Even though crypto has grown into a massive, multi-trillion dollar market, it’s still facing a persistent problem: hacks and scams. And get this, the biggest crypto hack ever just hit.

Unfortunately, there’s plenty of opportunity for bad actors looking to exploit new crypto users or vulnerable systems. In fact, these malicious folks have managed to steal over $10 billion in crypto in just the last five years, according to data from Chainalysis. And if you look at the past 11 years, six of them saw more than $1 billion vanish due to hacks and exploits, with a staggering peak of $3.7 billion in losses in 2022.

And it seems 2025 is keeping up this unwelcome trend. Already, the amount stolen this year is nearly as high as all of last year’s losses, and it’s largely thanks to one massive hack on a centralized exchange. This particular attack? It’s now considered the biggest crypto heist of all time, based on the value of the stolen assets at the time it happened.

1) Bybit – $1.4 billion

Taking the top spot for  the largest crypto hack ever is the incident involving Dubai-based exchange Bybit. Back in February 2025, a staggering sum—over 400,000 Ethereum, valued at $1.4 billion at the time, along with other Ethereum-based tokens—was stolen from their cold wallet.

Bybit’s co-founder and CEO, Ben Zhou, confirmed the attack, explaining that a planned transfer had been somehow manipulated. This resulted in the exchange unknowingly sending funds directly into the attacker’s wallet.

On-chain investigators quickly pointed fingers at North Korea’s infamous Lazarus Group, a state-sponsored hacking crew. This group was already known for stealing over $1.3 billion in crypto in hacks just in 2024! The FBI later backed up these suspicions, confirming that evidence did indeed point to Lazarus.

Despite the sheer scale of the hack, Bybit managed to keep things running smoothly. They processed all withdrawals as usual and quickly filled the massive Ethereum hole by using a mix of loans, deposits, and buying up more of the second-largest cryptocurrency.

Initial reports just days after the attack suggested the problem started when North Korean hackers injected malicious code into the systems of Safe, the wallet provider Bybit was using.

2) Poly Network – $611 million

Coming in second for biggest crypto hacks is Poly Network. This multi-chain platform, designed to let different blockchains work together, got hit hard in 2021. They lost around $611 million in various cryptocurrencies across three different blockchain networks.

On August 10, 2021, the network’s developers publicly announced the hack. They urgently asked miners and validators on Ethereum, Polygon, and BNB Chain (previously Binance Smart Chain), as well as centralized exchanges, to block any addresses linked to the hack.

Then, something unexpected happened. Facing intense pressure from the crypto community, the hackers started sending the stolen funds back to Poly Network within just a day! Ultimately, they returned almost everything within two weeks. In an unbelievable twist, the hackers claimed they did it all “just for fun,” in a bizarre episode that involved lots of online exchanges between the hacker, Poly Network, and the wider crypto world.

3) BNB Chain – $570 million

Number three on the list involves BNB Chain. Back on October 6, 2022, a hacker managed to get their hands on around $570 million worth of Binance Coin (BNB) by exploiting the BSC Token Hub on BNB Chain.

The way they did it was pretty clever (and bad!). The attacker essentially tricked the system into granting themselves 2 million brand new BNB tokens through what BNB Chain later called a “sophisticated forgery.”

But thankfully, the alarm was raised quickly. Irregular activity was spotted fast, and the chain initially paused operations, then fully halted them once the hack was confirmed. This quick response proved crucial. Thanks to the rapid actions of the BNB Chain team and its validators, only around $100 million of the massive $570 million was actually taken off the chain.

4) Coincheck – $530 million

Going further back in time, the fourth-largest hack on our list takes us to 2018. Japanese exchange Coincheck was hit by a massive $530 million theft of 523 million NEM tokens. Criminals managed to break into the “hot wallet” where these funds were stored.

This attack impacted over 260,000 users of the exchange. Showing some responsibility, the platform actually refunded about $400 million to those affected, using their own company cash, according to reports from The Guardian.

At the time, it was the biggest crypto hack the world had ever seen. However, the value of NEM has fallen quite a bit since then. If you were to look at today’s prices, those stolen NEM tokens would be worth about $10.36 million.

In a small victory two years later, the District Court in Tokyo announced they had seized a tiny portion of the stolen tokens.

5) Ronin Network – $552 million

Rounding out our top five is the Ronin Network hack, which happened in March 2022 and resulted in a loss of $552 million. Similar to the BNB Chain exploit, this attack targeted the bridge connecting the Ethereum gaming sidechain to other blockchains. Hackers managed to compromise private keys, and the US Treasury later pointed the finger at, you guessed it, North Korea’s Lazarus hacking group.

By gaining access to these private keys, the hackers were able to authorize transactions from 5 out of the 9 network validators. That was just enough to meet the minimum requirement to approve transfers. While the hack actually happened on March 23rd, it wasn’t revealed by Ronin until a week later. By then, the stolen assets were worth a whopping $622 million.

In the end, the attacker made off with 173,650 Wrapped Ethereum and 25.5 million USDC stablecoins.

Here’s a bit of good news: in September 2022, around $30 million of the stolen funds were recovered. This was a significant moment, marking the first successful seizure of funds stolen by North Korea’s infamous hacking group. Ronin’s creator, Sky Mavis, stepped up and repaid all the users who were affected. Eventually, the Ronin bridge was reopened with enhanced security and a broader set of validators to improve its safety and decentralization.