CYNTRI AIAutonomous DeFi
🔍SEARCH
THE BODY COUNT
HOME/HACK DATABASE
🔓

Hack Database

38 ARTICLES

Every major crypto hack, exploit, and heist. The biggest thefts in digital history, dissected.

HACKS
38
TOTAL STOLEN
$4B+
RECOVERED
~15%
SPAN
2011-2026
Mt. Gox 2011: The Hack Nobody Noticed
2011

Mt. Gox 2011: The Hack Nobody Noticed

The first major crypto exchange hack. $8.75M stolen. BTC crashed to one cent. Nobody learned a thing.

$8.75M · Hot wallet compromise · No
Read full story →
Mt. Gox 2014: 850,000 Bitcoin Vanish Forever
2014

Mt. Gox 2014: 850,000 Bitcoin Vanish Forever

850,000 Bitcoin vanished. The biggest heist in crypto history.

$460M (then) / $85B+ (now) · 850,000 · Long-running theft · Partial (2024)
The DAO: The $60M Hack That Split Ethereum in Two
2016

The DAO: The $60M Hack That Split Ethereum in Two

The exploit that split Ethereum in two

$60M · 3.6 million · Reentrancy exploit · Yes (hard fork)
Coincheck: Japan's $530 Million Wake-Up Call
2018

Coincheck: Japan's $530 Million Wake-Up Call

$530 million stolen from a hot wallet. In Japan. Again.

$530M · NEM (XEM) · Hot wallet hack · Partial
Poly Network: The $611M Hack With a Plot Twist
2021

Poly Network: The $611M Hack With a Plot Twist

Stole $611 million. Then gave it all back.

$611M · Cross-chain exploit · Yes (voluntarily returned)
Ronin Bridge: North Korea's $625M Payday
2022

Ronin Bridge: North Korea's $625M Payday

North Korea stole $625M from a video game. Nobody noticed for six days.

$625M · Validator key compromise · Lazarus Group (North Korea) · Partial
Wormhole: $320M Stolen, Then Counter-Exploited Back
2022

Wormhole: $320M Stolen, Then Counter-Exploited Back

120,000 ETH minted from thin air. Jump Crypto bailed it out the next day. Then they hacked the hacker to get it back.

$320M · 120,000 wETH · Jump Crypto (same day) · $225M recovered
The FTX Hack: $477M Vanishes as the Empire Falls
2022

The FTX Hack: $477M Vanishes as the Empire Falls

$477M stolen from FTX as the exchange was already dying

$477M · Insider theft post-collapse · During bankruptcy filing · Ongoing
Mixin Network: The $200M Cloud Heist
2023

Mixin Network: The $200M Cloud Heist

The cloud provider got hacked. $200M walked out the door.

$200M · Cloud provider breach · No
Bybit: The $1.5 Billion Heist That Shook Crypto
2025

Bybit: The $1.5 Billion Heist That Shook Crypto

The largest crypto hack ever. $1.5 billion. One transaction.

$1.5B · Safe wallet UI manipulation · Lazarus Group (North Korea) · Ongoing
MEV Sandwich Attacks: The Invisible Tax on Every Trade
2025

MEV Sandwich Attacks: The Invisible Tax on Every Trade

$220,764 in USDC became $5,271 of USDT in eight seconds. The trader thought stablecoins were safe. The bot knew better.

$215,000 · 8 seconds · $60M+ · 1 entity = 70%
EIP-7702: Ethereum's Feature That Drains Wallets
2025

EIP-7702: Ethereum's Feature That Drains Wallets

Ethereum's Pectra upgrade gave users batch transactions. It gave attackers a way to drain 15,000+ wallets for $12 million in two months.

$12M+ · 15,000+ · 80%+ · Inferno Drainer
Bithumb: The $44 Billion Typo That Almost Broke an Exchange
2026

Bithumb: The $44 Billion Typo That Almost Broke an Exchange

One employee typed 'BTC' instead of 'KRW.' 620,000 ghost Bitcoins appeared. Chaos followed.

620,000 · $44B · 99.7% · 35 min
Resolv: The $25 Million Stablecoin That Minted Itself to Death
2026

Resolv: The $25 Million Stablecoin That Minted Itself to Death

One compromised private key. 80 million unbacked stablecoins minted. $25 million drained. The code worked perfectly. The humans did not.

~$25M · 80M USR · -95% · Compromised Key
Drift Protocol: $285M Solana DeFi Exploit
2026

Drift Protocol: $285M Solana DeFi Exploit

Solana's biggest perps exchange lost $285M in minutes through compromised admin keys.

$285M · Admin Key Leak · $0
Drift Protocol Update: North Korea Confirmed, Circle's Six-Hour Silence Exposed
2026

Drift Protocol Update: North Korea Confirmed, Circle's Six-Hour Silence Exposed

Lazarus Group stole $285M in 12 minutes. Bridged $230M through Circle's CCTP during business hours. Circle did nothing for six hours.

$285M · $230M · 6 hours late · Lazarus Group
Kelp DAO: The $292M Hack That Broke Restaking
2026

Kelp DAO: The $292M Hack That Broke Restaking

Lazarus Group spoofed a LayerZero message and walked off with 18% of all rsETH. Aave triggered a $9B panic withdrawal. Circle got sued.

$292M · 18% · $9B · Lazarus Group
Grinex: The 'Hack' That Looked Like an Exit
2026

Grinex: The 'Hack' That Looked Like an Exit

$13.74M drained across 54 wallets. Grinex blamed hostile foreign intelligence. Chainalysis hinted at a false flag exit scam.

$13.74M · 54 · Western Intel · Exit Scam
TrustedVolumes: The $6.7M Function Anyone Could Call
2026

TrustedVolumes: The $6.7M Function Anyone Could Call

A custom RFQ swap proxy let anyone whitelist themselves as an authorized signer. The hacker drained $6.7M, swapped to ETH, and walked.

$6.7M · RFQ Proxy Flaw · $0 · May 2026
Echo Protocol: The $77M Admin Key That Minted eBTC
2026

Echo Protocol: The $77M Admin Key That Minted eBTC

A compromised admin key let an attacker mint 1,000 eBTC worth $77 million on Monad. The hacker borrowed $3.45M in WBTC and laundered $822K through Tornado Cash before Echo burned the rest.

$77M · $822K · 955 eBTC · May 2026
THORChain: The $10.8M Key Leak That Broke the Vault
2026

THORChain: The $10.8M Key Leak That Broke the Vault

A freshly churned validator node exploited a flaw in THORChain’s GG20 threshold signature scheme, reconstructing a vault private key and draining $10.8M across Bitcoin, Ethereum, BNB Chain, and Base. 12,847 wallets got hit.

$10.8M · GG20 TSS Flaw · $0 · May 2026
Volo Protocol: The $3.5M Hack That Ended With $60K Lost
2026

Volo Protocol: The $3.5M Hack That Ended With $60K Lost

Someone stole $3.5 million from Volo Protocol. Volo got almost all of it back. In DeFi, that almost never happens.

$3.5M · $3.44M · $60K · Admin Key
Wasabi Protocol: One Key, No Multisig, $5.9M Gone in Three Minutes
2026

Wasabi Protocol: One Key, No Multisig, $5.9M Gone in Three Minutes

Wasabi Protocol had one admin key controlling every vault across four blockchains. No backup. No delay. No protection. Someone got the key.

$5.9M · 4 · 3 mins · $0
New Market Trading: The Missing Check That Drained 86 Wallets
2026

New Market Trading: The Missing Check That Drained 86 Wallets

86 crypto wallets. Two hours. $3.2 million gone. The code that made it possible was publicly readable on the blockchain the whole time.

$3.2M · 86 · 2 hours · $0
StakeDAO: Someone Minted 5.4 Trillion Tokens and Got $91K
2026

StakeDAO: Someone Minted 5.4 Trillion Tokens and Got $91K

On paper, the attacker had $763 billion worth of tokens. In practice, they extracted $91,000. The gap between those two numbers is the whole story.

5.4 trillion · $763B · $91K · Key Compromise
Rhea Finance: 423 Fake Wallets, Two Days of Prep, $18.4 Million Gone
2026

Rhea Finance: 423 Fake Wallets, Two Days of Prep, $18.4 Million Gone

Someone spent two days building 423 fake wallets before robbing NEAR's biggest DeFi protocol. $18.4 million gone. Half came back. The person who took the other half has never been caught.

$18.4M · 423 · 2 days · ~$9M
Hyperbridge: They Said It Could Not Be Hacked. It Got Hacked.
2026

Hyperbridge: They Said It Could Not Be Hacked. It Got Hacked.

Hyperbridge joked about being unhackable on April Fools Day. Twelve days later someone minted $1.19 billion in fake tokens on their bridge. The attacker walked away with $237,000. The jokes were deleted. Nobody has been caught.

1,000,000,000 · $1.19B · $237K · 12
Zcash: Claude Opus Found in Hours What Auditors Missed for Four Years
2026

Zcash: Claude Opus Found in Hours What Auditors Missed for Four Years

A four-year-old bug in Zcash's privacy pool. Found by an AI the day after it launched. Patched in five days. Disclosed on day seven. By then the insiders knew, the exchanges had frozen withdrawals, and retail was rotating in while BTC dumped. The Holy Trinity is dead.

May 2022 · Hours · 31% · 7 days
TesseraDAO: Someone Printed 99 Million Tokens and Walked Away With $2.5 Million
2026

TesseraDAO: Someone Printed 99 Million Tokens and Walked Away With $2.5 Million

On BNB Chain, someone with admin key access minted 99 million TSR tokens from nothing, sold all of them, bridged $2.5 million to Ethereum, and laundered 1,285 ETH through Tornado Cash. TesseraDAO has not said a word.

99,000,000 · $2.5M · 99% · 1,285.5 ETH via Tornado Cash
Humanity Protocol: ZachXBT Doesn't Buy the Story. $32 Million Is Gone Either Way.
2026

Humanity Protocol: ZachXBT Doesn't Buy the Story. $32 Million Is Gone Either Way.

H token hit $0.85 on June 2. Seven days later 17 wallets were drained, 100 million tokens minted from nothing, and $32 million converted to ETH. ZachXBT called it possibly staged. The team blamed one compromised laptop. Neither story is complete.

$32M · 94% · 100,000,000 · 7
SwapNet: Someone Turned Off the Safety Setting and Lost $13.34 Million
2026

SwapNet: Someone Turned Off the Safety Setting and Lost $13.34 Million

18 Matcha Meta users turned off a safety setting to speed up their trades. An attacker exploited SwapNet's smart contract to drain everything those 18 wallets had approved. One user lost $13.34 million. The other 17 split $90,000. PeckShield called it the largest approval attack in DeFi history.

$13.43M · $13.34M · 18 · Zero
Aztec: They Threw Away the Keys. Then Someone Robbed the Building Twice.
2026

Aztec: They Threw Away the Keys. Then Someone Robbed the Building Twice.

Aztec shut down two privacy bridges years ago and renounced the admin keys to prove they were decentralized. In June 2026, an attacker drained both of them - $4.35 million total - and nobody could lift a finger to stop it. That was the whole point of the design.

$2.19M · $2.16M · $4.35M · 4 DAYS
Aptos: A $3,000 Server Found the Bug That Could Have Broken $70 Billion
2026

Aptos: A $3,000 Server Found the Bug That Could Have Broken $70 Billion

Two ethical hackers rented $3,000 worth of servers and found a flaw in the Aptos blockchain that could have minted counterfeit stablecoins, seized bridges, and forged assets across the entire ecosystem. Estimated damage: up to $70 billion. Actual damage: zero, because they reported it first.

$70B · $3,000 · ~90% · $0
He Spent $4.4 Million to Vote Himself $20 Million, and It Was Legal
2026

He Spent $4.4 Million to Vote Himself $20 Million, and It Was Legal

No smart contract was hacked. No key was stolen. No website was spoofed. An attacker spent $4.4 million buying votes, submitted a proposal to send themselves the treasury, and won the election 99.9% to nothing. Seven wallets voted. This is what on-chain democracy looks like.

$20M · $4.4M · 7 · 99.878%
A Privacy Chain Got Robbed for $4.67M and Didn't Notice for Seven Days
2026

A Privacy Chain Got Robbed for $4.67M and Didn't Notice for Seven Days

Secret Network encrypts every balance by default. That is the entire product. So when an attacker minted $4.67 million in tokens backed by nothing, the missing money did not show up anywhere. The chain hid the theft from its own team for a full week. The privacy worked perfectly. That was the problem.

$4.67M · 7 DAYS · SINCE 2023 · 0
They Reset a Hardware Wallet's Password With a Laser, and It Can Never Be Fixed
2026

They Reset a Hardware Wallet's Password With a Laser, and It Can Never Be Fixed

Tangem built its wallet cards with no firmware updates and called it a security feature - nothing can be changed, so nothing can be tampered with. Then Ledger's researchers pointed a laser at the chip, flipped one bit, and reset the password without knowing the old one. The flaw is now permanent on every card ever sold.

LASER PULSE · ~2 HOURS · ~$250K · NEVER
Some Wallets Have Been Guessable Since 2018, and Someone Finally Started Guessing
2026

Some Wallets Have Been Guessable Since 2018, and Someone Finally Started Guessing

A recovery phrase is supposed to be one of trillions of trillions of possibilities. Some software wallets built theirs with a broken random number generator, quietly making them guessable. On May 27, 2026, someone guessed 431 of them at once and drained $3.14 million. The wallets had been sitting ducks since 2018.

$3.14M · ~$5M · 2,114+ · 2018
A North Korean Operative Wrote Code Inside MetaMask for a Month Before Anyone Noticed
2026

A North Korean Operative Wrote Code Inside MetaMask for a Month Before Anyone Noticed

He called himself Tyler Knapp. He came recommended through a trusted contractor. For about a month he wrote core code for MetaMask - the wallet 30 million people use - including the features that move money between crypto and cash. Then Consensys realized who he actually worked for: North Korea.

~1 MONTH · CORE WALLET · $577M · NONE (CLAIMED)
SPONSORED
CYNTRI AIPredictive Intelligence for Autonomous DeFi.Learn More →