoTrade Editorial Team
|
Updated

Why analyze the biggest crypto‑exchange hacks

The history of the crypto market is not only about the rise of technology and capital; it is also a string of headline‑grabbing breaches. Each incident exposes technical and organizational weak points at exchanges, shapes regulation, and permanently raises the bar for security. Below is a concise analysis of the most consequential cases: how they unfolded, the industry‑wide fallout, and the lessons for users.

This guide brings together key cases (Mt.Gox, Bitfinex, Coincheck, Binance, Cryptopia, KuCoin, FTX, Bybit, and others), explains attack mechanics in plain language, shows the scale of losses and their consequences, and offers practical takeaways for safeguarding your crypto assets.

Hot wallet: a wallet connected to the internet and used for routine payouts. Convenient, but more exposed than cold storage.

Cold storage: offline wallets or custodial setups physically isolated from the network. The standard way to hold an exchange’s core reserves.

Multisignature (multisig): a scheme in which several independent keys must sign to withdraw funds; reduces single‑point‑of‑failure risk.

Transaction malleability: an early‑Bitcoin quirk that allowed changing a transaction’s ID without altering its contents; seen in disputed scenarios in the early 2010s.

Mt.Gox: collapse of the first “global” Bitcoin exchange (2014)

Why it matters: the defining implosion of the early era. It proved that weak internal accounting and sloppy key custody can sink even a market leader.

At its peak, Mt.Gox processed up to 70% of global BTC trading, but in February 2014 it halted withdrawals and revealed the loss of hundreds of thousands of bitcoins. The picture that later emerged was typical of crypto’s early days: vulnerable processes, overheated loads, and a long‑running compromise of keys.

How the attack happened: no single “hole” was ever confirmed; more likely it was prolonged unauthorized access to hot wallets amid weak controls and questionable technical allowances (including transaction‑ID malleability effects). A large portion of BTC leaked gradually and went unnoticed for months.

Scale: roughly 850,000 BTC were declared lost; about 200,000 BTC were later found in an old exchange wallet. Even after the “find,” the net hole was colossal for the time.

Aftermath: bankruptcy, years‑long creditor proceedings, and a major reputational hit to centralized venues. The payout process became a case study in how not to design operational security.

Bottom line: a prolonged hot‑wallet compromise and weak internal controls produced the early era’s largest BTC loss and Mt.Gox’s bankruptcy. The industry rethought reserves and audits.

Bitfinex: a blow to multisig and an unprecedented clawback (2016)

Why it matters: showed that even advanced multisig architectures fail when integration and operations are flawed. Notable for a creative, ultimately successful compensation model.

How the attack happened: attackers bypassed multisig defenses and withdrew about 120,000 BTC. Details of the integration with a custodial partner proved to be the exploitable weak link.

Scale: ≈$70 million at the time; subsequent BTC appreciation made the case one of the costliest in hindsight.

Aftermath: the exchange avoided bankruptcy by socializing losses across clients and issuing BFX “recovery” tokens later redeemed for equity or cash. A significant share of the loot was eventually traced and seized — a rare recovery success.

Bottom line: failures in multisig process design cost Bitfinex ≈120,000 BTC, but a flexible restitution model and later seizures kept users whole and the exchange alive.

Coincheck: record XEM theft and a regulatory wake‑up call (2018)

Why it matters: the largest CEX theft at the time. It drove stricter storage and internal‑control rules in Japan.

How the attack happened: attackers obtained the single key to a hot wallet holding NEM. The likely vector was phishing and malware on staff devices. Skipping multisig was a critical mistake.

Scale: about 523 million XEM (≈$530 million at the time). On‑chain tagging and blocking of redemptions helped partially, but sizable sums still flowed through grey venues.

Aftermath: the exchange compensated most client losses and was acquired by a major financial group. Japan’s FSA conducted broad inspections and tightened custodial requirements.

Bottom line: one private key can equal one catastrophe. Coincheck cemented cold storage and multisig as de‑facto regulatory standards.

Binance: phishing, compromised APIs, and the SAFU backstop (2019)

Why it matters: the flagship‑exchange case showed that user behavior is a serious attack surface — and that an insurance fund can instantly absorb shocks.

How the attack happened: a prolonged phishing campaign and harvesting of 2FA/API data allowed attackers to trigger a large, coordinated withdrawal from a hot wallet.

Scale: 7,000 BTC — a small share of reserves for an industry leader, but a meaningful reputational stress test.

Aftermath: withdrawals were frozen promptly, an audit followed, and losses were fully covered from the SAFU fund. Clear communication and risk‑system tuning reinforced trust.

Bottom line: strong incident response plus a pre‑funded reserve turned a crisis into a demonstration of maturity and spared clients any loss.

Cryptopia: small‑exchange exposure and a painful wind‑down (2019)

Why it matters: a regional platform’s cautionary tale: even a relatively small hole can be fatal when reserves and response playbooks are lacking.

How the attack happened: hot‑wallet compromise and a gradual draining of balances. Insufficient reserves and weak incident response made ongoing operations impossible.

Scale: ≈$16–18 million across multiple assets — critical for a local exchange.

Aftermath: bankruptcy, years of asset reconciliation across hundreds of tokens, customer re‑identification, and piecemeal payouts.

Bottom line: without reserves, incident response, and the legal scaffolding for rapid compensation, even “modest” breaches can end a platform.

KuCoin: key compromise, DeFi laundering, and recovery of the lion’s share (2020)

Why it matters: one of the largest multi‑asset hot‑wallet drains; yet most funds were clawed back via rapid, coordinated action.

How the attack happened: attackers obtained private keys to part of the hot wallets and quickly withdrew assets, then followed a modern laundering route — DEX swaps and mixers.

Scale: ≈$275–280 million at the time.

Aftermath: stablecoin and token issuers froze or reissued assets; a major share was recovered. Users were made whole for the remainder, and storage/monitoring controls were upgraded.

Bottom line: when issuers, CEXs, analytics firms, and law enforcement move in lockstep, real losses can be sharply reduced even after a big breach.

FTX: not a hack but an “internal rupture,” plus an overnight drain (2022)

Why it matters: a collapse driven by mismanagement — and, in parallel, a rapid outflow of hundreds of millions during bankruptcy. A reminder that internal risks can eclipse external ones.

How the outflow happened: shortly after the bankruptcy announcement, hundreds of millions in crypto were moved out of FTX wallets within hours. Movement patterns and access pointed to an insider‑driven event.

Scale: ≈$0.5 billion. Against the broader balance‑sheet hole, this wasn’t the cause, but it reduced the estate available to creditors.

Aftermath: assets were consolidated into custodial cold storage, on‑chain tracing and freezes followed where possible, and criminal proceedings on fraud and governance abuses advanced in parallel.

Bottom line: segregated client funds, transparency, and independent controls are non‑negotiable. Even perfect firewalls cannot offset bad governance.

Bybit: record hot‑wallet drain and global coordination (2025)

Why it matters: the largest single‑event CEX theft by notional value. It accelerated cross‑border freezes and debate around next‑gen key management.

How the attack happened: attackers gained the private key to a large hot wallet and, in one sweep, withdrew hundreds of thousands of ETH. High speed and careful preparation helped sidestep standard alerting.

Scale: on the order of a billion‑plus dollars at the time — an absolute record for centralized‑exchange theft.

Aftermath: an immediate withdrawal pause, public commitments to full restitution, forensic analysis, and involvement of international agencies. Analysts quickly tagged portions of the funds, with freezes following.

Bottom line: a textbook “key‑leak” at maximum scale. The industry is accelerating toward no‑single‑key schemes (MPC, distributed HSMs, and tiered limits).

Why crypto exchanges get hacked: key attack vectors

Goal of this section: walk through common compromise scenarios — from key leaks to social engineering — link them to the cases, and pinpoint where centralized platforms are thinnest.

Private‑key leaks and weak storage policies

The primary risk for CEXs is the keys to hot wallets. If a single online key exists, compromising a device or staff account can grant full access. Splitting keys and enforcing limits was long underestimated — see Coincheck and similar cases.

Social engineering and targeted phishing

“Official” instruction emails, fake login portals, malicious attachments — the classics still work. Spear‑phishing against specific employees mimics internal correspondence to extract 2FA codes, API keys, or corporate‑network access.

API compromise and automated withdrawals

Leaked user API keys plus bypassed behavioral controls produce synchronized orders and mass withdrawals. The risk balloons without address allowlists and hard limits.

Integration and access‑architecture mistakes

Even advanced setups (multisig, custodial partners) can fail when roles and limits are misassigned. Skipping the “two‑person rule” for critical operations and weak network segmentation are frequent root causes.

Adjacent risks from DeFi and bridges

Modern exchanges interface with bridges and on‑chain protocols. A third‑party contract bug or liquidity‑management misstep can open a side door — or a rapid laundering route via DEXs.

How CEX defenses evolved: practices and tools

Where the industry is heading: from single‑key hot wallets to layered architectures where no single mistake is catastrophic. Below is a tour of key practices, with strengths and trade‑offs.

Cold storage of reserves

The bulk of client assets is kept offline; a limited hot pool with daily caps supplies operational liquidity.
  • Best for base reserves and long‑term holding.
  • Shrinks the attack surface for network‑borne threats and malware.

✅ Pros

  • Minimal online exposure.
  • Multi‑step approvals for withdrawals.
  • Clear segregation of reserves.

❌ Cons

  • Limited speed when replenishing the hot pool.
  • Reliance on procedural discipline and people.

Main point: cold storage is a non‑negotiable baseline; without sound operations and limits, it won’t save you on its own.

🔐 Protect your crypto with a hardware wallet

Multisignature (multisig)

Transactions require signatures from multiple independent keys, reducing single‑point‑of‑failure risk.
  • Applicable at both hot and cold layers.
  • Demands clear role separation and per‑operation limits.

✅ Pros

  • No single “master” key.
  • Flexible thresholds (e.g., 2‑of‑3, 3‑of‑5).

❌ Cons

  • Integration and key‑management errors can nullify the benefits.
  • Complex emergency recovery and key rotations.

Main point: multisig works only when paired with solid processes and independent audits.

MPC: Multi‑Party Computation — a cryptographic method in which a “whole” key never exists in one place; the signature is assembled from shares on separate devices.

HSM: Hardware Security Module — a certified hardware appliance for secure key generation and storage with access policies and audit trails.

🛡️ Learn about multisig wallets

MPC wallets

Distributed signing without any single private key. Improves resilience to insider threats and single‑node leaks.
  • Well suited for hot wallets and automated withdrawal flows.
  • Pairs effectively with hard limits and address allowlists.

✅ Pros

  • No single point of key compromise.
  • Flexible fault‑tolerance scenarios.

❌ Cons

  • Implementation and operational complexity.
  • Dependence on correct protocol implementations.

Main point: MPC reduces key‑leak risk but demands mature processes and regular drills.

HSMs and hardware key protection

Keys are generated and stored inside certified HSMs; signing occurs within the device, minimizing OS exposure.
  • Best for cold layers and critical signing roles.
  • Combines well with multisig/MPC and network segmentation.

✅ Pros

  • Prevents extraction of keys from memory.
  • Auditable actions and access policies.

❌ Cons

  • Cost and maintenance complexity.
  • The human factor in role management still matters.

Main point: HSMs harden the “physical” side of security but do not replace sound process controls.

Reserve funds and insurance (SAFU)

Dedicated reserves for incident compensation, replenished via fees or insurance policies.
  • Act as a cushion for rare but expensive events.
  • Require transparent rules for funding and use.

✅ Pros

  • Removes immediate pain for clients.
  • Builds trust and buys time for forensics.

❌ Cons

  • Not a substitute for security: funds are finite.
  • Risks of opacity and discretionary allocation.

Main point: a well‑structured fund is the fire brigade — not the firewall.

Proof of Reserves (PoR)

Cryptographic proof that an exchange controls assets at its addresses, often via a Merkle tree and signed addresses.
  • Adds asset‑side transparency but must be paired with a view of liabilities.
  • Encourages discipline in reserve management.

✅ Pros

  • Public on‑chain verification of assets.
  • Incentivizes prudent reserve practices.

❌ Cons

  • Without liabilities, PoR cannot reveal balance‑sheet holes.
  • Requires independence and regular cadence.

Main point: PoR is useful within a broader toolkit; ideally it’s complemented by Proof‑of‑Liabilities (PoL) and independent audits.

Bug bounty, red teaming, and incident response

Ongoing penetration testing, rewards for responsibly disclosed bugs, and rehearsed crisis playbooks.
  • Reduce the chance of nasty surprises in production.
  • Help contain damage quickly when incidents occur.

✅ Pros

  • Early discovery of vulnerabilities “before the bad guys.”
  • Clear roles and procedures under pressure.

❌ Cons

  • Cost and the need for sustained discipline.
  • Risk of false comfort without systemic fixes.

Main point: regular testing and a living response plan are core elements of mature CEX security, not optional extras.

Comparing exchanges’ responses to hacks

In the table: measures taken post‑attack, reaction time, and how customers were made whole.
🏦 Exchange 🧨 Incident type 💰 Losses (at the time) 🧾 Customer restitution ⏱️ Response time ⚖️ Regulators/status
Mt.Gox Prolonged leak
of keys		 ≈850,000 BTC Compensation via
bankruptcy		 Withdrawal halt →
bankruptcy		 Bankrupt; lengthy resolution
Bitfinex Multisig‑integration
failure		 ≈120,000 BTC 100% via
BFX tokens/equity		 Freeze, BFX issuance,
buyback		 Operational; some BTC later seized
Coincheck Hot wallet
single key		 ≈$530M
XEM		 ~90% from
own funds		 Freeze,
payout plan		 Operational; FSA tightened controls
Binance Phishing
API/2FA		 7,000 BTC Fully covered
by SAFU		 Immediate
withdrawal pause		 Operational; security enhanced
Cryptopia Wallet
compromise		 ≈$16–18M Through liquidation
(remaining assets)		 Service halted →
bankruptcy		 Liquidation; long payouts
KuCoin Theft of
private keys		 ≈$275–280M Major share
returned/frozen		 Rapid forensics,
freezes		 Operational; investigation ongoing
FTX Unauthorized drain
during bankruptcy		 ≈$0.5B Within
bankruptcy		 Emergency consolidation
to cold storage		 Bankrupt; criminal cases
Bybit Hot‑wallet
key leak		 ≈400,000 ETH Full compensation
publicly stated		 Withdrawal pause,
investigation		 Operational; global coordination

In brief: the most mature exchanges (Binance, KuCoin, Bitfinex) fully or almost fully covered client losses; weaker players (Mt.Gox, Cryptopia, FTX) failed. Response speed and pre‑positioned reserves largely determine an exchange’s fate.

How hackers “launder” stolen coins: a short example

Scenario: funds move to fresh addresses, are split into many transactions, and a portion goes to DEXs where tokens are swapped into more liquid assets. Next come mixers and cross‑chain hops. The aim is to muddle attribution and sever links to the original theft.

Bottom line: rapid issuer and exchange freezes, combined with on‑chain analytics, increasingly blunt these tactics — especially for stablecoins and tokens with freeze functions.

What to do if an exchange you use gets hacked

Step‑by‑step plan: minimize damage, secure access, preserve evidence. Even if you weren’t directly hit, act ahead of the curve.
  1. Stop activity: cancel open orders and revoke or disable API keys.
  2. Check your devices: change passwords, reset 2FA, and run a reputable malware scan.
  3. Move assets: withdraw remaining funds to your own cold‑storage wallet.
  4. Enable address allowlists and login/withdrawal alerts if the service stays online.
  5. Collect evidence: screenshots of balances, transactions, emails, and notifications.
  6. Follow official channels: compensation instructions, forensic updates, claim forms.
  7. If bankruptcy begins, file a creditor claim and complete KYC within the deadlines.
Prepare a spare hardware wallet and rehearse an emergency‑withdrawal plan in advance. Regularly audit how much you keep on exchanges — hold only what you need for active trading.
Phishing spikes during incident days. Don’t click links in “support” emails; verify domains and use bookmarks to access the exchange.

Timeline of the biggest crypto‑exchange hacks

How to read: amounts are shown as of the event date; methods are brief; status indicates whether the exchange survived.
🏦 Exchange 📅 Date 💰 Losses 🔓 Method ⚖️ Status
Mt.Gox Feb 2014 ≈850,000 BTC Prolonged key leakage
weak accounting		 Bankruptcy
Bitfinex Aug 2016 ≈120,000 BTC Compromise of
multisig schemes		 Operational; compensation
Coincheck Jan 2018 ≈$530M
XEM		 Hot wallet
without multisig		 Operational; payouts
BitGrail Feb 2018 ≈$170M
XNO		 Accounting errors
double withdrawals		 Bankruptcy
Zaif Sep 2018 ≈$60M Hot‑wallet theft Acquired
Cryptopia Jan 2019 ≈$16–18M Wallet
compromise		 Liquidation; payouts
CoinBene Mar 2019 >$100M Probable insider
access		 Service wound down
Binance May 2019 7,000 BTC Phishing
+ 2FA/API		 Operational; SAFU
Upbit Nov 2019 ≈$49M
ETH		 Hot‑wallet breach Operational; covered
KuCoin Sep 2020 ≈$275–280M Private keys
stolen		 Operational; partial recovery
BitMart Dec 2021 ≈$196M Hot‑wallet compromise Operational; compensation
FTX Nov 2022 ≈$0.5B Unauthorized drain
(insider)		 Bankruptcy
DMM Bitcoin May 2024 ≈4,503 BTC Hot‑wallet theft Operational; investigation
WazirX Jul 2024 >$200M Security
breach		 Operational; investigation
Bybit Feb 2025 ≈400,000 ETH Private‑key
leak		 Operational; compensation

In brief: combined losses from these breaches exceeded $4 billion at the time — and, accounting for later price appreciation, translate to tens of billions. These incidents drove tighter regulation and the adoption of stronger security standards.

🛡️ Check how exchanges protect your funds
Compare reserve‑storage requirements, disclosures, and compensation programs across leading platforms — then choose those that meet your security expectations.
Browse exchanges and terms

Questions and answers (FAQ)

How do hot wallets differ from cold ones — and why does it matter?
Hot wallets are connected to the internet and convenient for operational payouts but are more exposed. Cold (offline) storage holds the core reserve and requires manual access. At top exchanges, cold storage typically far exceeds the hot portion, and hot‑wallet withdrawals are capped.
Does multisig guarantee you’ll avoid a hack?
Multisig sharply reduces single‑point‑of‑failure risk, but it doesn’t eliminate integration errors, key leaks, or human mistakes. Proper design is vital: key distribution, emergency recovery, and hard limits.
What are SAFU and insurance funds — do they really cover losses?
They are dedicated reserves used to compensate incident losses. Effectiveness depends on transparency, fund size, and legal structure. Leading‑exchange cases show that a well‑designed fund can extinguish a crisis without client losses.
Why is it sometimes possible to get stolen funds back?
Stablecoin and some token issuers can freeze assets, exchanges can block deposits from tagged addresses, and analysts can trace on‑chain flows. Coordinated actions across the ecosystem can substantially reduce realized losses.
Should I keep crypto only in my own custody — not on an exchange?
For long‑term holdings — yes. Hardware or other offline wallets under your control minimize third‑party risk. Exchanges are convenient for trading and on/off‑ramps, but not as a long‑term vault.
What is Proof of Reserves and why isn’t it enough?
PoR proves that an exchange controls stated addresses and assets but doesn’t show liabilities to customers. A complete view requires liabilities (PoL) and an independent audit of processes.
How do I file a claim if an exchange goes bankrupt?
Typically a creditor portal is launched: verify your identity (KYC), upload evidence (balance and transaction screenshots), complete the form, and track deadlines. Filing early reduces the risk of missing distributions.
Is it risky to keep active API keys with brokers and bots?
Yes — especially if keys allow trading or withdrawals and aren’t limited by IP and scope. Grant minimum permissions, use IP allowlists, separate test keys, and delete unused keys.
How does MPC differ from multisig?
Multisig uses multiple full keys with a threshold (e.g., 2‑of‑3). With MPC, a “whole” key exists nowhere; the signature is assembled from shares. Both mitigate single‑point‑of‑failure risk, but MPC is often more convenient for automated hot‑layer flows.
How dangerous are SIM swaps and email takeovers?
They are common entry points for bypassing 2FA and resetting passwords. Hardware security keys (FIDO/U2F), a dedicated email not tied to your carrier, and prohibiting SIM changes without an in‑person visit all help.

Found this article useful?

Subscribe to our updates to not miss new reviews and ratings

View All Exchanges →