Crypto heist: How hackers are pulling off the digital bank robbery
A crypto heist is the modern-day version of a bank robbery. It happens online, often anonymously, and with potentially devastating financial consequences. Crypto thefts have become a significant concern for the U.S. government, which is working to protect the cryptocurrency industry from threats posed by cybercriminals. As cryptocurrencies become more popular, cybercriminals are finding increasingly sophisticated ways to steal them. From phishing attacks to full-scale breaches of crypto exchanges, crypto heists are now among the most lucrative types of cybercrime.
In this article, we explain what cryptocurrency is, how it works, and explore some of the most infamous crypto heists to date.
What is cryptocurrency?
Cryptocurrency is a digital form of money that operates independently of traditional banks. It allows users to send and receive payments without the need for a central authority. Instead, transactions are verified through a decentralized system known as blockchain technology.
The concept of digital currency dates back to 1983 when cryptographer David Chaum introduced a form of digital cash called ecash. Over the next two decades, developers built on this idea, including Wei Dai, who proposed a system called b-money.
Bitcoin, the first widely known cryptocurrency, was launched in 2009 by the pseudonymous developer Satoshi Nakamoto. Since then, thousands of other cryptocurrencies have emerged. Although only a few countries like El Salvador and Cuba recognize crypto as legal tender, its use continues to grow worldwide. Many crypto firms, especially startups, prioritize growth over essential security measures, increasing their vulnerability to cyber threats.
How cryptocurrency works
To understand a crypto heist, it’s helpful to understand the two main components behind cryptocurrency: Blockchain and mining.
Blockchain is the digital ledger that records all transactions. Each block in the chain contains information about a transaction and is connected to the previous one. Because the blockchain is shared across a network of users, it is difficult to alter or tamper with.
Crypto mining is the process of verifying transactions and adding them to the blockchain. It also generates new units of cryptocurrency. Miners use powerful computers to solve complex problems and are rewarded with newly minted coins. Automated tools are often employed in the mining process to solve complex problems more efficiently, but they can also be used in coordinated cyberattacks.
One of the reasons crypto is so attractive to hackers is its built-in anonymity. Users do not need to provide personal details, and transactions can be made globally without intermediaries. This makes tracing stolen funds extremely difficult.
What is a crypto heist?
A crypto heist is a cybercrime where hackers steal digital assets by exploiting weaknesses in cryptocurrency systems, often targeting organizations. These weaknesses can exist in wallets, exchanges, smart contracts or other parts of the crypto ecosystem.
Organizations must implement specific security measures and updates to mitigate these risks and enhance their overall cybersecurity posture.
Common methods used in crypto heists include:
-
Phishing attacks that trick users into giving up login credentials
-
Exploits targeting software vulnerabilities, where attackers are exploiting vulnerabilities in the system
-
Man-in-the-middle attacks to intercept transactions
Once access is gained, hackers move the stolen crypto into anonymous wallets, making it nearly impossible to trace. Since there’s no physical proof of ownership, possession of the private key is all that matters. Want to understand how these attacks work behind the scenes? Explore our guide on man-in-the-middle attacks and how they intercept sensitive data.
The largest crypto heist in history
The Bybit crypto heist, which occurred on February 21, 2025, stands as the largest crypto heist in history, with an estimated $1.5 billion in digital assets stolen. This incident not only surpasses the previous record of $611 million stolen from Poly Network in 2021 but also marks the single largest known theft of any kind in history. Previously, this dubious honor was held by Saddam Hussein, who stole $1 billion from the Iraqi Central Bank on the eve of the 2003 Iraq War. The sheer scale of the Bybit heist has sent shockwaves through the crypto industry, raising concerns about the security measures in place to protect digital assets.
The perpetrators: North Korean hackers
The perpetrators behind the Bybit heist are believed to be North Korean hackers, specifically the infamous Lazarus Group. This notorious cybercrime organization is backed by the North Korean government and has a history of sophisticated cyberattacks. The FBI has confirmed that North Korean hackers were responsible for the attack, and cryptocurrency analysis firm Elliptic has attributed the theft to North Korea based on various factors, including the laundering of the stolen cryptoassets. The Lazarus Group has been linked to several high-profile hacks in the past, demonstrating their capability and intent to exploit vulnerabilities for financial gain.
Other examples of major crypto heists
FTX crypto heist (2023)
In early 2023, the crypto exchange FTX lost over 415 million dollars in a cyberattack. The breach occurred just before the company filed for bankruptcy, raising concerns about internal security controls and oversight.
The breach had a significant impact on FTX's customers, who faced potential losses and security concerns.
Ronin Network attack (2022)
In 2022, Ronin Network, which powers the blockchain game Axie Infinity, was hacked. The attacker compromised private keys and stole about 620 million dollars. This became the largest known crypto heist at the time.
The attack compromised sensitive information, raising concerns about data security within the crypto ecosystem.
Poly Network hack (2021)
In one of the biggest crypto heists to date, Poly Network was targeted in August 2021. Hackers exploited a flaw in the system and stole over 610 million dollars worth of tokens. Surprisingly, the attacker returned most of the assets, claiming the purpose was to expose the vulnerability. The incident highlighted the critical need for immediate updates to address vulnerabilities and prevent such breaches.
Why crypto heists happen
Even though blockchain technology is secure, the platforms built around it often contain flaws. Supply chain risks associated with third-party vendors can also contribute to vulnerabilities in the crypto ecosystem. Most crypto heists occur because of:
-
Poor cybersecurity practices
-
Outdated or vulnerable software that exposes systems to potential risks
-
Lack of user awareness
-
Insider threats
These incidents highlight the risk that even high-value crypto systems can fall victim to cyberattacks if basic precautions are ignored.
Geopolitical cyberattacks on the rise
The Bybit heist is part of a larger trend of geopolitical cyberattacks, where nation-state actors use cyberattacks to achieve financial gain or disrupt critical infrastructure. North Korea has been linked to several high-profile hacks in the past, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack. The country’s cybercrime activities are believed to be motivated by a desire to generate revenue for the regime and evade international sanctions. This rise in geopolitical cyberattacks underscores the urgent need for increased cybersecurity measures and international cooperation to prevent and respond to these types of threats. Want to understand how these operations work? Explore our guide to state-sponsored hacking and its global impact.
Lessons from crypto heists
The rise in crypto heists reminds us that digital assets are not immune to theft. Governments play a crucial role in enhancing cybersecurity measures and regulatory frameworks to protect digital assets. Here are three important lessons:
-
Be alert online. Hackers often use phishing and malware to gain access.
-
Use hardware wallets to store crypto offline for better protection, making it a priority to secure your assets.
-
Keep your software updated and use strong, unique passwords with two-factor authentication.
Understanding the tactics used by threat actors can help in developing more effective security measures.
Conclusion
Crypto heists have become one of the most serious threats in the world of digital finance. The operation behind the Bybit heist was meticulously planned and executed by North Korean hackers. As North Korea's cybercriminal activities continue to evolve, the need for robust cybersecurity measures becomes even more critical. The best defense is a combination of user awareness, strong security measures and constant vigilance. Want to strengthen your organization’s frontline? Explore Moxso’s cybersecurity training to empower your team. The cryptoassets derived from these heists are often laundered through complex networks, making recovery challenging. Whether you’re a crypto investor or a platform operator, understanding the risks is essential for staying safe in the digital economy.
This post has been updated on 09-04-2025 by Sarah Krarup.
Sarah Krarup
Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.
View all posts by Sarah Krarup
