20 June


1:46 AM UTC
20 June


1:46 AM

Most Notorious Crypto Hacks in History

Although blockchain has great development potential in the future, this technology has not been effectively leveraged, and it also faced countless unpredictable risks so far.

Those vulnerabilities often revolve around the 2 following issues:

  • Flaws in the design of the decentralized economy
  • The algorithm containing bugs that hackers can exploit

Last year, these vulnerabilities caused severe damage to users and projects. The amount of loss was up to several million dollars, some amounted to hundreds of million dollars.

To help you understand more and stay alert to potential risks in the blockchain market, we will share with you some recent blockchain-related attacks in this article.

Hackers drain $622M from Ronin network

Ronin is an Ethereum sidechain developed for the hit NFT game Axie Infinity – a leading P2E game at that time. It attracts a lot of players, and the volume of assets transferred from Ethereum to Ronin is extremely large.

Source: Ronin Network

On the evening of March 29, 2022, Ronin was attacked by hackers, with the damage amounted to more than USD 622 million, making it the project with the heaviest loss in blockchain history.

With the nature of blockchain, hackers must manipulate more than 50% of the total number of nodes to steal assets on the network. Earlier on March 23, 2022, five out of the total nine nodes of the Ronin network were crashed (4 nodes of Sky Mavis and 1 Node of Axie Dao). The breach resulted in 173,600 ETH and 25.5 million USDC (over USD 622 million in total) being drained from the Ronin bridge in two transactions. 

Although the incident took place on March 23, it was not until March 29 that the loss was found. The news was spread widely, sparking negative responses from the Ronin community. The bridge had to stop its on-chain operation promptly to check and fix the bug. Binance supported Ronin in token conversion during this time. Sky Mavis then called for a USD 150 million bailout from Binance, Animoca Brands, a16z, Paradigm and Accel to remedy the consequences and pledge to reimburse users for the damage. 

Blockchain entails a lot of unforeseen risks, which are evident in the Ronin heist. The decentralization of blockchain is considered the highest security thanks to encryption algorithms. However, network attacks are always possible, especially for young blockchains. Errors in the design of the blockchain structure were also part of the damage. Due to the blockchain trilemma, Ronin gave its security to enhance transaction speed. These were the reasons why hackers could penetrate and take over assets on the network. Though blockchain is still a very potential field, we always have to be wary of such situations, thereby limiting unwanted investment risks.

Nomad Bridge: The first decentralized hack on the blockchain network

Similar to Ronin, Nomad is a bridge used to cross chain tokens between blockchains. Although the damage of Nomad attack ranks 5th in blockchain history, it is a very special case that is worth notice. Details of the breach are as follows:

Source: Nomad Bridge

Around 4:30 AM on August 2, the crypto community on Twitter started off noticing odd transactions related to Nomad. Specifically, MetaMask developer @sniko_ shared about a series of transactions that paid up to USD 350,000 but failed nevertheless. Later, this particular person found that it was an assault on Nomad, which massively withdrew WBTC, WETH, USDC and lots of other ERC-twenty tokens in numerous smaller transactions.

The community then discovered that Nomad’s vulnerability stemmed from the project’s permission to grant pickup permission to the default root message of 0x000… Someone located out and proceeded with the withdrawals. Others later on found the vulnerability and only copied and pasted the attacker’s original transaction, which allowed them to withdraw even if they were not the owner of the asset.

The assets were not stolen by a particular hacker but by different users of the network, making it the first decentralized hack in the industry. The amount of stolen assets were up to USD 176M, making Nomad the 5th most damaging hack in history.

Some of the most infamous exploits in the history of crypto, source: chainalysis

Significantly, the vulnerability comes from another bug that Quantstamp has detected and warned Nomad since early June. The project then fixed the root of 0x000…. that leads to the above-mentioned result. After the looting, Nomad immediately closed the bridge to find out the cause and urge the community to beware of scam payment requests from fake accounts. As a decentralized attack, it was really difficult to investigate and track the exploit transactions. Moreover, due to the blockchain nature, it was virtually impossible to determine the ‘looting’ addresses. Therefore, Nomad announced that it would refund an up to 10% bounty if the exploiters agreed to give the money back. However, the network only received USD 9.1 million in return – a very little amount compared to USD 176 million.

The massive hack of Solana-based Phantom wallet

Hot wallet is a software program connected to a blockchain that enables investors to store cryptocurrency. Although its structure is rather simple, its security can be regarded as the most reliable and secure in Dapps.

Users will receive a passphrase of 12 characters when they create a hot wallet. This password is considered to be the most secure one used to access the wallet. With the right passphrase, hot wallets can be accessed from anywhere in the world. Therefore, leaking passphrases on the internet is almost giving away your assets. In addition, the structure required to create a wallet is also an issue that few people care about. The generated password is often encrypted before being put on the blockchain, making it impossible for miners and transaction validators to read. Therefore, the passphrase for a personal wallet can only be known by the wallet’s creator. 

In short, to grasp the massive attack of wallets on the Solana network (like Phantom, Slope, and Trust wallets), let’s take a look at some critical points.

  • Why are Solana wallets hacked but not the network?
  • Why can the hacker access the wallet and take the asset even while the user doesn’t lose their passphrase?

Phantom wallet

There are a lot of questions surrounding the hack. On August 3, many Phantom, Slope, and Trust wallet users suddenly received notifications of transactions from their wallet on Solana to another wallet, even if they had not carried out such transactions. The odd thing is that the transaction is confirmed by their signature. Shortly afterwards, the information started to spread on Twitter, requesting the project team to speak out about the incident and offer remediation methods.

The report claimed that within 10 minutes, 8000 wallets had been compromised, resulting in a loss of assets of around $8 million USD. Because of the aforementioned aspect, the community proposed the following two hypotheses:

The hacker somehow discovered a large number of users’ seed phrases.

Due to Dapp access, a third party was able to hack users’ wallets.

Based on these two hypotheses, users began to revoke all permissions previously granted on the Dapp. At that time, Magic Eden, a Marketplace platform on Solana, was the project that the community targeted the most. They believed that this is where the attack occurred, thereby allowing hackers to gain access to the licensee’s wallet. Then, Magic Eden explained the incident. Magic Eden requests that everyone should remove their access from the DApp in order to prevent further unpleasant incidents, though they do not admit being hacked. Unfortunately, the attack continued. The community began to suspect that problems surrounding Solana’s algorithm exposed the wallet’s pass/seed phrase due to the ECDSA mechanism, which allows the hacker to recover users’ private keys before it is encrypted on the blockchain. Solana was compelled to shut down the network in order to stop the attack and identify the cause and address the issues.

Eventually, Solana’s engineers figured out the vulnerability. Since the user’s private key was exposed to application monitoring without encryption and uploaded directly to the blockchain due to a storage hole in Slope, it is understandable that hackers can make this massive attack. After that, the controversy erupted again. Although Solana’s algorithm was not the root of the problem, it received the majority of the criticism, making it the most underappreciated platform at the time.

What can we learn from the crypto hacks?

In addition to the hacks already discussed, there are still many others taking place on the market.

The projects need to figure out how to avoid this problem and users also have to learn how to make sure their assets are secure. Tracking what happens in the market is also an effective way to avoid it. In addition to the general characteristics that we can draw from exploits, detailed information about the incident will also help you gain more knowledge and understand the problem better. Thereby, when selecting projects with similar characteristics, we can consider investing and allocating capital effectively. 

Also, when tracking information about exploits, you will see how the developers and stakeholders react. In order for the names of related names to appear when the money goes down in the projects, we will need to immediately remember how they handled when the product happened. From there, better investment decisions can be made. We shouldn’t just look at the surface, we need to dig deep into the causes of what happened. There have been dark corners in the market, when exploits were set up just to cover up the dirty image, turning the project’s back on investors.


Although blockchain has a lot of development potential, it also includes the risk that you, as an ordinary user, cannot evaluate all of the algorithms. To avoid losing money, it is essential to comprehend dangers and take precautions based on lessons acquired. It is expected that readers will be able to make an informed choice and risk-avoidance strategies after reading this article.

Related news

The Decentralization of Identity

Virtually all human interactions depend on both parties being able to identify one another. It indicates sincerity and is a requirement for trust. The majority

Scroll to Top