Top 10 biggest crypto hacks that recovered millions


While the crypto industry is notorious for numerous hacks and exploits, a lesser-known fact is that in some cases, criminals agree to return part or all of the stolen funds.

The recent "Gala Games" case from this May is the latest example.

According to the Web3 bug bounty platform Immunefi, nearly $74 million in stolen funds were recovered in seven cases during the first quarter of this year. This recovery accounted for more than a fifth of all losses that quarter. Furthermore, there are likely additional successful but undisclosed recoveries.

How is this possible? Hacked or exploited platforms quickly utilize available tools, such as fund freezes, to facilitate the recovery of funds later. They also engage in negotiations with hackers and exploiters.

When criminals face prosecution threats or are offered a bounty for returning the funds, it is not uncommon for them to be returned, sometimes accompanied by apologies. These negotiations often occur via blockchain transactions that can be decoded using tools like blockchain explorers.

Meanwhile, recent criminal charges indicate that law enforcement is becoming more adept at tracking crypto criminals, which may further incentivize hackers and exploiters to accept a bounty and return most of the stolen funds.

Let's take a look at the top 10 hacks and exploits, ranked by the amount of recovered funds.

1. Poly Network

In August 2021, the DeFi (decentralized finance) protocol Poly Network lost $610 million to a hack. While some of the stolen funds were frozen by the major stablecoin issuer Tether, all the funds were returned within two weeks.

The hacker claimed they only wanted to demonstrate the weaknesses of Poly Network, as indicated in their on-chain message:

crypto hacks 1

2. Euler Finance

In March, another DeFi protocol, Euler Finance, lost $197 million in crypto assets. Shortly after, $177 million of these assets were returned. The company offered the attacker a 10% bounty and warned of a $1 million bounty for anyone who could help catch the hacker if the funds were not returned, later stating that the recovered amount was "all of the recoverable funds."

Possibly contributing to the return was the fact that the criminals paid 100 ETH to an address possibly linked to North Korean hackers, which might have persuaded the attacker to return the funds after facing threats of state-level actions and potential organized crime charges.

In a blockchain message, the hacker apologized for "messing up" with others' money, jobs, and lives.

3. Wormhole

In February 2022, Wormhole Network, a cross-chain protocol, lost more than $320 million worth of wormhole ethereum (WeETH), a special token used by this protocol, due to an exploit.

It is also notable for one particular reason. One year later, the major crypto investment firm Jump Crypto and another DeFi platform, Oasis, exploited the hacker and managed to recover $140 million worth of funds. This recovery occurred after a court ordered Oasis to retrieve the stolen funds that were deposited on its protocol.

This "counter exploit" sparked debates over the principles of DeFi protocols, which are supposed to be immutable. Under these protocols, no one can take funds without permission.

4. WBTC phishing attack

On May 3rd, 2024, a hacker managed to steal approximately $71 million worth of wrapped bitcoin (WBTC) from a large investor by replacing the address to which the funds were supposed to be sent. WBTC is a token backed by bitcoin (BTC) that can be used on the Ethereum (ETH) blockchain.

This incident again reminded crypto users to verify the entire address before transferring funds, not just the beginning and end. In this case, after an on-chain conversation between the victim and the attacker, all the funds were returned a week later. Initially, the victim offered a 10% bounty, but the attacker responded after security specialists claimed to have identified the attacker’s IP addresses.

You can find the conversation between the victim and the attacker below:

crypto hacks 2
Source: @lookonchain
crypto hacks 3

5. Munchables

In March 2024, approximately $63 million worth of ETH was stolen from the blockchain gaming platform Munchables.

The hack was linked to North Korean hackers, and it was suspected that the company had hired four different developers connected to the exploiter, who were believed to be the same individual.

However, later that month, Munchables somehow managed to retrieve all the funds.

crypto hacks 4

6. Curve Finance

In July 2023, the DeFi protocol Curve Finance was hacked, resulting in a loss of approximately $74 million.

However, in less than two weeks, the team announced that they had managed to recover 70% of the stolen funds, thanks largely to a community of white hat hackers who were able to front-run the hacker’s transactions.

Following the hack, Curve Finance offered a $1.85 million bounty for information that would help identify and convict the criminal. However, it appears that this effort has not been successful.

7. Nomad

In August 2022, another cross-chain protocol, Nomad, lost $190 million to a hack. This hack became a "crowdsourced" hack because after the first criminal exploited the protocol's vulnerability, others attempted to repeat it.

However, at least some of them returned the funds. As of the latest available information from November 2022, Nomad managed to recover around $39 million.

8. Ronin

In April 2022, the Ronin protocol, utilized by the popular blockchain game Axie Infinity, lost approximately $600 million worth of crypto assets. According to public information, around $36 million worth of the tokens have been recovered thus far.

Of this amount, $6 million was recovered with the assistance of Økokrim, the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime. Additionally, blockchain analysis company Chainalysis, aided by US law enforcement, managed to recover $30 million.

9. Gala Games

On May 20th, 2024, Gala Games, a blockchain gaming platform, detected a suspicious transfer of $200 million worth of GALA tokens.

The team claims to have locked 90% of these funds within 45 minutes while also reaching out to international law enforcement agencies. Within a couple of days, the company, which claimed to have identified the culprit and even obtained his home address, announced that it had recovered around $23 million.

The hacker, who managed to sell some of the GALA tokens for ETH, decided to return the funds. Meanwhile, the company also announced that all protocol users will be compensated.

The return of the funds on the Ethereum blockchain:

crypto hacks 5
Source: Etherscan

10. Kyberswap

In November 2023, a curious and seemingly unresolved case occurred when the decentralized exchange (DEX) Kyberswap was hacked for approximately $50 million.

The team managed to recover around a tenth of the lost funds. However, this case stood out due to the demands the hacker sent to the team behind the DEX and the tone of negotiations. For example, in response to threats from the DEX, the hacker replied: “Under the assumption that I am treated with further hostility, we can reschedule for a later date when we all feel more civil.”

However, later, their demands reached another level, such as:

“Complete executive control over Kyber (the company), temporary full authority and ownership over the governance mechanism (KyberDAO) in order to enact legislative changes, and surrender of all Kyber (the company) assets.”