179 hack event(s)
Description of the event: SlowMist has issued a security alert to the cryptocurrency exchange ICRYPEX Global, stating that a potentially critical vulnerability has been identified.
Amount of loss: - Attack method: Security Vulnerability
Description of the event: SlowMist sent a security alert to the cryptocurrency exchange Azbitm, stating that a potential vulnerability has been detected.
Amount of loss: - Attack method: Unknown
Description of the event: Upbit CEO Woo Kyung-sik issued a public statement regarding the recent security breach and apologized to users, noting that the incident resulted from shortcomings in Upbit’s internal security management. On the morning of the 27th, Upbit detected abnormal withdrawals from its Solana-based wallets, prompting an immediate full-scale inspection of related networks and wallet systems. During the investigation, the team identified a vulnerability that could potentially be exploited to infer private keys, which has since been patched. To safeguard user assets, Upbit suspended all cryptocurrency deposits and withdrawals and initiated on-chain tracking and asset-freezing procedures for funds transferred externally. On December 6, after completing the replacement of all virtual asset wallets and strengthening security controls, Upbit restored full deposit and withdrawal services. According to current estimates, the total value affected by the incident is approximately KRW 44.5 billion (about USD 30.3 million). Of this amount, approximately KRW 38.6 billion (about USD 26.33 million) belongs to users, and KRW 2.3 billion (about USD 1.57 million) has been successfully frozen. Upbit’s own funds affected total approximately KRW 5.9 billion (about USD 4.02 million). On December 8, Upbit’s operating company Dunamu provided an update, stating that an additional KRW 2.6 billion (approximately USD 1.77 million) in compromised assets has now been frozen. Recovery procedures are currently in progress to ensure the secured funds can be safely reclaimed.
Amount of loss: $ 30,300,000 Attack method: Unknown
Description of the event: The Turkish cryptocurrency exchange BtcTurk has reportedly suffered another hack. BtcTurk acknowledged “unusual activity” in its hot wallets and has suspended deposits and withdrawals. However, the exchange did not disclose further details regarding the scale of the attack.
Amount of loss: $ 54,000,000 Attack method: Unknown
Description of the event: Crypto trading platform WOO X suffered an attack resulting in a loss of approximately $14 million. According to the official disclosure, the incident stemmed from a targeted phishing attack that compromised a team member’s device, allowing the attacker to gain access to the development environment.
Amount of loss: $ 14,000,000 Attack method: Phishing Attack
Description of the event: On July 19, on-chain investigator ZachXBT posted on his personal channel: “Looks like the India centralized exchange 'CoinDCX' was likely drained for ~$44.2M almost 17 hours ago and has yet to disclose the incident to the community.” Shortly afterward, the company confirmed the breach on X, describing it as a “sophisticated server breach” and stating that only corporate funds were affected.
Amount of loss: $ 44,200,000 Attack method: Security Vulnerability
Description of the event: According to monitoring by the SlowMist security team, cryptocurrency exchange BigONE has suffered a supply chain attack, with losses exceeding $27 million. The attacker breached the production network and altered the operating logic of servers related to account management and risk control, enabling unauthorized fund withdrawals. Notably, no private keys were leaked in this incident.
Amount of loss: $ 27,000,000 Attack method: Supply Chain Attack
Description of the event: The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits. Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions.
Amount of loss: $ 90,000,000 Attack method: Unknown
Description of the event: According to on-chain investigator ZachXBT, crypto exchange BitoPro was reportedly hacked on May 8, 2025, resulting in losses of approximately $11.5 million. The attacker drained assets from BitoPro’s hot wallets on Tron, Ethereum, Solana, and Polygon, then sold them via DEXs. The stolen funds were subsequently laundered through Tornado Cash or bridged via Thorchain to the Bitcoin network, eventually ending up in a Wasabi Wallet. BitoPro stated that the tactics used in this incident closely resemble those seen in several major international cases, attributing the attack to the North Korean hacking group Lazarus.
Amount of loss: $ 11,500,000 Attack method: Malicious Software
Description of the event: On February 21, 2025, on-chain investigator ZachXBT revealed a large-scale outflow of funds from the Bybit platform, resulting in the theft of over $1.46 billion.
Amount of loss: $ 1,460,000,000 Attack method: Supply Chain Attack
Description of the event: The Singapore-based Phemex cryptocurrency exchange's hot wallets were hacked, resulting in a loss of approximately $70 million.
Amount of loss: $ 70,000,000 Attack method: Unknown
Description of the event: The peer-to-peer cryptocurrency trading platform NoOnes suffered a major security breach earlier this month. CEO Ray Youssef explained that the breach occurred on January 1st due to an exploit involving their Solana bridge.
Amount of loss: $ 7,900,000 Attack method: Security Vulnerability
Description of the event: Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH (~$501k). The root cause of the attack was a reentrancy vulnerability in the _burn() function of the Rebalancer contract.
Amount of loss: $ 501,000 Attack method: Contract Vulnerability
Description of the event: According to Clipper's post-mortem, on December 1, 2024, an attacker exploited a vulnerability in a smart contract used by Clipper, manipulating the single-asset deposit and withdrawal feature. This manipulation affected the liquidity pools on the Optimism and Base networks, causing an imbalance that allowed the attacker to withdraw more assets than they had deposited. The attack resulted in a loss of approximately $457,878.
Amount of loss: $ 457,878 Attack method: Contract Vulnerability
Description of the event: The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets. The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83.
Amount of loss: $ 1,700,000 Attack method: Unknown
Description of the event: SUNRAY FINANCE experienced a private key compromise, allowing the exploiter to gain control of the SUN and ARC tokens and sell them off, draining the funds from DEX pairs. So far, the attacker has stolen approximately $2.855 million.
Amount of loss: $ 2,855,000 Attack method: Private Key Leakage
Description of the event: According to on-chain detective ZachXBT on his personal channel, cryptocurrency exchange M2 was hacked, resulting in the theft of approximately $13 million from several on-chain hot wallets.
Amount of loss: $ 13,700,000 Attack method: Unknown
Description of the event: During a routine GM token burn, Aark Digital encountered a callback error due to a third-party contract modification. To resolve this, Aark Digital initiated a contract upgrade and GM delisting to adjust affected user balances. Users holding GM were required to convert GM to USDC. Aark Digital ran a script to process these conversions, receiving inputs like target user, amount, token address, and decimals from event data. While executing, a single user’s USD Value shifted erroneously from 0.498942 to 498,942 * (10 ^ 12), due to an incorrect balance update (not from a deployed contract error). Exploiting this security vulnerability, the attacker caused Aark Digital a loss of 1,499,841 USDC and 159.09 ETH.
Amount of loss: $ 1,900,000 Attack method: Incorrect Balance Update
Description of the event: Scroll-based DEX protocol Ambient Finance announced on X platform that their domain has been hijacked. Until further notice, please do not interact with the Ambient Finance frontend.
Amount of loss: - Attack method: DNS Attack
Description of the event: According to the announcement from BingX, at around 4 AM Singapore time on September 20, BingX's security systems detected an unauthorized intrusion targeting one of their hot wallets.
Amount of loss: $ 45,000,000 Attack method: Unknown