Home › Guides › Biggest crypto hacks 2025 & 2026

Biggest crypto hacks of 2025 & 2026

Every year brings a new "top 10 crypto hacks" listicle — the same handful of incidents, rewritten. That's fine for a quick read, but useless if you actually need to analyze the data: rank by amount, filter by chain, group by technique, or check how often stolen funds come back. This guide gives you the headline incidents and the complete, machine-readable record behind them.

The largest incidents on record

Here are some of the biggest crypto hacks by amount lost, drawn from well-documented public reporting. Figures are approximate and reflect commonly cited values at the time of each incident:

The patterns behind the biggest losses

Look past the names and a clear shape emerges. Two categories dominate the largest losses: private-key compromises and bridges. When attackers get the keys — through phishing, malware or social engineering — there's no clever contract bug to patch; the funds simply move. The 2025 Bybit hack (~$1.4B) was a multisig signing-flow compromise, and the LuBian Bitcoin loss (~$3.5B) was a private-key compromise. Bridges are the other recurring weak point: Ronin (~$624M), Poly Network (~$611M) and the Binance Bridge (~$570M) all centered on cross-chain infrastructure that holds enormous balances and presents a large attack surface.

Zoom out to 2025 as a whole and the numbers are sobering: roughly $2.7B+ was stolen across the year, with the single Bybit incident accounting for about half of that. The takeaway isn't "DeFi is doomed" — it's that the biggest dollar losses cluster around a small number of failure modes, and you can only see that pattern if you can sort and group the data, not skim a listicle.

Why a top-10 list isn't enough

A ranked list answers exactly one question: "what was biggest?" It can't tell you how bridge exploits trended quarter over quarter, what share of losses came from private-key compromises versus smart-contract bugs, or how the returned-funds rate differs between CEX and DeFi incidents. Those are the questions that matter for security research, audits, journalism, insurance underwriting and risk modelling — and they all require the long tail, not just the headliners.

Get all 540+ incidents as clean data

foXLabs publishes the Crypto Hacks Database on Apify — built on DefiLlama's free hacks dataset, so the full machine-readable record is one export away. Each incident carries:

• Amount lost (USD) and date.
• Chain(s) involved and target type (DeFi, CEX, bridge, wallet, gaming…).
• Technique — private-key compromise, reentrancy, flash-loan, phishing, access control…
• A bridge-hack flag and whether funds were returned.

Filter by date, minimum amount, chain, technique or bridge-hack; sort by most recent or biggest loss; export to JSON, CSV or Excel. No API key, no proxy — one request per run, schedulable for a live, self-updating dataset.

Frequently asked questions

What was the biggest crypto hack?

By dollar value, the largest incident on record is the LuBian Bitcoin private-key compromise at roughly $3.5B. The 2025 Bybit exploit (~$1.4B) is the largest exchange hack, followed by the Ronin Bridge (~$624M) and Poly Network (~$611M). Private-key compromises and bridge exploits drive most of the biggest losses.

How much crypto was stolen in 2025?

Roughly $2.7B+ was stolen across crypto hacks and exploits in 2025, with the single Bybit incident (~$1.4B) accounting for about half of that total. The exact figure depends on how returned funds and disputed amounts are counted — which is why working from a structured dataset beats trusting any one headline number.

Where can I get the full hack dataset?

The Crypto Hacks Database actor exports all 540+ incidents as flat CSV/Excel/JSON rows, so you can sort, filter and pivot the entire record — not just the headliners — without scraping blog posts.