Alert: website impersonating Global Ledger detected
Learn more
Skip to content
Schedule A Demo

Top 10 Biggest Crypto Scams in History That Created the Highest B2B Risk

Anastasia Arashkevich

Anastasia Arashkevich

Crypto & Blockchain Expert

April 29, 2026 17 min read
Top 10 Biggest Crypto Scams in History That Created the Highest B2B Risk
Thousands of scams, hacks, and fraud cases have hit crypto during the last years. Most caused...
Check Insights

Thousands of scams, hacks, and fraud cases have hit crypto during the last years. Most caused losses, but a fraction exposed deeper weaknesses that still matter to regulators and compliance teams. 

This article ranks those cases: the top 10 crypto scams, hacks, and failures that caused the most serious business damage. 

The focus is not just on the money lost, but on the weaknesses they revealed – operational failures, governance breakdowns, counterparty exposure, and the way stolen funds move after a breach.

Each case includes practical takeaways for compliance teams.

Key Takeaways
  • The biggest crypto scams, hacks, and exchange failures matter because they expose repeated weaknesses in custody, signing controls, governance, counterparty oversight, and post-theft tracing.
  • Major losses often start with basic control failures. Hot-wallet exposure, weak reconciliation, poor asset segregation, and excessive trust in one interface, validator set, or vendor stack appear across many of the largest crypto incidents.
  • Signing-flow security is now a critical business risk. Cases such as Bybit and WazirX show that multisig and approval workflows can fail when teams cannot independently verify the real transaction payload before signing.
  • Bridge and cross-chain exposure increases systemic risk. Ronin and Poly Network show how bridge design, validator concentration, and interoperability flaws can turn one technical weakness into a multi-asset, multi-counterparty incident.
  • Governance failures can be as destructive as external hacks. FTX shows that related-party exposure, hidden privileges, and weak asset segregation can destroy customer trust and platform solvency without a classic on-chain exploit.
  • Direct wallet screening is not enough after major thefts. Stolen funds often move through self-hosted wallets, DEXs, bridges, mixers, CoinJoin, swaps, and other cross-chain routes, making multi-hop tracing essential.
  • Incident response speed affects the final damage. KuCoin shows that fast coordination with exchanges, issuers, investigators, and law enforcement can materially reduce losses after a breach.
  • Security and compliance teams need a shared escalation model. Once stolen funds begin moving across services and chains, a security incident quickly becomes an AML, counterparty-risk, legal, and reputational problem.
  • The practical defense is full-lifecycle risk control. Exchanges and VASPs should strengthen wallet segregation, transaction verification, cross-chain monitoring, counterparty screening, reserve transparency, and crisis communications.

 

Methodology: How the Ranking Was Built

For this ranking we evaluated the top 10 biggest crypto scams through five lenses:

  • Loss amount and ecosystem impact;

  • Direct exposure for B2B platforms;

  • Laundering complexity and success in getting away with stolen funds;

  • Regulatory, operational, and reputational fallout;

  • Security and compliance challenges that are still relevant today.

The resulting list of crypto scams has the following structure: 

  • Top positions combine some of the highest crypto losses ever with strong business relevance, like counterparty exposure or post-hack laundering. 

  • Middle positions include historically big cases that taught important lessons but may be less relevant for today's controls. 

  • Lower positions include smaller cases that still earned a spot for exposing specific operational gaps.

Top 10 Crypto Scams that Matter for Businesses and Compliance  

Case 
Year 
Type 
Estimated loss 
Bybit
2025
Exchange breach 
~$1.5B 
FTX
2022
Exchange collapse / fraud
>$8B shortfall
Ronin
2022
Bridge / validator compromise
~$540M
Poly Network
2021
Cross-chain exploit
~$610M
Coincheck
2018
Exchange hot-wallet hack
~$530M
Mt. Gox
2014
Exchange collapse
~650,000 BTC
DMM Bitcoin
2024
Exchange theft
~$305M
WazirX
2024
Multisig compromise
>$230M
KuCoin
2020
Exchange hot-wallet hack
>$275M
BtcTurk
2024
Exchange hot-wallet breach
~$55M

 

1. Bybit (2025)

On February 21, 2025, Bybit lost about 401,000 ETH, roughly $1.5 billion. A record-scale breach hit the Bybit exchange during a hot-to-cold wallet transfer, making it one of the largest crypto scams of all time. It raised questions about transaction verification and interface security. Even at the exchange level, the attack highlighted how signing and validation failures can expose entire wallets. 

Why this matters to businesses: 

  • Deposit/withdrawal flow risk. The breach occurred during a routine wallet transfer, showing attackers can exploit verification gaps in critical flows. 

  • Interface and API exposure. Bybit may have suffered from fake interface injection, highlighting risk at the signing and handoff layer. 

  • Laundering complexity. Funds were rapidly fragmented, swapped, and bridged across multiple chains and services. 

Case-specific takeaway: independent transaction verification. 

Global Ledger’s investigation shows that stolen funds often move before disclosure, and bridges have become a major laundering route. The Bybit hack illustrates how low-frequency attacks can cause a disproportionate impact. All crypto businesses should ensure multi-step, independent validation for every high-value transfer to prevent forged or unauthorized transactions.

2. FTX (2022)

The collapse of FTX in November 2022 wasn’t a typical hack, but one of the largest internal control failures and governance breakdowns ever seen in crypto. Customer funds were secretly diverted to related entity Alameda Research, with billions misused for margin trading, investments, and executive payouts – all enabled by flawed internal systems and hidden privileges. 

Why this matters to businesses: 

  • Segregation failure. FTX let Alameda access and use customer funds as collateral, violating asset segregation and disclosure rules.

  • Related-party risk. Alameda had hidden privileges within FTX’s code and controls, enabling undetected fund diversion.

  • Systemic fallout. FTX’s collapse triggered market chaos, investigations, and permanent trust damage to the crypto sector.

Case-specific takeaway: asset segregation and related-party control.

The FTX collapse proved that weak internal controls and undisclosed related-party access can create catastrophic risk. All crypto businesses should prioritize enforceable asset segregation and transparent governance to prevent affiliated entities from exploiting similar gaps.

3. Ronin Network / Axie Infinity (2022)

Ronin Network – an Ethereum sidechain created for the popular blockchain game Axie Infinity – lost control of its bridge contracts on March 29, 2022. Attackers withdrew 173,600 ETH and $25.5 million USDC, worth approximately $540 million. The hackers compromised five out of nine validator nodes, highlighting critical flaws in Ronin’s trust model.

Why this matters to businesses:

  • Bridge design risk. Weak validation logic enabled attackers to seize control with minimal quorum. 

  • Validator concentration. Ronin relied on just nine validators, with five controlled by Sky Mavis, creating a central point of failure. 

  • Laundering breakout. Stolen funds moved quickly into Tornado Cash, highlighting the risk from fast post-theft routing.

Case-specific takeaway: bridge security as infrastructure risk.

Poor validation logic and concentrated control turned the Ronin bridge into an attack vector, creating systemic risk. Crypto businesses should treat bridge security as core infrastructure risk and ensure decentralized validator setups to prevent similar failures.

4. Poly Network (2021)

In August 2021, a hacker exploited a smart-contract vulnerability in Poly Network’s cross-chain interoperability protocol, draining approximately $610 million in crypto assets. It was the largest DeFi hack at the time. The exploit allowed the attacker to override contract permissions and withdraw funds across Ethereum, Binance Smart Chain, and Polygon.

Why this matters to businesses:

  • Interoperability risk. The exploit targeted cross-chain logic, highlighting weak points in bridge and messaging protocols. 

  • Multi-chain exposure. Assets were drained across multiple blockchains, showing the complexity of managing security and response across interfaces. 

  • Counterparty fallout. The hack forced issuers like Tether to freeze assets and triggered broad ecosystem disruption and response. 

Case-specific takeaway: multi-chain risk management.

The Poly Network hack exposed the security and operational risks that come with cross-chain interoperability. Crypto businesses need to secure bridge logic, expect multi-chain attack scenarios, and coordinate response plans across all connected networks.

5. Coincheck (2018)

In January 2018, Coincheck lost over $530 million in NEM tokens from a single compromised hot wallet. The stolen funds were worth roughly 58 billion yen / $530-533 million at the time. The massive exposure was enabled by weak custody practices, specifically – keeping large balances online without multisig protection.

Why this matters to businesses:

  • Hot wallet risk. Coincheck stored the entire amount in a hot wallet connected to the internet, making it vulnerable to remote attack. 

  • Custody design failure. The hot wallet lacked multisig, meaning it could be accessed with a single private key.

  • Regulatory impact. The hack triggered action from Japan’s FSA, including orders to Coincheck and inspections of other exchanges.

Case-specific takeaway: custody architecture as business risk.

The Coincheck hack proved that poor custody design can lead to catastrophic losses, even at a major exchange. All crypto businesses should minimize hot wallet exposure, enforce multisig, and treat their custody architecture as a core business control.

6. Mt. Gox (2014)

Once the world’s largest bitcoin exchange, Mt. Gox collapsed in 2014 after losing approximately 650,000 customer BTC. The fallout triggered years of bankruptcy proceedings, creditor battles, and trust erosion for the entire crypto industry.

Why this matters to businesses:

  • Custody and solvency failure. Mt. Gox lost control of customer bitcoin over an extended period without proper detection or disclosure. 

  • Reconciliation breakdown. The exchange failed to properly reconcile on-chain balances with customer accounts, allowing losses to go unnoticed. 

  • Systemic fallout. The collapse triggered years of legal fallout and creditor disputes, damaging trust in crypto exchanges worldwide.

Case-specific takeaway: custody and solvency oversight.

The Mt. Gox collapse proved that weak custody controls and failed reconciliation can lead to insolvency and industry-wide fallout. All crypto businesses must ensure secure custody, real-time solvency visibility, and robust internal auditing to maintain trust and prevent systemic risk.

7. DMM Bitcoin (2024)

In one of the larger crypto exchange heists of 2024, Japanese exchange DMM Bitcoin lost over $300 million in BTC to an attack tied to the North Korean-affiliated TraderTraitor group. Hackers used social engineering and internal compromise to manipulate a BTC transfer, highlighting the risk from breached employees and fake “legitimate” transactions.

Why this matters to businesses:

  • Employee targeting risk. The attack succeeded by compromising a Ginco wallet service employee, highlighting the risk that staff can become an entry point.

  • Treasury approval manipulation. Hackers exploited internal processes to authorize an illegitimate BTC transfer, showing the limits of human-only approval flows.

  • Laundering breakout. Stolen BTC was laundered through CoinJoin and bridges, complicating recovery and tracing. 

Case-specific takeaway: employee-targeted internal attack.

The DMM Bitcoin heist proved that attackers can exploit internal staff and processes to authorize fraudulent transfers. Crypto businesses should harden treasury approval flows, segment employee access, and assume that social engineering campaigns will target key personnel.

8. WazirX (2024)

In July 2024, WazirX suffered a major wallet compromise that led to losses of more than $230 million. The incident centered on a multisig wallet using Liminal infrastructure. WazirX said there was a mismatch between what appeared in the interface and what was actually signed. The case exposed a critical weakness in transaction verification, showing that multisig protection can still fail when businesses rely too heavily on the visible interface instead of the signed payload itself.

Why this matters to businesses:

  • Interface risk in signing flows. The case showed that what operators see on screen may not match the transaction actually being approved, creating a dangerous verification gap.

  • Vendor-stack exposure. WazirX relied on third-party wallet infrastructure, highlighting how managed wallet providers can become part of core operational risk. 

  • Laundering escalation. According to Global Ledger, the stolen assets later formed one of the largest 2024 hacking flows into Tornado Cash, increasing the compliance and tracing significance of the incident. 

Case-specific takeaway: payload verification over interface trust.

The WazirX hack proved that multisig alone is not enough if businesses cannot independently verify the real transaction payload being signed. Crypto businesses should treat wallet infrastructure providers as critical counterparties and build controls that validate signed data directly, not only the interface shown to operators.

9. KuCoin (2020)

In September 2020, KuCoin suffered one of the largest exchange hacks of that year after attackers gained access to private keys for its hot wallets. More than $275 million in crypto was stolen across multiple assets. Although the breach reflected a familiar hot-wallet security failure, the response became one of the clearest examples of how coordinated recovery efforts can reduce losses after a major theft.

Why this matters to businesses:

  • Hot-wallet key exposure. The breach showed how leaked or compromised private keys can give attackers immediate access to exchange-controlled funds. 

  • Segmentation failure. Insufficient separation between wallet environments increased the scale of the loss once the attackers gained access. 

  • Recovery coordination. KuCoin moved quickly to contact exchanges, token issuers, market makers, security firms, and law enforcement, enabling freezes, blocklisting, and partial asset recovery. 

Case-specific takeaway: response capability is a core control.

The KuCoin hack showed that prevention is only part of exchange security. Recovery depends on fast IOC sharing, issuer coordination, prebuilt exchange-to-exchange response channels, and clear crisis procedures. Crypto businesses should treat post-breach coordination capacity as a core operational defense, not as an improvised response after funds are already moving.

10. BtcTurk (2024)

In June 2024, BtcTurk disclosed unauthorized withdrawals from its hot wallets affecting 10 assets, while stating that its cold wallets remained secure. Public estimates placed the loss at about $55 million. The breach reflected a familiar exchange weakness around hot-wallet exposure. More revealing, however, is the laundering path mapped by Global Ledger.

Global Ledger traced the stolen funds through self-hosted wallets, CoinJoin, Wasabi Wallet, THORChain, Chainflip, and the Lightning Network. The sequence shows that the real control failure continued in the limited ability to detect and respond once the funds began moving across multiple stages.

Why this matters to businesses:

  • Hot wallet exposure. The incident showed that internet-connected wallet infrastructure remains a major point of failure for centralized exchanges. 

  • Post-theft tracing risk. The laundering path moved across multiple privacy tools, swap services, and routing layers, reducing the value of simple first-hop wallet screening. 

  • Security and compliance overlap. Once the funds began moving through CoinJoin, cross-service swaps, and self-hosted wallets, the incident became not only a security breach but also an urgent AML problem. 

Case-specific takeaway: multi-hop tracing and escalation readiness. The BtcTurk breach showed that the real control failure can continue long after the initial theft if businesses cannot trace and escalate suspicious flows across multiple stages
BtcTurk hackers sending part of stolen funds to a chain of self-hosted wallets. Screenshot from the Global Ledger KYT tool
BtcTurk hackers sending part of stolen funds to a chain of self-hosted wallets. Screenshot from the Global Ledger KYT tool

Why These Hacks Happen

The biggest crypto scams in history were rarely just stories about clever attackers. Across the largest crypto scams and hacks in this ranking, the same weaknesses repeat:

  • too much value left in hot wallets 

  • too much trust placed in a single interface or validator set

  • poor segregation of customer assets

  • weak oversight of insiders or vendors 

Many of the most destructive failures were operational first and technical second.

The second pattern is what happens after the breach. Some of the most famous crypto scams in the world became much harder to contain once funds started moving through self-hosted wallets, DEXs, bridges, CoinJoin, mixers, and cross-chain routes.

That is why major crypto scams matter to exchanges and VASPs long after the initial theft. The business damage grows when tracing is weak, exposure becomes indirect, and escalation starts too late.

What Exchanges and VASPs Should Do To Avoid Such Scams

1. Strengthen wallet segregation
Separate customer assets, treasury funds, hot wallets, and operational wallets. Limit exposure so a single compromise cannot affect the full balance sheet.

2. Tighten transaction signing controls
Require independent verification for every high-value transfer. Do not rely on one interface, one signer flow, or one vendor-controlled approval layer.

3. Build cross-chain monitoring
Trace funds beyond the first destination wallet. Monitor bridges, swaps, DEX routing, and multi-hop cross-chain movement. Global Ledger helps teams track these flows across bridges, DEX routes, and laundering paths.

4. Speed up incident escalation
Define who must be alerted immediately after a suspected breach. Reduce response time across security, compliance, legal, and external counterparties.

5. Upgrade counterparty screening
Screen customers, vendors, custody providers, liquidity partners, and infrastructure dependencies. Treat third-party exposure as core operational risk. Global Ledger KYB supports counterparty due diligence at the business level.

6. Improve reserve transparency and crisis communications
Communicate clearly about asset segregation, solvency, exposure, and remediation steps. Use fast, specific updates to reduce trust damage during incidents.

Read More

The most effective response strategies to cyber-enabled fraud

Fraud has become a coordinated, technology-enabled global industry — one that generates tens of billions in losses annually and intersects directly with money laundering and terrorism financing. How do businesses and compliance teams respond to these challenges?
Read Global Fraud Summit Insights

Conclusion

The biggest crypto scams in history did not all follow the same pattern. Some came from weak custody. Some came from poor governance. Some exploited signing flows, bridge design, or third-party infrastructure. But the result was often the same: funds moved fast, controls failed under pressure, and the real damage grew when businesses could not trace exposure or respond in time.

For exchanges and VASPs, the lesson is practical. Stronger controls must cover the full lifecycle of risk: asset segregation, signing verification, counterparty screening, cross-chain monitoring, and rapid escalation once funds begin moving.

Global Ledger helps businesses investigate suspicious flows, trace funds across chains, and assess counterparty risk with more depth and speed. As major crypto scams and hacks continue to evolve, that level of visibility has become a core business requirement.

Detect exposure before stolen funds move further

Book a demo to see how Global Ledger supports crypto investigations, AML escalation, and counterparty risk monitoring.

Schedule a Demo

 

FAQ 

 

What is the biggest crypto scam or hack in history?

In dollar terms, the 2025 Bybit theft is the largest crypto hack on record at about $1.5 billion. For institutional readers, FTX remains the clearest example of a business-ending governance failure. In this case, customer assets were misused from inside the platform rather than stolen through a classic external exploit, making it one of the worst crypto scams as of today. 

Why do the biggest crypto scams still matter to exchanges and VASPs?

Because the same weaknesses recur. Weak custody, concentrated permissions, unsafe signing flows, poor segregation, and slow post-breach response still sit behind many of the most damaging incidents in crypto. 

How are stolen crypto funds usually laundered after a major hack?

The common pattern is fragmentation first, then movement through self-hosted wallets, DEXs, bridges, mixers or CoinJoin, instant swaps, and cross-chain routes. The goal is to weaken direct attribution before the funds reach a service that can freeze, flag, or report them. 

Why is direct wallet screening not enough after a breach?

Direct screening is useful for first-hop exposure, but it weakens quickly once funds are split across multiple services and chains. Cases such as BtcTurk, WazirX, Ronin, and Bybit show why exchanges need multi-hop tracing and behavioral monitoring rather than blacklist-only checks. 

What should exchanges and VASPs do first after a suspected hack?

They should isolate the affected systems, start cross-chain tracing immediately, alert security, compliance, legal, and executive teams, and notify key counterparties and analytics partners. In major breaches, the first response window matters more than the later press cycle. 

Can proof of reserves prevent another FTX-style collapse?

No. Proof of reserves can improve asset visibility, but it does not prove liabilities, related-party exposure, governance quality, or customer-fund segregation. FTX showed that internal privileges and weak oversight can destroy a platform even before a hack occurs. 

Why are bridge hacks and signing-flow attacks now so important for compliance teams?

Because they combine concentrated technical exposure at the moment of theft with rapid multi-chain laundering immediately after. That turns a security incident into a compliance event almost at once, especially when funds start moving through bridges, DEXs, or privacy tools before public disclosure.