Hack Database
38 ARTICLESEvery major crypto hack, exploit, and heist. The biggest thefts in digital history, dissected.

Mt. Gox 2011: The Hack Nobody Noticed
The first major crypto exchange hack. $8.75M stolen. BTC crashed to one cent. Nobody learned a thing.

Mt. Gox 2014: 850,000 Bitcoin Vanish Forever
850,000 Bitcoin vanished. The biggest heist in crypto history.

The DAO: The $60M Hack That Split Ethereum in Two
The exploit that split Ethereum in two

Coincheck: Japan's $530 Million Wake-Up Call
$530 million stolen from a hot wallet. In Japan. Again.

Poly Network: The $611M Hack With a Plot Twist
Stole $611 million. Then gave it all back.

Ronin Bridge: North Korea's $625M Payday
North Korea stole $625M from a video game. Nobody noticed for six days.

Wormhole: $320M Stolen, Then Counter-Exploited Back
120,000 ETH minted from thin air. Jump Crypto bailed it out the next day. Then they hacked the hacker to get it back.

The FTX Hack: $477M Vanishes as the Empire Falls
$477M stolen from FTX as the exchange was already dying

Mixin Network: The $200M Cloud Heist
The cloud provider got hacked. $200M walked out the door.

Bybit: The $1.5 Billion Heist That Shook Crypto
The largest crypto hack ever. $1.5 billion. One transaction.

MEV Sandwich Attacks: The Invisible Tax on Every Trade
$220,764 in USDC became $5,271 of USDT in eight seconds. The trader thought stablecoins were safe. The bot knew better.

EIP-7702: Ethereum's Feature That Drains Wallets
Ethereum's Pectra upgrade gave users batch transactions. It gave attackers a way to drain 15,000+ wallets for $12 million in two months.
Bithumb: The $44 Billion Typo That Almost Broke an Exchange
One employee typed 'BTC' instead of 'KRW.' 620,000 ghost Bitcoins appeared. Chaos followed.

Resolv: The $25 Million Stablecoin That Minted Itself to Death
One compromised private key. 80 million unbacked stablecoins minted. $25 million drained. The code worked perfectly. The humans did not.

Drift Protocol: $285M Solana DeFi Exploit
Solana's biggest perps exchange lost $285M in minutes through compromised admin keys.

Drift Protocol Update: North Korea Confirmed, Circle's Six-Hour Silence Exposed
Lazarus Group stole $285M in 12 minutes. Bridged $230M through Circle's CCTP during business hours. Circle did nothing for six hours.

Kelp DAO: The $292M Hack That Broke Restaking
Lazarus Group spoofed a LayerZero message and walked off with 18% of all rsETH. Aave triggered a $9B panic withdrawal. Circle got sued.

Grinex: The 'Hack' That Looked Like an Exit
$13.74M drained across 54 wallets. Grinex blamed hostile foreign intelligence. Chainalysis hinted at a false flag exit scam.

TrustedVolumes: The $6.7M Function Anyone Could Call
A custom RFQ swap proxy let anyone whitelist themselves as an authorized signer. The hacker drained $6.7M, swapped to ETH, and walked.

Echo Protocol: The $77M Admin Key That Minted eBTC
A compromised admin key let an attacker mint 1,000 eBTC worth $77 million on Monad. The hacker borrowed $3.45M in WBTC and laundered $822K through Tornado Cash before Echo burned the rest.

THORChain: The $10.8M Key Leak That Broke the Vault
A freshly churned validator node exploited a flaw in THORChain’s GG20 threshold signature scheme, reconstructing a vault private key and draining $10.8M across Bitcoin, Ethereum, BNB Chain, and Base. 12,847 wallets got hit.

Volo Protocol: The $3.5M Hack That Ended With $60K Lost
Someone stole $3.5 million from Volo Protocol. Volo got almost all of it back. In DeFi, that almost never happens.

Wasabi Protocol: One Key, No Multisig, $5.9M Gone in Three Minutes
Wasabi Protocol had one admin key controlling every vault across four blockchains. No backup. No delay. No protection. Someone got the key.

New Market Trading: The Missing Check That Drained 86 Wallets
86 crypto wallets. Two hours. $3.2 million gone. The code that made it possible was publicly readable on the blockchain the whole time.

StakeDAO: Someone Minted 5.4 Trillion Tokens and Got $91K
On paper, the attacker had $763 billion worth of tokens. In practice, they extracted $91,000. The gap between those two numbers is the whole story.

Rhea Finance: 423 Fake Wallets, Two Days of Prep, $18.4 Million Gone
Someone spent two days building 423 fake wallets before robbing NEAR's biggest DeFi protocol. $18.4 million gone. Half came back. The person who took the other half has never been caught.

Hyperbridge: They Said It Could Not Be Hacked. It Got Hacked.
Hyperbridge joked about being unhackable on April Fools Day. Twelve days later someone minted $1.19 billion in fake tokens on their bridge. The attacker walked away with $237,000. The jokes were deleted. Nobody has been caught.

Zcash: Claude Opus Found in Hours What Auditors Missed for Four Years
A four-year-old bug in Zcash's privacy pool. Found by an AI the day after it launched. Patched in five days. Disclosed on day seven. By then the insiders knew, the exchanges had frozen withdrawals, and retail was rotating in while BTC dumped. The Holy Trinity is dead.

TesseraDAO: Someone Printed 99 Million Tokens and Walked Away With $2.5 Million
On BNB Chain, someone with admin key access minted 99 million TSR tokens from nothing, sold all of them, bridged $2.5 million to Ethereum, and laundered 1,285 ETH through Tornado Cash. TesseraDAO has not said a word.

Humanity Protocol: ZachXBT Doesn't Buy the Story. $32 Million Is Gone Either Way.
H token hit $0.85 on June 2. Seven days later 17 wallets were drained, 100 million tokens minted from nothing, and $32 million converted to ETH. ZachXBT called it possibly staged. The team blamed one compromised laptop. Neither story is complete.

SwapNet: Someone Turned Off the Safety Setting and Lost $13.34 Million
18 Matcha Meta users turned off a safety setting to speed up their trades. An attacker exploited SwapNet's smart contract to drain everything those 18 wallets had approved. One user lost $13.34 million. The other 17 split $90,000. PeckShield called it the largest approval attack in DeFi history.

Aztec: They Threw Away the Keys. Then Someone Robbed the Building Twice.
Aztec shut down two privacy bridges years ago and renounced the admin keys to prove they were decentralized. In June 2026, an attacker drained both of them - $4.35 million total - and nobody could lift a finger to stop it. That was the whole point of the design.

Aptos: A $3,000 Server Found the Bug That Could Have Broken $70 Billion
Two ethical hackers rented $3,000 worth of servers and found a flaw in the Aptos blockchain that could have minted counterfeit stablecoins, seized bridges, and forged assets across the entire ecosystem. Estimated damage: up to $70 billion. Actual damage: zero, because they reported it first.

He Spent $4.4 Million to Vote Himself $20 Million, and It Was Legal
No smart contract was hacked. No key was stolen. No website was spoofed. An attacker spent $4.4 million buying votes, submitted a proposal to send themselves the treasury, and won the election 99.9% to nothing. Seven wallets voted. This is what on-chain democracy looks like.

A Privacy Chain Got Robbed for $4.67M and Didn't Notice for Seven Days
Secret Network encrypts every balance by default. That is the entire product. So when an attacker minted $4.67 million in tokens backed by nothing, the missing money did not show up anywhere. The chain hid the theft from its own team for a full week. The privacy worked perfectly. That was the problem.

They Reset a Hardware Wallet's Password With a Laser, and It Can Never Be Fixed
Tangem built its wallet cards with no firmware updates and called it a security feature - nothing can be changed, so nothing can be tampered with. Then Ledger's researchers pointed a laser at the chip, flipped one bit, and reset the password without knowing the old one. The flaw is now permanent on every card ever sold.

Some Wallets Have Been Guessable Since 2018, and Someone Finally Started Guessing
A recovery phrase is supposed to be one of trillions of trillions of possibilities. Some software wallets built theirs with a broken random number generator, quietly making them guessable. On May 27, 2026, someone guessed 431 of them at once and drained $3.14 million. The wallets had been sitting ducks since 2018.

A North Korean Operative Wrote Code Inside MetaMask for a Month Before Anyone Noticed
He called himself Tyler Knapp. He came recommended through a trusted contractor. For about a month he wrote core code for MetaMask - the wallet 30 million people use - including the features that move money between crypto and cash. Then Consensys realized who he actually worked for: North Korea.