Imagine waking up one morning to find your Bitcoin wallet empty or discovering that the exchange you trusted to safeguard your crypto holdings has lost billions overnight. This is the harsh reality many Bitcoin owners have faced since the cryptocurrency’s inception in 2009. Over the years, hackers have stolen more than $120 billion worth of Bitcoin, and the risks show no signs of abating.
Understanding how hackers steal Bitcoin is essential for anyone involved in cryptocurrency—whether you’re a seasoned trader or a new investor. By examining some of the most infamous Bitcoin hacks in history, we can uncover how these breaches occurred, how they reshaped the crypto industry, and most importantly, what you can do to protect yourself from becoming the next victim.
Table of Contents
- The First Major Bitcoin Hack: The Alan Vane Incident (2011)
- The Largest Bitcoin Hack Ever: Mt. Gox Collapse (2011–2014)
- The MyBitcoin Scam: An Exit Scam Masquerading as a Hack (2011)
- The Bitfinex Hack: When Advanced Security Measures Fail (2016)
- The PlusToken Ponzi Scheme: Using Hype to Swindle Billions (2018–2019)
- The QuadrigaCX Mystery: When Trust in One Person Leads to Disaster (2018)
- The KuCoin Hack: A Massive Industry-Wide Rescue Effort (2020)
- The DMM Bitcoin Hack: When Social Engineering Bypasses Regulation (2024)
- The Nubitex Hack: A Politically Charged Crypto Cyberattack (2025)
- The One Thing You Need to Do to Protect Your Bitcoin
- Frequently Asked Questions (FAQ)
- Conclusion
The First Major Bitcoin Hack: The Alan Vane Incident (2011)
Just two years after Bitcoin was created, in 2011, the crypto world faced its first major hack. Alan Vane, an early Bitcoin adopter and miner active on the Bitcoin Talk forum, became the first person in history to have Bitcoin stolen directly from his wallet.
At the time, Bitcoin was new and virtually worthless, but early miners like Alan had accumulated tens of thousands of coins. One day, when logging into his mining account on the Slushpool mining pool, Alan noticed suspicious activity. Believing his password had simply been stolen, he quickly changed it, assuming this would fix the issue. Unfortunately, this assumption proved fatal.
Alan’s wallet had already been compromised by malware on his computer that had stolen his private keys—the cryptographic keys necessary to access and move Bitcoin. Despite encrypting his private key file, the malware had direct access to his system, rendering encryption useless.
By the time Alan checked his wallet, 25,000 Bitcoins were gone—worth about $500,000 at the time and nearly $3 billion today. Attempts to restore an old backup of his wallet were futile because blockchain transactions, once confirmed, are irreversible.
“That doesn’t do me much good when someone or some trojan has direct access to my computer.” — Alan Vane
This hack highlighted a crucial lesson early on: the blockchain itself is secure, but the biggest risk lies in how and where you store your private keys. Storing keys on internet-connected devices exposes you to malware and hacking threats.
The Largest Bitcoin Hack Ever: Mt. Gox Collapse (2011–2014)
Next on the list is the infamous Mt. Gox hack, which remains the largest Bitcoin hack ever recorded. Mt. Gox was the dominant Bitcoin exchange between 2011 and 2014, handling over 70% of all Bitcoin trades worldwide at its peak. It was not just an exchange—it was the exchange.
However, Mt. Gox had a critical security flaw: all their Bitcoins were stored in hot wallets, which are connected to the internet and vulnerable to hacking. Combined with lax security protocols, this created a ticking time bomb.
The first major breach occurred in June 2011, when hackers stole 25,000 Bitcoins from Mt. Gox’s hot wallets. Soon after, a hacker leaked a database containing 60,000 user accounts with usernames, emails, and hashed passwords. This led to a credential stuffing attack, where hackers used the leaked credentials to access user accounts.
Hackers manipulated the market by placing massive sell orders, crashing Bitcoin’s price on Mt. Gox to as low as one cent for a short time. Although Mt. Gox claimed to have fixed the issues and assured users their funds were safe, the truth was far more dire.
From 2011 to 2014, Mt. Gox continued to suffer thefts, primarily due to a vulnerability known as transaction malleability. This flaw allowed hackers to change transaction IDs, making it appear as if withdrawals had failed, enabling them to steal the same Bitcoins multiple times.
Even worse, Mt. Gox stored private keys in unencrypted files on their servers. Once hackers discovered this, they siphoned off Bitcoins directly from Mt. Gox’s wallets for years without detection.
By February 2014, users noticed withdrawal failures, prompting Mt. Gox to freeze withdrawals and trading, citing technical issues. On February 28, Mt. Gox declared bankruptcy, revealing that 750,000 customer Bitcoins and 100,000 of their own reserves had vanished. At that time, the lost Bitcoin was valued at approximately $350 million, equivalent to $70 billion today.
The collapse caused widespread panic, crashing Bitcoin’s price by over 30%. Protesters gathered outside Mt. Gox’s Tokyo headquarters demanding answers but received none. Later, 200,000 Bitcoins were found in an old wallet, but the majority was never recovered.
The Mt. Gox disaster was more than just a hack—it was a turning point for the crypto industry. It forced exchanges and projects to adopt security audits, proof of reserves, and real-time monitoring to prevent similar catastrophes.
The MyBitcoin Scam: An Exit Scam Masquerading as a Hack (2011)
While Mt. Gox was imploding, another incident shook early Bitcoin users: the MyBitcoin wallet scam. Although initially reported as a hack, many believe it was an exit scam.
MyBitcoin was one of the first web-based Bitcoin wallet services, launched in 2010. At a time when secure and convenient Bitcoin storage options were scarce, MyBitcoin quickly gained popularity despite being completely anonymous and unregulated.
The service promised to keep users’ Bitcoins safe, essentially acting as a rudimentary version of today’s Coinbase but without regulatory oversight or security safeguards. The biggest red flag was the anonymous operator known only as Tom Williams. And in crypto, trusting an anonymous operator is a well-known risk.
In August 2011, MyBitcoin suddenly disappeared. The website went offline, and users attempting to log in encountered a vague message claiming the service had been hacked and half the Bitcoins were gone. The operators never provided transaction IDs or technical details, only assuring users that some funds remained in cold storage.
This lack of transparency fueled conspiracy theories across Bitcoin forums, with many suspecting it was an exit scam. Weeks later, MyBitcoin briefly returned online, promising to refund 49% of users’ balances. Partial refunds were issued, but 51% of funds were never recovered. Shortly after, the service vanished permanently, and Tom Williams disappeared without a trace.
Exact numbers are unknown due to poor record-keeping, but estimates suggest 78,000 Bitcoins were stolen—worth about $600,000 then and $9 billion today.
Adding mystery, recent blockchain analysts traced 80,000 Bitcoins linked to MyBitcoin wallets to Galaxy Digital, an investment firm that executed a $9 billion sale for a long-term holder. This suggests the stolen coins may still be circulating or held by the original scammers, though nothing is confirmed.
The MyBitcoin scam underscored a critical lesson: trusting custodial wallets means surrendering full control of your crypto. Even today, over a million investors still rely on custodial wallets, showing that this lesson is yet to be fully embraced.
The Bitfinex Hack: When Advanced Security Measures Fail (2016)
By 2016, Bitfinex had established itself as one of the world’s largest crypto exchanges, popular for its leverage and margin trading. To reassure users, Bitfinex partnered with BitGo, a US-based security company, to implement multi-signature wallets—a system requiring multiple approvals to move funds.
The concept was straightforward: even if one key was compromised, hackers couldn’t drain accounts without the others. Unfortunately, this security model was flawed in its implementation.
On August 2, 2016, hackers exploited a weakness in Bitfinex’s internal systems and manipulated the withdrawal process, tricking BitGo into co-signing fraudulent transfers. In nearly 2,000 unauthorized transactions, they stole 119,000 Bitcoins—worth $66 million then and over $14 billion today.
The news triggered a market panic, causing Bitcoin’s price to crash 20% within hours. Bitfinex froze withdrawals and trading. To manage the massive loss, Bitfinex controversially took 36% from every user’s balance, including those unaffected by the hack, effectively distributing the loss across all accounts.
As a remedy, Bitfinex issued BFX tokens—IOUs worth $1 each—for the stolen funds. Over eight months, they bought back these tokens in cash or allowed users to exchange them for shares in the parent company, iFinex.
Fast forward to 2022, the US Department of Justice seized over 94,000 stolen Bitcoins from a New York couple who had been laundering them. This was one of the largest financial seizures in history. The Bitcoin remains held by the DOJ, with courts recommending its return to Bitfinex. However, disputes have arisen over whether users or Bitfinex should receive the funds, leaving the final distribution uncertain.
This hack proved that even advanced security features like multi-signature wallets can fail if poorly implemented. Sadly, this lesson remains relevant, as exemplified by a 2025 incident where Bybit lost $1.5 billion in ETH after unknowingly signing a malicious multi-sig contract.
The PlusToken Ponzi Scheme: Using Hype to Swindle Billions (2018–2019)
In 2018, amid the height of crypto hype following Bitcoin’s $20,000 all-time high, a new type of scam emerged, known as the PlusToken Ponzi scheme. It looked like a legitimate project on the surface but turned into one of the largest Bitcoin losses in history.
PlusToken claimed to be a South Korean project offering guaranteed returns of 8% to 30% per month for holding their tokens in a mobile wallet. They also incentivized users with referral bonuses, creating a viral marketing effect. With slick branding, their own exchange, and in-person seminars, PlusToken attracted over 3 million members.
Behind the scenes, however, PlusToken was secretly run out of China, and it paid old investors with the money deposited by new ones—a classic Ponzi scheme.
By mid-2019, users had deposited nearly 200,000 Bitcoins, 6.4 million ETH, and other cryptocurrencies worth an estimated $3 billion then, or roughly $50 billion today. In June 2019, withdrawals began failing, and the operators vanished with all the funds.
Authorities arrested 109 individuals tied to the scam, sentencing 14 to prison, but most of the stolen assets were never recovered. The scammers slowly dumped the funds on exchanges like Huobi and OKX, causing sudden sell-offs and contributing to Bitcoin’s price crashes in late 2019 and 2020.
PlusToken stands as the largest Ponzi scheme in crypto history, illustrating how scammers exploit hype, false promises, and investor emotions. Despite this, similar schemes continue to surface, preying on new investors who fall for the same tricks.
The QuadrigaCX Mystery: When Trust in One Person Leads to Disaster (2018)
The QuadrigaCX scandal remains one of crypto’s biggest unsolved mysteries. Founded in 2013 by Gerald Cotten and Michael Patron, QuadrigaCX quickly became Canada’s top crypto exchange, processing hundreds of millions in trades.
However, in early 2018, Canadian banks froze Quadriga’s accounts after detecting suspicious activity, halting withdrawals for months and raising red flags.
In late 2018, Gerald Cotten updated his will to leave everything to his wife. Twelve days later, he died on his honeymoon in India from complications related to Crohn’s disease. However, inconsistencies such as a misspelled death certificate, a closed casket funeral, and no local media coverage sparked rumors that his death was faked.
The real bombshell came when Quadriga announced it couldn’t access $145 million worth of customer crypto because Cotten alone controlled the private keys to the exchange’s cold wallets. Blockchain investigators soon revealed there were no cold wallets—the funds had been drained prior to Cotten’s death.
According to Canadian securities regulators, Quadriga was a Ponzi scheme. Cotten had created fake accounts, traded against customers, gambled millions on other exchanges, and used deposits from new customers to pay off old ones. His death merely exposed years of fraud.
Only a fraction of the lost funds have been recovered. Rumors persist that Cotten staged his death to evade prosecution. Netflix even produced a documentary titled Trust No One: The Hunt for the Crypto King chronicling this saga.
The QuadrigaCX scandal delivers a painful lesson: giving one individual total control over an exchange or your crypto assets is a recipe for disaster.
The KuCoin Hack: A Massive Industry-Wide Rescue Effort (2020)
In 2020, KuCoin—the so-called “People’s Exchange” based in Singapore with over 6 million users—suffered a massive hack. Known for trading everything from Bitcoin to obscure tokens, KuCoin relied on hot wallets to process daily trades, making certain wallets permanently online and vulnerable.
On September 25, hackers accessed KuCoin’s internal systems, likely via phishing or malware, and stole private keys for the exchange’s wallets. Over several hours, they drained 2,015 Bitcoins, 11,480 ETH, and over 150 other cryptocurrencies—valued at $281 million then, or about $400 million today.
Hackers began laundering stolen funds by swapping Ethereum tokens on decentralized exchanges like Uniswap, converting altcoins into Bitcoin, and using mixers to obscure transactions.
Investigators quickly identified the culprits as Lazarus, a North Korean state-sponsored hacking group notorious for high-profile cyberattacks worldwide.
KuCoin’s CEO promptly suspended deposits and withdrawals and promised full reimbursement to users. What followed was unprecedented: a massive industry-wide rescue effort.
- Stablecoin issuers froze stolen tokens.
- Certain projects reissued assets to nullify compromised coins.
- Crypto exchanges blacklisted hacker-controlled wallet addresses.
Thanks to this coordination, 84% of the stolen funds—around $234 million—were recovered within months. KuCoin covered the remaining losses from its insurance fund, fully reimbursing all users.
This hack proves that even top-tier exchanges aren’t immune to breaches. As long as exchanges rely on hot wallets, your funds are never completely safe.
The DMM Bitcoin Hack: When Social Engineering Bypasses Regulation (2024)
Not all hacks come from brute force. The 2024 DMM Bitcoin hack in Japan demonstrated that social engineering could bypass even strict regulatory frameworks.
DMM Bitcoin launched in 2018 and quickly became one of Japan’s most popular crypto exchanges, fully licensed and regulated by Japan’s top financial watchdog—the very agency established after Mt. Gox to protect investors.
Despite having a polished user interface, mobile trading, and even its own mining firm, DMM’s security was compromised by the same North Korean Lazarus group behind the KuCoin hack.
In March 2024, Lazarus hackers posed as recruiters on LinkedIn and sent a coding test embedded with a malicious script to an employee at Genco, a software wallet provider servicing DMM. The script leaked session data, giving Lazarus access to Genco’s system.
Two months later, hackers gained control of DMM Bitcoin’s wallet management system. On May 30, during what appeared to be a routine transaction, they maliciously altered transaction details and stole 4,502 Bitcoins—worth about $305 million.
The stolen Bitcoins were split, washed through coin join mixers, and some were transferred to shady markets like Chiuony in Cambodia.
DMM froze withdrawals immediately and promised reimbursement with the help of its parent company. However, the damage was irreversible. By December 2024, DMM announced it would shut down, transferring user accounts to another exchange.
This hack proves that even full regulation in one of the world’s strictest crypto markets cannot guarantee safety. Sometimes, all it takes is one employee to trust the wrong person and bypass millions of dollars in security.
The Nubitex Hack: A Politically Charged Crypto Cyberattack (2025)
The 2025 Nubitex hack was unlike any other—it became the center of a politically charged cyberattack that shocked the crypto world.
Nubitex, launched in 2017, was Iran’s go-to Bitcoin exchange with over 7 million users and more than $11 billion in inflows. It was vital for Iranians trying to access global markets despite heavy sanctions.
However, Nubitex also had dark ties, including transactions with ransomware operators, sanctioned media outlets, and groups linked to terrorist financing.
On June 18, 2025, a pro-Israel hacktivist group called Predatory Sparrow breached Nubitex’s systems. Unlike typical hacks motivated by financial gain, this attack aimed to make a political statement.
The hackers exploited a massive access control flaw, draining hot wallets and stealing about $90 million in crypto, including 500 Bitcoins.
But here’s where the story takes a twist: instead of laundering or selling the stolen funds, the hackers sent them all to vanity addresses with cryptographically impossible-to-access names—meaning the funds are lost forever.
This attack illustrated that crypto hacks can also be motivated by ideology, not just greed, and that vulnerabilities in access controls can have far-reaching consequences.
The One Thing You Need to Do to Protect Your Bitcoin
After examining these major Bitcoin hacks, one glaring truth emerges: your crypto will never be truly safe if you let someone else—like a crypto exchange—hold it for you.
Crypto exchanges prioritize speed and profit, often treating security as an afterthought. Even when insurance policies or reimbursements are offered, history shows it can take years for users to recover funds, if at all.
The best way to protect your Bitcoin is to store it in a cold wallet—an offline device that keeps your private keys away from internet-connected devices and hackers. Cold wallets give you full control over your crypto, eliminating the risk of custodial breaches.
Understanding cold wallets and knowing how to use them is essential for every Bitcoin owner who values security.
Frequently Asked Questions (FAQ)
What is the biggest risk to Bitcoin security?
The biggest risk is storing private keys on internet-connected devices, which exposes them to malware and hacking. Cold wallets that keep keys offline are the safest option.
Are crypto exchanges safe for storing Bitcoin?
While exchanges offer convenience, they often store funds in hot wallets vulnerable to hacking. History shows even top exchanges have been breached, resulting in massive losses.
What is transaction malleability and how did it affect Mt. Gox?
Transaction malleability is a flaw that allowed hackers to alter transaction IDs, making withdrawals appear failed and enabling multiple thefts of the same funds. This flaw was exploited extensively in the Mt. Gox hack.
Can multi-signature wallets prevent Bitcoin theft?
Multi-signature wallets add security by requiring multiple approvals for transactions. However, if implemented poorly or if internal systems are compromised, attackers can still bypass them, as seen in the Bitfinex hack.
What lessons do these Bitcoin hacks teach us?
Key lessons include never trusting custodial wallets completely, using cold wallets for storage, implementing strong security measures, and being aware of social engineering attacks.
Is Bitcoin theft reversible?
No. Once a Bitcoin transaction is confirmed on the blockchain, it is irreversible. This makes security and prevention critical.
What is social engineering in crypto hacks?
Social engineering involves manipulating people into revealing confidential information or access, bypassing technical security measures. The DMM Bitcoin hack is a prime example.
How can I recover stolen Bitcoin?
Recovering stolen Bitcoin is extremely difficult. Sometimes law enforcement can seize stolen funds, but most victims never see their crypto again. Prevention is the best defense.
Why do Ponzi schemes succeed in crypto?
Ponzi schemes exploit hype, false promises, and investor emotions. New investors often fall for unrealistic returns, fueling these scams.
What is a cold wallet?
A cold wallet is an offline storage device for cryptocurrencies that keeps private keys away from internet-connected devices, drastically reducing hacking risk.
Conclusion
Bitcoin and cryptocurrencies offer revolutionary potential, but they come with unique risks—especially when it comes to security. From the first major hack of Alan Vane’s wallet to the massive Mt. Gox collapse, the MyBitcoin exit scam, Bitfinex’s multi-million dollar breach, the PlusToken Ponzi scheme, and beyond, history is full of cautionary tales.
These incidents reveal that hackers exploit vulnerabilities in how Bitcoin is stored and managed, whether through malware, poorly secured exchanges, insider fraud, social engineering, or outright scams. Even strict regulation and advanced security measures cannot guarantee safety if trust is misplaced or implementation is flawed.
The best protection is to take control of your own crypto by using cold wallets—offline storage solutions that keep your private keys safe from hackers. While no system is perfect, cold wallets offer the highest level of security and peace of mind.
Remember, in the world of Bitcoin, security is not just about technology; it’s about vigilance, education, and control.
