CoinLaw

Bringing Crypto and Finance Closer to You

Crypto Exchange Hacks and Security Statistics 2026: Cyber Risk Trends

Published on: March 26, 2026
As Featured In
FortuneYahoo! FinanceCoinDeskSeeking AlphaCoin Market Cap

This report has been updated 4 times. Last updated on March 26, 2026

  • Added new 2026 loss data showing $112.53 million stolen across January and February 2026.
  • Added a new February 2026 update showing 15 major hacks and $26.5 million in losses, down 98.2% year over year.
  • Updated the 2025 total crypto theft figure to $3.4 billion, replacing the earlier $2.55 billion estimate.
  • Added a new concentration metric showing that the top 3 crypto hacks generated 69% of all 2025 service losses.
  • Expanded wallet compromise coverage to 158,000 incidents and at least 80,000 unique victims in 2025.
  • Added a new attack concentration insight showing centralized services accounted for 88% of stolen value in Q1 2025.
  • Added a new 24-hour crypto hack timeline with key operational metrics, including 2 seconds for fund movement, a 10 to 15-minute response window, a less than 5% recovery rate, and over 90% of affected projects having critical vulnerabilities.
  • Added new recent developments, including the $85 million Phemex breach, $9.5 million zkLend exploit, $69.9 million CoinSwitch recovery fund, and the $230 million to $235 million WazirX hack impact.
  • Replaced broad older breach categories with a clearer attack vector breakdown led by private key compromise at 35%, oracle manipulation at 20%, device and endpoint compromise at 20%, validation bugs at 15%, and social engineering at 10%.
  • Added new DeFi loss details for January 2026, including about $42 million lost across 6 major incidents and cumulative cross-chain bridge losses exceeding $3.2 billion.
  • Expanded centralized exchange coverage with new figures showing $182 million in CEX losses in Q3 2025, compared with $86 million for DeFi, plus $2.02 billion stolen by North Korea-linked hackers in 2025.
  • Updated Bitcoin ATM coverage with fresh March 2026 data showing about 38,931 installations across 67 countries, including the U.S. share at 87.9% and Canada at 6.3%.
  • Corrected major hack examples by replacing older unsupported claims, such as the $165 million CoinEx and $52 million KuCoin 2025 incidents, with revised and more defensible figures.
  • Updated Coinbase breach coverage from over 250,000 users to nearly 70,000 customers, while adding projected costs of $180 million to $400 million and a $20 million ransom demand.

In the high-stakes world of cryptocurrency, security has become a defining challenge. These hacks have not only caused massive financial losses but also intensified the demand for tighter, more reliable security protocols in the industry. As the digital landscape grows, the value and vulnerability of crypto assets rise, compelling exchanges to invest heavily in cutting-edge security measures to prevent a single vulnerability from leading to substantial losses.

Editor’s Choice

  • The Bybit hack remained the largest single crypto theft on record atΒ $1.5 billion.
  • Personal wallet compromises hit 158,000 incidents and affected at least 80,000 unique victims in 2025.
  • The top three crypto hacks accounted for 69% of all service losses in 2025.
  • Crypto hacks caused $112.53 million in losses across January and February 2026.
  • February 2026 alone recorded 15 major hacks with losses of $26.5 million, down 98.2% year over year.
  • Moby Trade lost about $2.5 million in January 2025, with nearly $1.5 million recovered and net user losses near $1 million.

Recent Developments

  • Phemex lost over $85 million in a January 2025 hot-wallet breach spanning 16 blockchains.
  • zkLend was exploited for about $9.5 million in February 2025, with roughly 3,300 ETH stolen.
  • CoinSwitch launched a $69.9 million recovery fund for roughly 4 million WazirX users after the $230 million hack.
  • WazirX’s July 2024 breach was valued at about $230 million to $235 million in stolen crypto.
  • The CFPB’s January 2025 proposal could require crypto firms to refund users for hack-related losses under expanded EFTA protections.
  • In 2024, crypto theft reached $2.2 billion across 303 hacking incidents, helping drive the CFPB proposal.
  • ESMA said onΒ December 4, 2025,Β that unauthorised CASPs should have wind-down plans in place as MiCA transitional periods ended.
  • ESMA also urged regulators to scrutinize last-minute MiCA authorisation filings and enforce against unauthorised crypto services.
  • Proposed MiCA cybersecurity audits would require an independent third-party review before CASP authorisation.
  • ESMA noted its centralized European surveillance tool was expected by the end of 2025 or the first half of 2026.

Key Insights from the 24-Hour Crypto Hack Timeline

  • Exploits begin instantly on-chain, with attackers initiating breaches at Hour 0, leaving virtually no reaction time for platforms.
  • Third-party monitoring tools detect breaches within 0–1 hour, highlighting the growing importance of external security intelligence providers.
  • Internal teams typically confirm breaches within 1–3 hours, marking the first critical response phase in incident management.
  • Emergency β€œwar room” actions and exchange freezes occur within 3–6 hours, aiming to limit further asset outflows and contain damage.
  • Public disclosures and token price impacts emerge within 6–12 hours, often triggering sharp market reactions and user panic.
  • Bounty programs and forensic investigations are launched within 12–24 hours, as projects attempt to trace stolen funds and negotiate recovery.
  • By Day 2+, projects face a turning point, resulting in either partial recovery or complete collapse, depending on response effectiveness.
  • Funds can be moved in as little as 2 seconds, demonstrating how quickly attackers exploit vulnerabilities in crypto systems.
  • Exchanges typically have a 10–15 minute response window, emphasizing the need for real-time monitoring and automated safeguards.
  • Less than 5% of stolen funds are typically recovered, underscoring the low success rate of post-hack recovery efforts.
  • Over 90% of affected projects have critical vulnerabilities, indicating widespread gaps in and infrastructure security.
  • Fewer than 1% of projects use robust firewall protections, revealing a major weakness in preventive security adoption across the industry.
Key Insights from the 24-Hour Crypto Hack Timeline
(Reference: The Crypto Times)

Overview of Crypto Exchange Hacks

  • Crypto theft topped $3.4 billion in 2025, the highest annual total on record.
  • Centralized services accounted for 88% of stolen value in Q1 2025 due to large private-key compromises.
  • H1 2025 blockchain security incidents caused about $2.37 billion in losses across 121 cases.
  • platforms represented 76.03% of H1 2025 incidents, but losses totaled roughly $470 million versus $1.883 billion for CEXs.
  • The top 3 crypto hacks generated 69% of all 2025 service losses.
  • The largest 2025 hack was more than 1,000x the median incident size for the first time.
  • Personal wallet compromises reached 158,000 incidents and at least 80,000 unique victims in 2025.
  • Phishing and wallet compromise trends helped push personal-wallet theft to 37% of 2025 stolen value, excluding the Bybit outlier.
  • Crypto hack losses hit $112.53 million in the first two months of 2026.
  • February 2026 recordedΒ 15Β major hacks andΒ $26.5 millionΒ in losses, downΒ 98.2%Β year over year.
Newsletter Img
Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

High-Profile Crypto Exchange Hacks

  • Bybit suffered the largest crypto heist ever in February 2025, with losses of $1.5 billion.
  • Coinbase disclosed a 2025 data breach affecting nearlyΒ 70,000Β customers, with projected costs ofΒ $180 millionΒ toΒ $400 million.
  • Attackers demanded a $20 million ransom from Coinbase after bribing overseas support agents for customer data.
  • CoinEx’s widely reported exchange hack remains the 2023 incident, with estimated losses ofΒ $31 millionΒ toΒ $54 million.
  • Available reporting also does not support a 2025 KuCoin DNS hijack, causing $52 million in losses.
  • In 2025, ransomware attacks on crypto holders rose 75% to 72 incidents, with losses reaching $40.9 million.

Breakdown of Crypto Hack Attack Vectors

  • Private key compromise dominates crypto hacks at 35%, making it the largest single cause of security breaches and fund losses.
  • Oracle manipulation accounts for 20% of attacks, highlighting the risks associated with external data feeds and price oracles used in DeFi protocols.
  • Device and endpoint compromise also represents 20%, showing that user devices, APIs, and access points remain highly vulnerable entry points for attackers.
  • Validation bugs contribute 15% of exploits, emphasizing ongoing weaknesses in smart contract logic, auditing, and protocol verification processes.
  • Social engineering makes up 10% of attacks, proving that human error and phishing tactics continue to play a critical role in cybersecurity incidents.
  • Combined infrastructure-level attacks (Oracle + endpoint) account for 40%, indicating that system-level vulnerabilities are as dangerous as direct key theft.
  • Human-related attack vectors (social engineering + key compromise) total 45%, reinforcing the need for better user education, wallet security, and access controls.
Breakdown Of Crypto Hack Attack Vectors
(Reference: The Crypto Times)

Bitcoin ATM Growth by Region

  • Global Bitcoin ATM installations stood at about 38,931 across 67 countries in March 2026.
  • The U.S. remained the largest market, adding 150 machines in February 2026 for roughly 0.5% monthly growth.
  • Canada added 70 Bitcoin ATMs in February 2026, equal to about 1.9% monthly growth.
  • Australia added 10 machines in February 2026, or roughly 0.5% growth month over month.
  • North America still dominated the network with about 37,081 of 39,011 global machines in early 2024, and that concentration remained intact into 2026.
  • The U.S. held about 87.9% of the global Bitcoin ATM network in CoinATMRadar-based counts.
  • Canada accounted for about 6.3% of global Bitcoin ATM installations.
  • Europe represented about 3.8% of the worldwide Bitcoin ATM footprint.
  • Central banks surveyed in 2026 reported an average of 28 operational Bitcoin ATMs per jurisdiction.

DeFi Hacks and Protocol Vulnerabilities

  • Hackers stole about $86 million in January 2026, with DeFi protocols responsible for roughly 78% of total losses.
  • January 2026, DeFi hacks drained around $42 million across 6 major protocol incidents.
  • bridges have cumulatively lost more than $3.2 billion to exploits, cementing them as one of DeFi’s riskiest components.
  • A January 2026 bridge exploit on CrossCurve alone led to estimated losses of roughly $3 million.
  • In January 2026, a single Truebit exploit cost users about $26.2 million via a smart contract coding error.
  • The Saga bridge incident in January 2026 added another $7 million in losses through forged cross-chain messages.
  • Makina’s January 2026 flash loan–driven price manipulation attack resulted in about $4.13 million in stolen value.
  • YO Protocol users briefly lost $3.84 million due to a vault misconfiguration, with only $112,000 recovered on-chain.
  • TMXTribe suffered a suspected insider-enabled drain of roughly $1.4 million via a protocol code flaw.
  • ZeroLend still has about $371,000 missing from a March 2025 exploit, with user withdrawals frozen nearly a year later.

Hacks of Centralized Exchanges

  • Centralized services accounted for 88% of stolen value in Q1 2025, largely through private-key and signing-process compromises.
  • The top 3 hacks generated 69% of all 2025 service losses, showing how a few CEX breaches dominated totals.
  • Bybit alone lost $1.5 billion in February 2025, the largest crypto exchange hack on record.
  • Phemex suffered an $85 million hot-wallet breach in January 2025.
  • Coinbase’s insider-assisted breach exposed data for nearly 70,000 customers and carried an estimated cost of $180 million to $400 million.
  • Attackers demanded a $20 million ransom from Coinbase after bribing overseas support agents.
  • Private-key compromises accounted for 43.8% of all stolen crypto in 2024, underscoring the main CEX security weakness entering 2026.
  • Centralized exchanges lost about $182 million in Q3 2025, more than DeFi’s $86 million that quarter.
  • North Korea-linked hackers stole at least $2.02 billion in 2025, representing a 51% increase from 2024 and heavily targeting exchanges.
Centralized Exchange Hack Losses Comparison

Types of Cryptocurrency Hacks

  • Personal wallet compromises reached 158,000 incidents and affected at least 80,000 unique victims in 2025.
  • Individual victims lost $713 million in 2025, down from $1.5 billion in 2024 despite more attacks.
  • Personal wallet compromises accounted for 20% of all value stolen in 2025, down from 44% in 2024.
  • Centralized-service private key and signing-process compromises drove 88% of Q1 2025 stolen value.
  • Impersonation scams surged by 1,400% year over year in 2025, making social engineering a major crypto threat.
  • Contract exploits accounted for almost 64% of all crypto hacks last year.
  • Personal wallet theft represented 23.35% of all stolen-fund activity year to date in 2025.
  • At least 14 U.S. states had enacted or proposed crypto ATM-specific rules by 2026 in response to scam and fraud risks.

Wallet Hacks and Social Engineering

  • Individual wallet compromises hit 158,000 incidents affecting at least 80,000 unique victims in 2025.
  • Personal wallet theft totaled about $713 million in 2025, down 52% from $1.5 billion in 2024.
  • Phishing and wallet compromise together drove roughly 37% of the 2025 stolen value when the Bybit outlier is excluded.
  • Signature-phishing drained about $6.3 million from user wallets in January, with losses jumping 207% month over month.
  • Two victims accounted for nearly 65% of January’s signature-phishing losses, including a single $3.02 million incident.
  • Address-poisoning scams pushed one investor to lose about $12.25 million in a single misdirected transfer in January.
  • A Trezor support impersonation scam cost a hardware-wallet user about $284 million in bitcoin and litecoin during one January attack.
  • A malicious development-environment extension enabled remote access that led to roughly $500,000 in stolen crypto from one victim.
  • Reported SIM-swap complaints to the FBI fell to 982 in 2024, but multi-million-dollar individual crypto losses remain common.
  • Phishing and address-poisoning together caused about $83.8 million in wallet-related losses across up to 17 million affected addresses in 2025.

Largest Crypto Exchange Hacks by Amount Stolen

  • Bybit remains the largest crypto hack in history, at $1.5 billion lost in February 2025.
  • Ronin Network ranks next with about $625 million stolen in its 2022 Axie Infinity bridge exploit.
  • Poly Network followed with roughly $611 million drained in its 2021 cross-chain bridge hack.
  • BSC Token Hub (Binance Bridge) suffered an estimated $569 million loss in its October 2022 exploit.
  • Coincheck’s 2018 NEM theft totaled about $532 million, still Japan’s largest crypto hack.
  • FTX saw around $400 million in crypto mysteriously drained from exchange wallets during its 2022 collapse.
  • Mt. Gox lost roughly $470 million worth of bitcoin between 2011 and 2014 before its insolvency.
  • DMM Bitcoin reported a $305 million hot-wallet hack in May 2024, one of the largest recent CEX incidents.
  • Wormhole’s DeFi bridge exploit resulted in aboutΒ $320 millionΒ in stolen wrapped ether on Solana.
Largest Crypto Hacks By Amount Stolen

Common Vulnerabilities in Crypto Exchanges

  • Outdated 2FA systems led to a 32% rise in account takeovers in 2025, especially on SMS-only platforms.
  • Weak API security caused 27% of centralized exchange breaches in 2025, enabling authentication bypasses.
  • Unencrypted user data drove 17% of crypto data breaches in 2025, exposing victims to identity theft and fund loss.
  • Poor internal access controls enabled unauthorized employee access in 11% of exchange hacks in 2025.
  • Lack of smart contract audits caused over $540 million in DeFi losses in 2025, largely from unverified or reused code.
  • Third-party service flaws, such as misconfigured cloud storage, contributed to 24% of infrastructure-related breaches in 2025.
  • Infrequent or absent audits leftΒ 52%Β of DeFi protocols experiencing a breach within their first operational year.
  • Reentrancy bugs led to about $325 million in stolen assets across DeFi in 2025, often in older or forked contracts.
  • Oracle manipulation made up roughly 13% of DeFi exploits in 2025 by tampering with external data feeds.
  • Liquidity pool drains accounted for around $103 million in stolen assets in 2025 due to flawed protocol logic.

Smart Contract and Exchange Code Vulnerabilities

  • DeFi security breaches exceeded $3.1 billion in H1 2025, already surpassing 2024’s $2.85 billion total losses.
  • Access control vulnerabilities drove about 59% of 2025 DeFi losses, totaling more than $1.6 billion in stolen funds.
  • Smart contract flaws caused 67% of DeFi losses in 2025, with unverified contracts responsible for over $630 million.
  • Cross-chain bridge exploits resulted in more than $1.5 billion stolen by mid-2025, making bridges a top code-risk area.
  • Reentrancy bugs led to roughly $325 million in stolen assets in 2025, especially in older or forked contracts.
  • Oracle manipulation made up about 13% of DeFi exploits in 2025.
  • Liquidity pool drains accounted for around $103 million in stolen assets in 2025.
  • Infrequent audits left 52% of DeFi protocols suffering at least one breach within their first operational year.
  • OWASP’s 2026 Smart Contract Top 10 ranks access control, business logic, and price-oracle manipulation as the top 3 code risks.
  • Most 2026 DeFi hacks are still driven by smart contract issues such as reentrancy, oracle manipulation, and flawed permissions.

Governmental Efforts Against Crypto Threats

  • The U.S. GENIUS Act, effective July 2025, created the first comprehensive federalΒ stablecoinΒ regime and mandates enhanced blockchain analytics-based AML programs.
  • Treasury’s March 2026 report urges Congress to let banks temporarily hold suspect crypto, using safe-harbor freezes during illicit finance investigations.
  • Treasury also plans guidance on using AI for AML/CFT and supports nationwide digital-ID laws to curb crypto fraud and sanctions evasion.
  • The SEC and CFTC held a joint β€œharmonization” event on January 29, 2026, to coordinate U.S. crypto oversight and market-structure rules.
  • MiCA now applies across all 27 EU member states, requiring white papers, prudential requirements, and standardized cybersecurity audits for CASPs.
  • ESMA’s MiCA guidance calls for recurring independent cyber audits focused on wallet breaches, data leaks, DDoS, and identity theft risks.
  • Japan’s FSA will require all registered exchanges to perform mandatory Cybersecurity Self-Assessments starting in the 2026 fiscal year.
  • The new FSA framework forces exchanges to review technical controls, human-risk training, and third-party vendor security on a recurring basis.
  • A TRM Labs review of 30 major jurisdictions found rapidly expanding crypto AML regimes covering over 70% of global crypto exposure by 2025–26.
  • Multiple regulators are considering real-time solvency and risk-reporting models using continuous cryptographic proofs instead of periodic disclosures.

Frequently Asked Questions (FAQs)

How large were total hack-related losses in the first two months of 2026?

Crypto hacks caused aboutΒ $112.53 millionΒ in losses acrossΒ 31Β attacks in January and February 2026.

How much was stolen in January 2026 alone compared with a year earlier?

January 2026 sawΒ $86.01 millionΒ lost toΒ 16Β hacks, aΒ 1.42%Β year-on-year decline fromΒ $87.25 millionΒ in January 2025.

What were the confirmed hack losses in February 2026, and how did they change year over year?

February 2026 recordedΒ $26.52 millionΒ in losses fromΒ 15Β hacks, down aboutΒ 98.2%Β year over year due to theΒ $1.4 billionΒ Bybit outlier in February 2025.

How much did phishing and social engineering contribute to the January 2026 crypto theft?

Phishing schemes accounted for roughlyΒ $311.3 millionΒ of theΒ $370.3 millionΒ stolen in January 2026, more thanΒ 3xΒ December’s losses.

Conclusion

Cryptocurrency exchanges continue to confront formidable security challenges. While hackers are developing more sophisticated tactics, the industry is responding with advanced security technologies, regulatory improvements, and collaborative initiatives. From increased government oversight to innovative AI-driven threat detection, the focus on robust, multi-layered security is crucial.

As crypto exchange security evolves, users, developers, and regulators must work together to protect this fast-growing digital frontier and instill confidence in the future of digital asset exchanges.

This article has been reviewed and fact-checked by Steven Burnett. CoinLaw follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content. Our statistics are verified using a documented Research Process.

Add CoinLaw as a Preferred Source on Google for instant updates! Follow on Google News

References

Barry Elad

Barry Elad

Founder & Senior Journalist

Barry Elad is a finance and tech journalist who loves breaking down complex ideas into simple, practical insights. Whether he's exploring fintech trends or reviewing the latest apps, his goal is to make innovation easy to understand. Outside the digital world, you'll find Barry cooking up healthy recipes, practicing yoga, meditating, or enjoying the outdoors with his child.

Related Posts

Disclaimer:Β The content published on CoinLaw is intended solely for informational and educational purposes. It does not constitute financial, legal, or investment advice, nor does it reflect the views or recommendations of CoinLaw regarding the buying, selling, or holding of any assets. All investments carry risk, and you should conduct your own research or consult with a qualified advisor before making any financial decisions. You use the information on this website entirely at your own risk.

Reader Interactions

4 Comments

  1. Maggie K.

    saw the part about defi hacks and gotta say, it’s interesting how these platforms are so revolutionary yet still fall victim to security loopholes. makes you wonder how much of our trust we’re putting into tech that’s still finding its feet. Barry Elad, great breakdown on this!

  2. Ella R.

    Whenever I read about these exchange hacks it just confirms my doubt about the whole crypto thing. How is it that with all the tech we got, these platforms still get hacked? Doesn’t that mean our money is never really safe, even with banks going digital and all? Looking for someone to prove me wrong here.

    • Ron S.

      You raise valid concerns, Ella. However, comparing banks and crypto platforms isn’t apples to apples. Crypto is in its infancy, and like the early days of online banking, it’s going through growing pains, including security risks. Improvement is inevitable.

    • Alexa M.

      Technology, no matter how advanced, will always have vulnerabilities. it’s about the constant improvement of security measures and staying ahead. crypto isn’t the problem, it’s part of evolving our financial systems.

Leave a Comment

Company
Discover
Categories
Cryptocurrency
Payments
Finance
Banking
Insurance
Categories
Cryptocurrency
Investments
Compliance
Fintech
Finance