Billions have been lost in crypto history, not from smart contract bugs, but from the very platforms people trust to store and trade their assets. Centralized exchanges have become the biggest honeypots in the digital asset space, often holding more value in a single hot wallet than most DeFi protocols manage in total.
From Mt Gox’s slow bleed in the early days of Bitcoin to Bybit’s billion dollar loss in under an hour, these breaches reveal how quickly trust can vanish when operational security fails. The following list ranks the ten largest CEX hacks by value lost, tells the full story behind each one, and ends with a blueprint for preventing the same fate.
1. Bybit — July 2025 — approximately 1.4 Billion USD
Why it matters
One of the largest single-day crypto thefts in history, executed in less than sixty minutes.
Story
Bybit, headquartered in Dubai and one of the largest global derivatives trading platforms, had a reputation for advanced infrastructure and rapid feature launches. That reputation took a major blow when the exchange lost over a billion dollars in less than one hour. The scale of the attack shook confidence among institutional traders and everyday users alike, showing that even high-tech platforms are not immune to basic operational lapses.
Technical view
Phishing emails targeted a DevOps administrator and stole credentials that gave access to a hot wallet key stored in a browser profile. The attacker drained 400,000 ETH by splitting the transfers into smaller transactions to avoid detection.
Simple view
An employee pasted the master vault key into a fake login page. The thief emptied the vault and disappeared before anyone could react.
2. Coincheck — January 2018 — 534 Million USD
Why it matters
A single hot wallet breach that changed Japan’s crypto regulations forever.
Story
Based in Tokyo and licensed under Japan’s Financial Services Agency, Coincheck was a dominant force in Japan’s crypto market with millions of active users. In early 2018, the exchange lost 700 million NEM tokens from a single hot wallet in what was then the largest theft in industry history. The incident forced regulators to impose stricter security requirements, making cold storage a legal standard for large Japanese exchanges.
Technical view
All customer NEM was stored in one hot wallet without multi signature protection. Attackers entered the internal network through an exposed remote desktop service, copied the wallet file, and executed mass withdrawals.
Simple view
All client coins were kept in one unguarded purse. A burglar found an open window, took the purse, and walked out.
3. FTX After Hours Drain — November 2022 — about 477 Million USD
Why it matters
A mysterious outflow during the most publicized collapse in crypto history.
Story
Once valued at over 30 billion USD, FTX was a Bahamas-based exchange serving millions worldwide. Just hours after the company filed for bankruptcy, hundreds of millions began vanishing from corporate wallets. The bizarre timing and absence of any public incident response pointed strongly to an insider, adding another layer of scandal to an already catastrophic failure.
Technical view
Private keys were stored in plain text on internal build servers. The exploiter converted assets to ETH, bridged them to other chains, and mixed them through RenVM.
Simple view
The vault door was left open during an evacuation. Someone already in the building took the money and vanished.
4. Mt Gox — 2011 to 2014 — about 460 Million USD at the time
Why it matters
A slow bleed that wiped out the largest Bitcoin exchange of its era.
Story
Based in Tokyo, Mt Gox once handled over 70 percent of all global Bitcoin trading volume. Between 2011 and 2014, the exchange leaked Bitcoin for years without realizing it, until over 650,000 BTC had vanished. The collapse destroyed trust in early centralized platforms and became the defining example of why reconciliation checks are critical.
Technical view
Transaction malleability allowed attackers to alter deposit IDs and trick the ledger into crediting deposits twice. About 650,000 BTC was lost before reconciliation checks failed.
Simple view
Customers forged deposit receipts and cashed them twice without anyone checking the vault.
5. DMM Bitcoin — May 2024 — 308 Million USD
Why it matters
A regulated exchange shows that compliance does not guarantee security.
Story
DMM Bitcoin is a licensed exchange in Japan backed by the DMM Group, a major Japanese conglomerate. In May 2024, it lost 48 billion yen in Bitcoin in a single automated sweep. The breach sent shockwaves through the country’s tightly regulated crypto market and reminded the industry that even compliant operations can be exposed.
Technical view
An unpatched Jenkins plugin leaked keys controlling multiple hot wallets. Attackers used large batch withdrawals across multiple addresses to hide the total volume.
Simple view
The spare key hung on a hook next to the vault door. Thieves grabbed it and emptied everything in one visit.
6. KuCoin — September 2020 — 281 Million USD
Why it matters
A rare major hack with significant fund recovery.
Story
Based in Singapore, KuCoin had grown into one of the world’s most popular trading hubs, known for its rapid token listings. In September 2020, the platform was hit in a multi chain hack that drained hundreds of millions in assets. Token issuers intervened quickly, freezing and reissuing assets to recover much of the loss, making it one of the few major breaches where damage was partially reversed.
Technical view
Attackers obtained hot wallet keys for ETH, TRON, and EOS. Token issuers froze or re minted assets, returning about two thirds of the stolen value.
Simple view
A thief stole cash and store vouchers. The cash was gone but the vouchers were cancelled and replaced.
7. WazirX — April 2024 — 230 Million USD
Why it matters
Vendor risk becomes the main attack vector.
Story
WazirX, based in India and owned by Binance at the time, was among the largest crypto platforms in the country. In April 2024, a vendor integration flaw exposed a withdrawal API token, allowing attackers to simulate legitimate withdrawals. The incident showed that exchanges are only as secure as their weakest third party partner.
Technical view
The withdrawal API token was stored in plain text logs. Attackers replayed these calls and bypassed signature checks.
Simple view
A contractor had a code that printed blank checks. They printed dozens and cashed them.
8. BitMart — December 2021 — 196 Million USD
Why it matters
One compromised key drained two chains in two hours.
Story
BitMart is a Cayman Islands registered exchange with a large presence in Asia and North America. In December 2021, a single private key breach gave attackers access to both Ethereum and BSC hot wallets. The theft’s speed and coordination showed how quickly damage can escalate when multiple chains share the same security controls.
Technical view
The same private key controlled wallets on two chains. The attacker withdrew the assets and routed them through Tornado Cash.
Simple view
One skeleton key opened two different safes. Once copied, both were emptied.
9. BitGrail — February 2018 — 170 Million USD
Why it matters
A small, single-operator exchange suffers a catastrophic software flaw.
Story
BitGrail, a small Italy-based exchange focused on Nano, was managed almost entirely by one person. In 2018, it announced that Nano balances had vanished due to what the owner described as software bugs. The breach led to lawsuits, regulatory investigations, and widespread accusations of negligence.
Technical view
A race condition allowed overlapping withdrawals that bypassed balance checks.
Simple view
Two bank tellers processed the same withdrawal slip at the same time and each gave out the money.
10. CoinBene — March 2019 — 105 Million USD
Why it matters
One of the most suspicious “maintenance mode” incidents in exchange history.
Story
CoinBene, a Singapore-based exchange with a strong presence in South America, suddenly announced maintenance in March 2019. Behind the scenes, more than 100 million USD was being moved to new addresses. Blockchain analytics suggested the transfers were made by someone with direct access to cold wallet keys.
Technical view
An insider used cold wallet keys to move funds to new addresses without triggering alerts.
Simple view
Someone with after hours access used the master key and switched off the alarms before leaving with the funds.
Lessons from a Decade of CEX Breaches
Looking across these incidents, the same weaknesses keep appearing
- Single points of failure such as one key controlling massive reserves
- Keys stored carelessly in plain text, browsers, or unpatched systems
- Weak segmentation between office networks and wallet infrastructure
- Vendor and API integrations that bypass critical security checks
- Software logic flaws including race conditions and transaction malleability
- Insider access to cold wallets without multi party authorization or monitoring
The Softstack Security Blueprint
At Softstack we address these vectors through a complete operational and technical security program:
- Cold storage segmentation with more than ninety percent of reserves offline
- Multi party hardware based signing for all high value withdrawals
- Per chain and per wallet key separation to prevent cross chain draining
- Continuous monitoring with automated anomaly detection
- Full integration and vendor security reviews to close API and partner risks
- Hardened build pipelines and best practice secret management
- Live attack simulations to uncover both insider and external threat
- Regular social engineering training to strengthen team awareness against phishing and manipulation attempts
- Comprehensive penetration testing to proactively identify and remediate exploitable weaknesses
- ISO 27001 certification to validate our information security management at the highest international standard
Partner with Softstack
Softstack is a German Web3 development and auditing firm with over 1,200 zero exploit audits since 2017. We deliver transparent, hands-on support from scoping through verification. Whether you are a seed stage startup or an enterprise protocol, we help you launch with confidence.
Ready to get started?
📞 Book a free consultation at https://calendly.com/softstack
OR
📤 Email hello@softstack.io with a link to your code repository so we can review your codebase and get you an accurate quotation.
Would you recommend Softstack to fellow Web3 builders?
Join our Service Partner Program (SPP) and provide your network with a trustworthy partner.
✅ Up to 20 percent referral commission
✅ Fast tracked onboarding
✅ Preferential rates
✅ Over 1 million dollars in partner savings via https://deals.softstack.io
✅ Lead sharing and co marketing support
