十大加密安全事件将教您如何保护您的资产

这一系列的安全事件进一步加剧了已经呆滞的加密市场，暴露了资产安全管理缺乏严格性

Author: Huo Huo, Baihua Blockchain

Last Saturday, the world's second-largest CEX Bybit was hacked, with a total of $1.46 billion in ETH stolen, setting a record for the highest amount stolen in a single token theft case in history.

上周六，全球第二大CEX BYBIT被黑客入侵，总计14.6亿美元被盗，创造了历史上单个令牌盗窃案中最高偷来的纪录。

This incident occurred shortly after crypto financial card service provider Infini was also hacked, with approximately $49.5 million in funds being stolen from its Ethereum address on February 24.

这一事件发生在加密货币金融卡服务提供商Infini也被黑客入侵之后不久，2月24日，其以太坊地址被偷走了约4,950万美元的资金。

This series of security incidents has further exacerbated the already sluggish crypto market, exposing the lack of rigor in asset security management on crypto platforms and furthering weakening market liquidity, making security issues once again the focus of industry attention.

这一系列的安全事件进一步加剧了本来已经呆滞的加密市场，揭示了加密平台上资产安全管理缺乏严格性，并使市场流动性削弱，使安全问题再次成为行业关注的焦点。

According to blockchain analysis company Chainalysis, hackers stole approximately $2.2 billion in crypto assets in 2024, and to date, the total amount stolen exceeds $5 billion (equivalent to over 36 billion RMB).

根据区块链分析公司的链分析，黑客在2024年偷走了约22亿美元的加密资产，而迄今为止，被盗的总金额超过50亿美元（相当于超过360亿元人民币）。

Today, we will review the top ten crypto security incidents from the past (including the Bybit theft incident in February 2025). The 36 billion RMB in assets lost in these ten security incidents serves as a "bloody lesson" for the owners. What important tips can individuals glean from these incidents to protect their crypto assets?

今天，我们将审查过去十大加密安全事件（包括2025年2月的Bybit Theft事件）。在这十起安全事件中损失的360亿国民界人士损失的资产为所有者提供了“血腥的课程”。个人可以从这些事件中收集哪些重要的技巧来保护其加密货币资产？

Top 10 Crypto Security Incidents

前10个加密安全事件

The following image ranks the top ten crypto security incidents by the amount lost, covering various complex attack methods from smart contract vulnerabilities to private key leaks and database attacks.

下图将损失的数量排名前十的加密货币安全事件，涵盖了从智能合约漏洞到私有密钥泄漏和数据库攻击的各种复杂攻击方法。

Through analysis, we can see that these theft incidents not only expose specific security vulnerabilities but also reflect the weaknesses in technical protection and risk management within the crypto industry.

通过分析，我们可以看到这些盗窃事件不仅暴露了特定的安全漏洞，而且还反映了加密行业内技术保护和风险管理的弱点。

Next, we will categorize and analyze these incidents based on their causes and the lessons learned, to better understand the underlying security risks and provide references for future prevention.

接下来，我们将根据这些事件的原因和经验教训对这些事件进行分类和分析，以更好地了解潜在的安全风险，并为未来的预防提供参考。

1) Wallet Private Key or Security Issues

1）钱包私钥或安全问题

Ronin Network Theft Incident (March 2022): $625 million

罗宁网络盗窃案（2022年3月）：6.25亿美元

The Ronin Network is a scaling solution designed for blockchain games and NFTs, created by the Axie Infinity development team Sky Mavis to address Ethereum's limitations in transaction fees and processing speed.

Ronin网络是一种用于区块链游戏和NFTS的缩放解决方案，由Axie Infinity Development Team Mavis创建，旨在解决以太坊的交易费用和处理速度的限制。

In March 2022, the Ronin Network was attacked by the North Korea-supported hacker group Lazarus Group, resulting in a loss of approximately $625 million in Ethereum and USDC. The hackers successfully controlled five nodes by attacking the network's validation nodes, enabling them to create and sign malicious transactions, ultimately transferring funds to addresses they controlled.

2022年3月，罗宁网络遭到朝鲜支持的黑客集团Lazarus集团的袭击，导致以太坊和USDC损失了约6.25亿美元。黑客通过攻击网络的验证节点，成功地控制了五个节点，使他们能够创建和签署恶意交易，最终将资金转移到控制的地址。

Coincheck Theft Incident (January 2018): $534 million

COINCHECK盗窃事件（2018年1月）：5.34亿美元

Coincheck is one of the more well-known CEXs in the Japanese crypto market, having been established in 2012 and focusing on providing secure and convenient trading services.

Coincheck是日本加密货币市场中最著名的CEX之一，该市场成立于2012年，专注于提供安全便捷的交易服务。

In January 2018, Coincheck suffered a hacker attack due to security issues with its hot wallet, resulting in a loss of approximately $534 million in NEM tokens.

2018年1月，由于其热钱包的安全问题，Coincheck遭受了黑客袭击，导致NEM令牌损失了约5.34亿美元。

DMM Bitcoin Theft Incident (May 2024): $305 million

DMM比特币盗窃事件（2024年5月）：3.05亿美元

DMM Bitcoin is also a crypto CEX based in Japan, having been established in 2018.

DMM比特币也是总部位于日本的加密CEX，成立于2018年。

In May 2024, DMM Bitcoin was attacked by hackers, leading to the theft of approximately 4,500 bitcoins (valued at about $305 million at the time). Although the specific method of attack is still under investigation, reports suggest that leaked private keys may have been a key factor in the hackers' intrusion.

2024年5月，DMM比特币遭到黑客袭击，导致盗窃约4,500比特币（当时价值约3.05亿美元）。尽管仍在研究特定的攻击方法，但报告表明，泄漏的私钥可能是黑客入侵的关键因素。

KuCoin Theft Incident (September 2020): $275 million

Kucoin盗窃事件（2020年9月）：2.75亿美元

KuCoin is a well-known CEX based in Singapore, having been established in 2017.

Kucoin是一家著名的CEX，位于新加坡，成立于2017年。

In September 2020, KuCoin suffered a hacker attack, resulting in a loss of approximately $275 million in various crypto tokens. The hackers successfully stole a large amount of assets by obtaining the private keys of the CEX's hot wallet.

2020年9月，Kucoin遭受了黑客袭击，导致各种加密代币损失了约2.75亿美元。黑客通过获得CEX热钱包的私钥成功偷走了大量资产。

Summarizing these four theft incidents, it is evident that they all resulted from insufficient security of hot wallets or nodes. Validation nodes and hot wallets, due to their internet connectivity and convenience, are easy targets for hacker attacks. Hackers employ various methods, including malware, phishing attacks, or exploiting internal platform vulnerabilities to obtain private keys. Once an attack is successful, hackers can quickly transfer assets, leading to irreparable losses. In contrast, cold wallets and other storage options that are not connected to the internet can effectively avoid the risks of online attacks, making them a relatively safer choice for storing crypto assets.

总结这四起盗窃事件，很明显，它们都是由于热钱包或节点的安全性不足所致。由于其互联网连接和便利性，验证节点和热钱包是黑客攻击的简单目标。黑客采用各种方法，包括恶意软件，网络钓鱼攻击或利用内部平台漏洞以获取私钥。一旦攻击成功，黑客就可以迅速转移资产，从而导致无法弥补的损失。相比之下，与互联网连接的冷钱包和其他存储选项可以有效地避免在线攻击的风险，从而使它们成为存储加密资产的相对更安全的选择。

Additionally, for CEXs, ensuring strict management and secure storage of private keys is key to preventing large-scale theft of funds, while for individual users, properly safeguarding private keys is equally crucial for asset security. Once a private key is lost or leaked, users will completely lose control over their assets, and no third party can help recover the funds. Therefore, both CEXs and individuals need to establish more robust

此外，对于CEXS，确保严格的管理和安全存储私钥是防止大规模盗窃资金的关键，而对于个人用户来说，正确保护私钥对资产安全同样至关重要。一旦丢失或泄漏了私钥，用户将完全失去对其资产的控制权，没有第三方可以帮助收回资金。因此，CEX和个人都需要建立更健壮的