Start typing to search 100+ guides and coin pages.
History & Context

Notable Hacks & Failures

Mt. Gox, The DAO, Terra and FTX — the disasters every newcomer should learn from.

intermediate · 5 min read · Updated January 1, 2026

Crypto history is written in two kinds of ink: the breakthroughs and the disasters. Understanding notable hacks and failures — incidents where code was exploited, institutions collapsed, or trust was catastrophically betrayed — is not morbid curiosity. It is one of the most practical things a newcomer can study. Every major failure has left behind a lesson that still applies today.

Mt. Gox: the exchange that lost a generation’s bitcoin

For several years after Bitcoin launched, Mt. Gox was the dominant exchange for buying and selling it. At its peak it handled the majority of all global bitcoin trading volume. Then, in early 2014, it halted withdrawals and filed for bankruptcy. Roughly 850,000 bitcoin belonging to customers had gone missing.

The theft did not happen in a single dramatic heist. Attackers had been siphoning bitcoin for years, exploiting weak internal controls, poor key management, and a lack of basic accounting hygiene. The exchange did not notice — or did not disclose — the losses as they accumulated.

Why it still matters: Mt. Gox established the phrase “not your keys, not your coins.” When you leave funds on an exchange, you hold an IOU, not actual cryptocurrency. If the exchange is hacked, mismanaged, or simply dishonest, your IOU may become worthless. Learning to use crypto wallets and practice self-custody is the direct response to the Mt. Gox lesson.

The DAO hack: smart contracts have bugs too

In 2016, a project called The DAO raised the equivalent of roughly $150 million in Ether, making it one of the largest crowdfunding events in history at the time. It was a decentralized fund governed entirely by smart contracts. Investors voted on proposals; the code executed the outcome automatically.

A vulnerability in the withdrawal logic allowed an attacker to call the “split” function repeatedly before the contract updated its balance — a pattern now known as a reentrancy attack. The attacker drained approximately one-third of the funds before the exploit was stopped.

The Ethereum community faced an agonizing choice: let the code stand (and the attacker keep the funds), or rewrite history through a hard fork. The community chose a fork, reversing the theft. A minority rejected this as a violation of immutability and continued the original chain — today known as Ethereum Classic.

Insight: “Code is law” is a principle, not a guarantee of safety. Smart contracts are programs, and programs can have bugs. Audits, time-locks, and upgrade mechanisms exist precisely because this lesson was learned the hard way.

BitFinex 2016: multi-sig is only as strong as the implementation

In August 2016, the Bitfinex exchange lost approximately 120,000 bitcoin in a hack targeting its multi-signature wallet infrastructure. Rather than holding funds in a single address, the exchange used a system that required multiple approvals per transaction — a setup that should have been more secure. The vulnerability turned out to be in the integration layer between the exchange and its signing service, not in multi-sig itself.

Bitfinex spread the losses across all customer accounts via a haircut and issued tokens representing the debt. Most customers were eventually made whole as the exchange recovered. The incident showed that custody architecture matters, and that complexity can introduce its own attack surface.

Terra/LUNA: algorithmic stablecoins and the death spiral

In May 2022, the Terra blockchain experienced one of the fastest collapses in crypto history. The ecosystem was built around two tokens:

TokenRole
USTAn algorithmic stablecoin pegged to $1
LUNAA volatile token used to maintain UST’s peg via mint-and-burn mechanics

The peg worked as long as confidence held. When large UST withdrawals from a major liquidity protocol triggered a de-peg, the mechanism to restore it required minting enormous quantities of LUNA. The resulting inflation destroyed LUNA’s value, which in turn destroyed confidence in UST, which required minting more LUNA — a classic death spiral. Within days, over $40 billion in combined market value had effectively vanished.

Billions of ordinary savers had been attracted by a lending protocol offering unusually high yields on UST deposits. When the peg collapsed, those savings were wiped out.

The lesson: Yield that seems extraordinarily high relative to risk often reflects hidden risk, not a free lunch. Algorithmic stablecoin designs that depend on continuous market confidence can unwind very quickly. Understanding types of stablecoins helps you assess what is actually backing a stable asset.

FTX: fraud at scale

In November 2022, FTX — once the second-largest crypto exchange globally — collapsed in days after a leaked balance sheet revealed that its affiliated trading firm, Alameda Research, held most of its assets in FTT, FTX’s own exchange token. When a competitor announced it was selling its FTT holdings, customers rushed to withdraw. The exchange could not meet redemptions because customer funds had allegedly been lent to Alameda and used for risky trades and investments.

The founder was later convicted of fraud on multiple counts. Billions in customer funds were lost.

The FTX collapse was not primarily a technology failure. It was straightforward financial fraud, enabled by:

  • Commingling customer funds with a trading firm
  • Absence of independent auditing and proper governance
  • An insular inner circle with no meaningful checks
  • Reputational trust substituting for financial transparency

The lesson: Celebrity endorsements, large marketing budgets, and confident leadership are not substitutes for proof of reserves, independent audits, and regulatory oversight. The tools for verifying exchange health — on-chain proof-of-reserves checks, publicly audited financials — exist and matter.

Cross-cutting patterns

Looking across these events, several themes repeat:

  • Custody risk is real. Exchanges and protocols are custodians of value. They fail.
  • Complexity creates attack surface. The more intricate the system, the more places a flaw can hide.
  • Incentives misaligned with users are dangerous. When the people holding your money benefit from taking risks with it, they often will.
  • Extraordinary yields signal extraordinary risk. There is no yield without a source, and if the source is unclear, the risk is too.

Studying crypto security best practices and common crypto scams gives you the practical vocabulary to apply these lessons day to day.

Key takeaways

  • Mt. Gox proved that leaving funds on an exchange means trusting a third party — a trust that can be violated. Self-custody exists as a direct response.
  • The DAO hack demonstrated that smart contracts are code, and code has bugs. Audits reduce but do not eliminate this risk.
  • Terra/LUNA showed that algorithmic stablecoin designs can collapse catastrophically when confidence breaks, taking ordinary savers with them.
  • FTX was a reminder that fraud is not a solved problem in crypto — transparency, audits, and proof of reserves are not bureaucratic niceties but genuine protections.
  • Across all these cases, unusually high yields and opaque operations were warning signs that went ignored by many.
  • History does not prevent the next failure, but it does give you a checklist of red flags to watch for.

Next up: Crypto Security Best Practices