From Mt. Gox to Bybit: An in-depth review of cryptocurrency exchange security incidents

An in-depth review of cryptocurrency exchange security incidents from Mt. Gox to Bybit, covering the attack details, hacker methods, stolen assets and capital flows, as well as official responses and subsequent processing, showing the industry's security issues and response measures.

• Attack Details and Hacker Tactics Analysis: In 2014, Mt. Gox was attacked. The exchange's security system had flaws, and hackers took advantage of the Bitcoin transaction re - entry vulnerability.

• Stolen Assets and Fund Flow: About 850,000 bitcoins were stolen, worth about $450 million at that time. The funds' flow was unclear. Some were traced to multiple wallet addresses, but most were not recovered.

• Official Response and Follow - up Results: Mt. Gox declared bankruptcy and ceased operations. The Japanese court launched a civil rehabilitation process, freezing users' assets. Some users recovered part of their losses through legal means, but most assets were still missing.

• Attack Details and Hacker Tactics Analysis: In August 2016, Bitfinex was hacked. Hackers exploited the multi - signature wallet vulnerability. They used social engineering to obtain the private keys of insiders and forged transaction signatures to transfer assets.

• Stolen Assets and Fund Flow: About 119,756 bitcoins were stolen, valued at about $72 million. The assets were transferred to multiple bitcoin wallets, and some funds were traced to the dark web market.

• Official Response and Follow - up Results: Bitfinex froze all user assets and took a user asset snapshot. It cooperated with blockchain analysis companies to track the stolen assets, issued tokens (BFX) to compensate users, and strengthened security measures.

• Attack Details and Hacker Tactics Analysis: In January 2018, the Japanese exchange Coincheck was hacked. Hackers exploited the hot wallet vulnerability through SQL injection to obtain internal keys and directly access the hot wallet.

• Stolen Assets and Fund Flow: About 523 million NEM coins were stolen, worth about $530 million. The assets were transferred to an unknown wallet address, and some funds were traced to multiple exchanges.

• Official Response and Follow - up Results: Coincheck froze all user assets, cooperated with the police, compensated users about 46.3 billion yen, and was required by the Japanese Financial Services Agency to strengthen security measures and was eventually acquired.

• Attack Details and Hacker Tactics Analysis: In May 2019, Binance was hacked. Hackers exploited the API key vulnerability. They used phishing to obtain some users' API keys and transferred assets through automated scripts.

• Stolen Assets and Fund Flow: About 7000 bitcoins were stolen, valued at about $40 million. The assets were transferred to multiple bitcoin wallets, and some funds were traced to other exchanges.

• Official Response and Follow - up Results: Binance froze all user assets, took a user asset snapshot, compensated users with its own funds, strengthened security measures, and established the "User Security Asset Fund" (SAFU).

• Attack Details and Hacker Tactics Analysis: In September 2020, KuCoin was hacked. Hackers exploited the hot wallet key vulnerability. They used social engineering to obtain the keys of insiders and directly access the hot wallet.

• Stolen Assets and Fund Flow: About $150 million in cryptocurrencies were stolen. The assets were transferred to multiple wallets, and some funds were traced to other exchanges.

• Official Response and Follow - up Results: KuCoin froze all user assets, took a user asset snapshot, compensated users with its own funds and insurance funds, strengthened security measures, and established the "User Protection Fund".

• Attack Details and Hacker Tactics Analysis: On February 21, 2025, Bybit was attacked. Hackers exploited the front - end UI vulnerability of the multi - signature cold wallet system, tricking signers into signing malicious content to control the cold wallet.

• Stolen Assets and Fund Flow: Assets worth over $1.5 billion were stolen, including 401,347 ETH, 90,376 stETH, 15,000 cmETH, and 8,000 mETH. The funds were transferred to multiple addresses and laundered through DEXs.

• Bybit Official Response and Industry Reaction: Bybit's CEO confirmed the attack, stating that other wallets were not affected and user withdrawals were normal. Analysts called for blacklisting the hacker's addresses, and security companies added relevant addresses to their monitoring systems.