2020 — DeFi's growing pains
As DeFi protocols grew in 2020, attackers found that smart contracts holding millions of dollars often had exploitable logic. Flash loans — uncollateralized loans repaid within a single transaction — became the weapon of choice.
bZx Flash Loan Attacks (~$8M)
The first major flash loan exploits in DeFi. Attackers borrowed large amounts, manipulated prices on decentralized exchanges, and profited from the distortion — all in one transaction. These attacks demonstrated that composability between protocols could be weaponized.
Harvest Finance ($34M)
Flash loan price manipulation targeting Harvest's USDC and USDT vaults. The attacker repeatedly manipulated Curve pool prices to exploit how Harvest calculated deposit values, draining funds over multiple transactions in a short window.
KuCoin Hack ($280M)
Exchange hot wallet compromise. Attackers gained access to KuCoin's private keys and withdrew funds across multiple blockchains. Notably, most of the stolen funds were eventually recovered through cooperation with other exchanges and projects that froze or rolled back tokens.
2021 — DeFi summer exploits
The explosive growth of DeFi in 2021 brought record-breaking total value locked — and record-breaking exploits. Cross-chain protocols and oracle dependencies became prime targets.
Poly Network ($611M)
Cross-chain bridge exploit that was, at the time, the largest hack in crypto history. The attacker exploited a vulnerability in cross-chain message verification. In a surprising turn, the hacker — dubbed "Mr. White Hat" — returned all the stolen funds, claiming the attack was to expose the vulnerability.
Cream Finance ($130M across multiple attacks)
A series of flash loan and oracle manipulation attacks over the course of 2021. Cream Finance was exploited multiple times, highlighting how lending protocols that accept many collateral types expand their attack surface.
BadgerDAO ($120M)
Front-end attack via a compromised Cloudflare API key. Attackers injected malicious scripts into Badger's web interface, prompting users to approve token transfers to attacker-controlled addresses. The protocol's smart contracts were never exploited — only the website was compromised.
Vulcan Forged ($140M)
Private key compromise affecting the gaming and NFT platform. Attackers obtained private keys to multiple user wallets, draining funds directly. The incident underscored the risks of platforms that manage user keys on their behalf.
2022 — The year everything broke
2022 was the most devastating year in crypto history. Bridge exploits, governance attacks, algorithmic stablecoin collapses, and outright fraud combined for tens of billions in losses.
Ronin Bridge ($625M)
North Korea's Lazarus Group compromised 5 of the 9 validator keys securing the Ronin bridge, which powered Axie Infinity. The breach went undetected for six days. It was the largest hack until 2025 and demonstrated the catastrophic risk of bridge architectures that rely on a small validator set.
Wormhole ($325M)
A signature verification bug in the Solana-Ethereum bridge allowed the attacker to mint 120,000 wETH on Solana without depositing any ETH. Jump Crypto, Wormhole's backer, replaced the stolen funds to prevent cascading failures across the Solana ecosystem.
Nomad Bridge ($190M)
A "copy-paste exploit" where a code update accidentally made it possible for anyone to withdraw funds by copying a valid transaction and substituting their own address. Hundreds of users drained the bridge — one of the most unusual exploits in DeFi history.
Beanstalk ($182M)
Governance flash loan attack. The attacker took a flash loan to acquire enough governance tokens to pass a malicious proposal in a single transaction, draining the protocol's treasury. This exposed a fundamental vulnerability in on-chain governance systems without time locks.
Terra/LUNA Collapse (~$60B market value destroyed)
Not a hack, but the largest loss event in crypto history. The algorithmic stablecoin UST lost its peg, triggering a death spiral that wiped out both UST and LUNA. The collapse demonstrated that algorithmic stablecoins without sufficient reserves can fail catastrophically and suddenly.
FTX Collapse ($8B+ customer funds)
Not a hack but fraud. FTX, one of the largest centralized exchanges, was found to have misappropriated billions in customer deposits to fund its sister trading firm Alameda Research. The collapse wiped out customer funds, triggered industry-wide contagion, and led to criminal convictions.
Mango Markets ($114M)
Price oracle manipulation on the Solana-based trading platform. The attacker manipulated the price of MNGO token using their own large positions, then used the inflated collateral value to borrow and withdraw other assets from the platform.
2023 — Bridge problems continue
Despite heightened awareness, bridge-related incidents continued in 2023. Infrastructure-level attacks — compromising cloud services and team members rather than smart contracts — became more prominent.
Mixin Network ($200M)
The cloud service provider's database was compromised, giving attackers access to private keys and funds. This was not a smart contract exploit but an infrastructure breach, demonstrating that even well-designed protocols are only as secure as their hosting environment.
Euler Finance ($197M)
Flash loan attack exploiting a vulnerability in the lending protocol's liquidation logic. In a notable outcome, the attacker returned all funds after negotiation with the Euler team, making it one of the largest successful fund recoveries in DeFi.
Multichain ($126M)
The protocol's CEO was arrested by Chinese authorities, and the private keys securing the bridge were compromised. Funds were moved out of bridge contracts, and the protocol effectively ceased to exist. A cautionary tale about centralized key management in supposedly decentralized protocols.
Atomic Wallet ($100M)
Users' wallets were drained through an unknown attack vector, with the Lazarus Group suspected as the attacker. The exact method of compromise was never fully disclosed, though analysis suggested a supply chain or key management vulnerability.
USDC Temporary Depeg
When Silicon Valley Bank collapsed, it was revealed that Circle held $3.3B of USDC reserves there. USDC briefly depegged to $0.87 before recovering when the US government guaranteed SVB deposits. Not a hack, but a stark illustration of how stablecoins carry real-world banking risk.
2024 — Sophisticated attacks
By 2024, attackers increasingly targeted people rather than code. Social engineering, compromised signers, and private key theft overtook smart contract exploits as the primary attack vector.
DMM Bitcoin ($305M)
Japanese exchange DMM Bitcoin suffered a private key compromise that allowed attackers to drain funds. The incident reinforced that centralized exchanges remain high-value targets despite years of industry-wide security improvements.
PlayDapp ($290M)
Private key compromise on the gaming platform. Attackers gained access to a privileged key and minted large quantities of PLA tokens, effectively diluting and stealing value from existing holders.
WazirX ($235M)
India's largest crypto exchange was exploited through its multisig wallet infrastructure. The attacker bypassed the multi-signature security, suggesting either social engineering of signers or a vulnerability in the signing process itself.
Radiant Capital ($50M)
Multisig signers were compromised via sophisticated social engineering. Attackers targeted individual key holders, gaining control of enough keys to authorize malicious transactions. A direct example of why multisig security depends entirely on the humans holding the keys.
2025 — Record-breaking
2025 opened with the largest single hack in crypto history, setting a new benchmark for the scale of damage a single exploit can cause.
Bybit ($1.5B)
The largest crypto hack ever. North Korea's Lazarus Group compromised the Safe multisig UI used by Bybit, tricking signers into authorizing malicious transactions. The attack did not exploit a smart contract vulnerability — it targeted the human interface layer. This single incident nearly matched all of 2022's bridge exploits combined.
Cetus Protocol ($223M)
The largest DEX on the Sui blockchain was hit by a supply chain attack, resulting in significant fund losses. The incident highlighted that newer blockchain ecosystems face the same security challenges as more established ones.
Summary table
Major incidents ranked by amount lost:
| Year | Incident | Amount Lost | Type | Recovered? |
|---|---|---|---|---|
| 2025 | Bybit | $1.5B | Exchange | No |
| 2022 | FTX Collapse | $8B+ | Fraud | Partial (bankruptcy proceedings) |
| 2022 | Terra/LUNA | ~$60B (market value) | Stablecoin failure | No |
| 2022 | Ronin Bridge | $625M | Bridge | No |
| 2021 | Poly Network | $611M | Bridge | Yes (returned by hacker) |
| 2022 | Wormhole | $325M | Bridge | Yes (Jump Crypto replaced funds) |
| 2024 | DMM Bitcoin | $305M | Exchange | No |
| 2024 | PlayDapp | $290M | DeFi | No |
| 2020 | KuCoin | $280M | Exchange | Mostly recovered |
| 2024 | WazirX | $235M | Exchange | No |
| 2025 | Cetus Protocol | $223M | DeFi | No |
| 2023 | Mixin Network | $200M | Bridge | No |
| 2023 | Euler Finance | $197M | DeFi | Yes (returned after negotiation) |
| 2022 | Nomad Bridge | $190M | Bridge | Partial |
| 2022 | Beanstalk | $182M | DeFi | No |
| 2021 | Vulcan Forged | $140M | DeFi | No |
| 2021 | Cream Finance | $130M | DeFi | No |
| 2023 | Multichain | $126M | Bridge | No |
| 2021 | BadgerDAO | $120M | DeFi | No |
| 2022 | Mango Markets | $114M | DeFi | Partial |
| 2023 | Atomic Wallet | $100M | Exchange | No |
| 2024 | Radiant Capital | $50M | DeFi | No |
| 2020 | Harvest Finance | $34M | DeFi | No |
| 2020 | bZx | ~$8M | DeFi | No |
Common attack patterns
Across six years of exploits, the same categories of attack appear repeatedly:
Bridge exploits
Cross-chain bridges hold large pools of locked assets and rely on validator sets or cryptographic proofs to authorize withdrawals. Compromising the validators or the verification logic grants access to all locked funds. Bridges account for the majority of the largest individual hacks.
Flash loan attacks
Flash loans let anyone borrow millions with no collateral, provided they repay within one transaction. Attackers use this capital to manipulate prices, exploit vulnerable smart contracts, and extract profits — all with zero upfront risk. If the attack fails, the transaction simply reverts.
Private key compromise
Social engineering, malware, phishing, and insider threats targeting the humans who hold critical keys. As smart contract security improves, attackers increasingly go after the people rather than the code. This was the vector for Bybit, DMM Bitcoin, Radiant Capital, and many others.
Oracle manipulation
Oracles feed external price data to smart contracts. If an attacker can influence the price an oracle reports — by manipulating a low-liquidity trading pair, for example — they can trick protocols into mispricing assets, enabling profitable exploits.
Front-end and supply chain attacks
Rather than attacking the protocol's smart contracts, attackers compromise the website or dependencies that users interact with. BadgerDAO's Cloudflare API key compromise and Bybit's Safe UI manipulation are prime examples. The protocol can be perfectly secure while the interface is malicious.
Governance attacks
Using flash loans or accumulated tokens to pass malicious governance proposals that drain a protocol's treasury. Beanstalk's $182M exploit demonstrated how on-chain governance without time-delayed execution can be hijacked in a single transaction.
State-sponsored attacks
North Korea's Lazarus Group is responsible for over $3 billion in crypto theft, including the Ronin Bridge, Bybit, and Atomic Wallet hacks. These are well-resourced, patient operations with sophisticated social engineering capabilities far beyond typical cybercriminals.
Lessons from six years of exploits
- Bridges remain the biggest targets. Any architecture that pools large amounts of assets behind a small number of keys or validators is inherently high-risk. The bridge model concentrates value in a way that is extremely attractive to attackers.
- Centralized points of failure are critical. Multisig wallets are only as secure as their signers. If a handful of people can authorize billion-dollar transactions, compromising those people is sufficient. Key management is the hardest problem in crypto security.
- Code audits help but are not foolproof. Many exploited protocols had undergone professional audits. Audits reduce risk but cannot guarantee safety — they are a snapshot in time, and new vulnerabilities can be introduced through upgrades or composability with other protocols.
- Social engineering is increasingly common. As smart contracts get more secure, attackers target the humans who manage them. Phishing, fake job offers, compromised communication channels, and impersonation are all used to gain access to critical keys.
- State actors are in the game. The Lazarus Group's persistent, well-funded operations mean that high-value crypto targets face threats comparable to those facing national infrastructure. This is not a problem the industry can solve alone.
What this means for users
Individual users are rarely the direct target of these large-scale exploits. But understanding the risk landscape matters because:
- The protocols you deposit into may be exploited. Diversification across protocols reduces this risk.
- The bridges you use carry specific, well-documented risks. Minimize bridge exposure when possible.
- The exchanges you trust with custody can fail. Consider self-custody for significant amounts.
- Front-end attacks mean you should always verify what you are signing in your wallet before approving transactions.
Further reading:
See how your portfolio is exposed to protocol and bridge risk — no signup required.