Crypto lost $3.4 billion last year, and almost none of it was the chain breaking. A map of the four floors where money actually gets stolen and the one floor no thief has ever cracked.
Last year, thieves stole more than $3.4 billion in crypto. The single biggest haul is $1.5 billion in one afternoon, was the largest digital heist in human history.
Heres the strange part. In almost none of it did anyone actually hack the blockchain.
Not the cryptography. Not the consensus. Not the chain. All of that did exactly what it was built to do, the entire time the money was walking out the door.
That sounds like a contradiction. It isnt. And once you see why, youll never read a “crypto got hacked” headline the same way again. So lets draw the map. No code. No jargon you cant follow.
The two answers everybody gives
Ask whether blockchain can be hacked and youll get one of two confident replies.
The crypto crowd says: “Its unhackable. The math is unbreakable.”
The skeptics say: “Are you kidding? Crypto gets hacked every other week. Its all a scam.”
Both are wrong, and in the same way. They each treat “blockchain” as one single thing — one wall that either holds or falls. But a blockchain system isnt a wall. Its a building. And like any building, the vault in the basement is a very different thing from the front door, the windows, and the people wandering around inside.
The money lives all over that building. The thieves know exactly which floors are soft. And almost none of them bother with the vault.
The Heist Map
So heres the map. Picture any crypto system as a building with four floors.
Floor 0, the basement, is the vault: the cryptography and the consensus. The actual blockchain. This is the part people mean when they say “the chain.”
Floor 1 is the bridges — the crossings that move money between different blockchains.
Floor 2 is the apps — the smart contracts and DeFi protocols, the code built on top.
Floor 3 is access — the exchanges, the wallets, the private keys, and the humans holding them.
Now the single most important fact in this whole piece: nearly every dollar ever stolen came off floors 1, 2, and 3. The vault — floor 0 — is almost never touched. Lets walk each floor and youll see why.
Floor 0 — the vault nobody cracks
Start at the bottom, with the part everyone fears for and nobody actually breaks.
The vault is the cryptography and consensus — the fingerprint that locks history, the signatures that prove ownership, the crowd of nodes, the vote that makes strangers agree. If those four “machines” are new to you, I broke each one down here.
Heres the track record. Bitcoins core cryptography has been live since 2009. In fifteen-plus years, securing trillions of dollars, sitting in the open as the single juiciest target on the internet, it has never been broken. Not once. Same for Ethereums. The math has held.
Could it ever break? Theres exactly one realistic doorway, and it only opens on small chains.
Its called a 51% attack. Remember the vote consensus only works because no single party controls the majority. But on a tiny blockchain with only a handful of miners, a wealthy attacker can rent enough power to own more than half, and then quietly rewrite recent history: spend coins, reverse the spend, keep the coins. Small chains like Ethereum Classic and Bitcoin Gold have been hit this way more than once.
But notice the catch. To pull this on Bitcoin or Ethereum, youd have to out-muscle thousands of machines spread across the planet — a feat that would cost far more than you could ever steal, and would crater the price of the very thing youre stealing. The vault isnt unbreakable in theory. Its just that breaking it costs more than whats inside. So nobody tries.
Which is why the thieves go upstairs.
Floor 1 — bridges, the honeypots
Floor one is where the real money has bled out. Bridges.
A bridge is the plumbing that lets you move value from one blockchain to another — say, from Ethereum to a faster chain. To do it, the bridge locks your coins on one side and issues a matching “wrapped” version on the other. Simple idea. Massive problem: to pull it off, the bridge has to hold everybodys locked-up coins in one giant pot.
That pot is a honeypot. Since 2022, bridges have leaked roughly $2.8 billion — close to 40% of all the value ever stolen in this space. The Ronin bridge: $625 million. Wormhole: $320 million. Nomad: $190 million. One after another.
And why do they fall? Usually not because the blockchain failed but because the bridge itself was guarded by a flimsy lock.
The Ronin bridge approved transactions if just five of its nine “validators” agreed. So the attackers — North Koreas Lazarus group, who well meet again in a minute phished their way into five sets of keys, and that was it. The whole pot, gone. The Harmony bridge needed only two of five. A bridge that calls itself “decentralized” but can be opened with two stolen keys was never really decentralized at all.
The blockchains underneath worked perfectly. The pot on top was just badly guarded.
Floor 2 — apps, where the bug is in the writing
Floor two is the smart contracts — the apps built on the chain.
A smart contract is just code. And code does precisely what its written to do, including the mistakes. When a DeFi protocol gets “exploited,” the blockchain didnt break it faithfully ran a program that had a hole in it.
The cleanest example is the Nomad bridge, again. A routine update accidentally marked every message as “trusted.” One bad line. Suddenly any transaction would pass and people realized they could drain the pot just by copying someone elses successful withdrawal and swapping in their own address. No hacking skill required. Roughly $190 million walked out, grabbed by a crowd of opportunists copy-pasting their way in.
The chain executed every one of those transactions exactly as instructed. Thats the whole point. The flaw wasnt in the cryptography. It was in the writing.
Floor 3 — access, the human floor
And now the top floor, where most of the money actually disappears: access. The keys, the exchanges, the people.
This is the soft floor. Heres the number that should reframe the entire debate: in 2025, around 76% of all stolen value came from off-chain attacks — compromised credentials, social engineering, people being tricked not from any flaw in the code or the chain. The cryptography wasnt attacked. The human in front of it was.
It looks like phishing emails, fake job offers (North Koreas crews famously pose as recruiters to slip malware onto a developers laptop), look-alike “poisoned” wallet addresses, and, increasingly, plain physical coercion so-called wrench attacks. Personal wallet compromises alone hit something like 158,000 people last year.
None of that is a blockchain weakness. Its the oldest weakness there is. And it sets up the biggest heist of them all.
The $1.5 billion proof
February 2025. The exchange Bybit moves some Ethereum out of one of its cold wallets — the heavily guarded, offline kind in what looks like a totally routine transfer. Multiple senior people review it. Multiple people sign off. Everything checks out.
It didnt check out. It was the largest theft in the history of money.
Heres what actually happened, and its the whole thesis in one story. The attackers — Lazarus again didnt break Ethereum. They couldnt. Instead, they quietly compromised the software interface the Bybit team used to approve transactions. So when the signers looked at their screens, they saw a normal, safe transfer. What they were actually approving, underneath, was a command that handed control of the wallet straight to the attackers.
The signers approved what they saw. The screen was lying. About $1.5 billion in Ethereum left in minutes.
The technical name for the trap is “blind signing.” The hardware devices the signers used could only display a scrambled code — a hash — not a plain-English summary of what they were approving. So they were signing something they literally couldnt read, trusting the screen to tell them the truth. The screen had been tampered with.
Sit with what that means. The most secure storage. Multiple expert signers. The largest crypto theft ever. And Ethereums cryptography was never touched not for a single second. The chain did its job flawlessly. A handful of humans were shown a fake picture, and they signed it.
The Heist Map, in your pocket
So heres the tool you keep. Next time you see a headline screaming that some coin or platform “got hacked,” dont panic and dont smirk. Just ask one question: which floor?
The Heist Map
Access — keys, humans, exchanges — check here firstApps — a bug in the code — likelyBridges — the cross-chain pot — likelyThe Vault — the cryptography itself — rule it out
Your risk lives in the doors, not the vault.
Almost every time, the answer is floor 3, then 1 or 2. Almost never floor 0. The cryptography is the strongest part of the whole system. The weak parts are the bridges built on top, the apps written in a hurry, and above all the humans holding the keys. Its also worth knowing how to tell a real public chain from a private database wearing the word, because the guarantees are completely different — I broke that down here.
Which leads to the part that confuses everyone.
Why it looks hacked when it isnt
If the chain never broke, why does every one of these read as “the blockchain got hacked”?
Because the blockchain does one thing with total, merciless reliability: it records what happened and makes it permanent. We have talked about why a chain cant be secretly rewritten that immutability is its superpower. Heres that piece if you want it: why a blockchain cant be secretly rewritten.
But immutability cuts both ways. When a thief tricks a human into signing away $1.5 billion, the chain records that theft just as faithfully as it records an honest payment and then makes it final. No chargebacks. No fraud department. No reversing it.
So the robbery shows up, permanently, on the most public ledger in the world. It looks like the chain failed. Its the opposite. The chain worked exactly as designed, it just cant tell the difference between you moving your money and a thief moving it, as long as the right key signed. The security of the vault and the finality of the theft are the same feature.
Why this actually matters
Heres where it connects to something bigger than any single hack.
The worlds money is steadily moving onto these rails. Stablecoins settling across borders, tokenized assets, central-bank digital currencies, AI agents holding their own wallets. As that happens, the question “can this be trusted with serious money?” stops being abstract.
And the honest answer the data gives is encouraging just not in the way the hype crowd thinks. The substrate, the vault, the actual cryptography a future shared financial system would run on, is the strongest part. Fifteen years, trillions secured, never broken. Thats a foundation you can build a planet on.
The work that remains isnt the chain. Its the doors. Better key management. Signing devices that show humans the truth instead of a hash. Bridges that dont stack a billion dollars behind two keys. Code that gets audited like lives depend on it. And the industry is moving Bybit, remarkably, recovered and made its users whole; stolen funds now get traced, frozen, and sometimes clawed back in ways that were impossible a few years ago. Security is becoming a feature you compete on.
This is the quiet pattern under the whole “One Earth, one financial system” direction this newsletter keeps tracing. Not one country forcing a single currency on the world but the worlds value slowly settling onto shared infrastructure thats genuinely strong at its core, while the messy human layer around it gets hardened year by year. We added up what todays fragmented money actually costs everyone in the welcome issue.
So can blockchain be hacked? The vault, almost never. The doors, all the time. And the most useful thing you now own isnt a yes or a no. Its the map.
When the next headline drops, youll know which floor to look at. That puts you a long way ahead of the people still arguing about whether the wall holds.
If you want to keep reading finance this way — the structure under the headlines, before it gets obvious — subscribe.Naked Market is free, and its built for exactly this.
Keep Going
Why a Blockchain Cant Be Secretly RewrittenHow Blockchain Actually Works, From the Ground UpWhat Is a Blockchain Ledger, ReallyPublic vs Private Blockchains: The Real DifferenceThe New Rails: Blockchain as Infrastructure
New here? Start with the pinned welcome — One Planet, 180 Currencies.
Everyone Says Blockchain Can’t Be Hacked. They’re Wrong. was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.