Review of the Top 10 Security Incidents in the Crypto Industry: The Evolution of Attacks and Defenses from Mt.Gox to KelpDAO

BroadChain has learned that at 23:16 on April 21, the security defenses of the cryptocurrency industry have been reshaped through a series of major attack incidents. The 2025 Bybit incident, with losses of approximately $1.5 billion, became the largest single exchange theft in history. The attacker infiltrated the supply chain and implanted visual deception in the multi-signature interface, revealing that the human-operated interface itself has become a critical attack vector. In 2014, Mt.Gox lost approximately 850,000 BTC, valued at about $450 million at the time, due to long-term private key theft. This incident first made the industry realize that exchanges do not equate to asset security, leading to the establishment of standards such as cold wallets and multi-signature systems. In 2018, Coincheck was hacked because it stored approximately $530 million worth of NEM tokens in a hot wallet, directly prompting Japan's Financial Services Agency to tighten regulations on cold storage and auditing. In 2022, Ronin was breached due to the centralization of validator node permissions, resulting in losses of about $625 million, exposing the vulnerabilities of decentralized systems. In the same year, BNB Chain suffered a cross-chain bridge vulnerability attack, losing approximately $570 million, and implemented a chain-level pause, marking a realist shift in the industry toward introducing centralized intervention in extreme situations. In 2021, Poly Network had approximately $610 million in assets transferred due to a contract logic vulnerability. The subsequent return of the funds by the attacker was highly dramatic, highlighting the security challenges posed by the complexity of cross-chain systems. The collapse of FTX in 2022 was not a traditional hack, but losses exceeding $500 million and a global crisis of trust revealed that internal structural issues pose greater risks than external attacks. In the same year, Wormhole lost about $320 million due to a signature verification vulnerability, becoming a typical example of the complex risks associated with cross-chain bridges. In 2020, the leakage of KuCoin's hot wallet private keys led to the transfer of approximately $280 million in assets, driving the widespread adoption of on-chain tracking tools. In 2025, Kelp DAO and Drift Protocol each suffered losses exceeding $280 million, marking the entry of attacks into a systemic phase targeting multi-protocol interconnected structures. Looking back at these events, the industry's security system has essentially been built in response to attacks. Each large-scale theft has spurred the creation of new protective layers, but the increasing complexity of systems continues to give rise to new attack surfaces.