CryptoExchangePicks

Crypto Exchange Hacks: A History & How to Stay Safe

Last updated: March 2026

Why Exchange Security History Matters

Since the birth of cryptocurrency trading, exchange hacks have resulted in the loss of tens of billions of dollars. Understanding this history helps you identify red flags, evaluate exchanges, and protect your holdings.

Major Exchange Hacks: A Timeline

Timeline of major cryptocurrency exchange hacks from 2014 to 2025

Mt. Gox — 2014 (850,000 BTC)

The world's largest exchange handling 70% of all BTC transactions. 850,000 BTC stolen over several years due to catastrophic key management — funds stored in hot wallets with no auditing. Became the catalyst for cold storage standards.

Bitfinex — 2016 (120,000 BTC)

Attackers exploited vulnerabilities in multi-signature wallet architecture. Bitfinex socialized losses across users (36% haircut) and issued IOUs. In 2022, $3.6B of stolen funds were recovered by US authorities.

Coincheck — 2018 ($530M in NEM)

$530M stored in a single hot wallet without multi-sig. Led directly to Japan's comprehensive crypto exchange regulations.

Binance — 2019 ($40M — Recovered via SAFU)

Binance lost 7,000 BTC through sophisticated social engineering. All losses covered by the SAFU insurance fund — no user lost money. Validated the concept of exchange insurance funds.

FTX — 2022 ($8B Fraud)

Not a hack but systematic fraud. $8B in customer funds misappropriated to Alameda Research. Triggered industry-wide adoption of Proof of Reserves. Binance, Bitget, Kraken, and Bybit all implemented PoR systems.

WazirX — 2024 ($230M)

Multi-sig wallet compromised through manipulated signing requests. Funds laundered through Tornado Cash within hours. Reinforced that multi-sig is not a silver bullet.

Bybit — 2025 ($1.4B, Lazarus Group)

The largest exchange hack in history. North Korea's Lazarus Group compromised Safe's signing interface via supply-chain attack. Bybit covered all losses and maintained withdrawals throughout. Exposed supply-chain dependencies.

How the Industry Improved

Cold storage: 90-95% of assets now kept offline. Proof of Reserves: Industry standard after FTX. Insurance funds: Binance SAFU, Bitget $300M fund. Regulation: MiCA, Japan FSA rules now require specific custody and capital standards.

How to Protect Yourself

Security checklist for protecting cryptocurrency on exchanges

1. Choose exchanges with PoR, insurance funds, and regulatory licenses. 2. Enable 2FA with an authenticator app. 3. Use withdrawal whitelists. 4. Don't keep large amounts on exchanges — use hardware wallets. 5. Diversify across 2–3 exchanges like Binance, Kraken, and Bybit. 6. Learn to spot crypto scams.

Frequently Asked Questions

By dollar value: Bybit ($1.4B, February 2025). By impact: FTX ($8B fraud, 2022). Mt. Gox (850,000 BTC, 2014) was the most consequential for industry standards.
It depends on the exchange. Binance (2019) and Bybit (2025) covered all losses from insurance funds. Mt. Gox users waited over a decade for partial reimbursement. Choose exchanges with protection funds.
Exchanges publicly prove they hold enough assets to cover all deposits, verified by third-party auditors using cryptographic methods. Standard after FTX's collapse.
Regulation significantly reduces risk but doesn't eliminate it. Combine a regulated exchange with personal security: 2FA, withdrawal whitelists, and cold storage for larger amounts.
Hardware wallets (Ledger, Trezor) for long-term storage. Use exchanges only for active trading. Enable all security features on exchange accounts.
Look for: Proof of Reserves, insurance fund, regulatory licenses, transparent incident history, cold storage practices, and support for hardware key 2FA and withdrawal whitelists.