Private Key Compromise attacks on Bitcoin

SBI Crypto, SBI Holdings' mining arm, lost $24M across BTC, ETH, LTC, DOGE and BCH. Undetected for 7 days until ZachXBT flagged a pattern matching DPRK Lazarus.

$90M+ drained from Iran's largest exchange by Predatory Sparrow, then burned to addresses tagged with anti-IRGC messages — a destruction-not-profit hack.

~$73M drained from Phemex hot wallets across 16 blockchains in a coordinated sweep — the first major exchange hack of 2025, with TTPs consistent with Lazarus.

$13.7M drained from UAE-based M2 Exchange hot wallets across BTC, ETH and Solana; identified, contained and customer funds restored in just 16 minutes.

~$55M drained from BtcTurk's hot wallets, with Binance freezing roughly $5.3M of the stolen funds mid-flight — Turkey's largest exchange compromise to date.

$22M (158 BTC, 2,161 ETH, plus LTC/BCH) drained from Lykke in a private-key compromise the UK exchange tried to keep quiet; later attributed to Lazarus.

$114M+ swept from Poloniex's Ethereum and Tron hot wallets after private keys were extracted from internal systems; Justin Sun pledged full reimbursement.

$200M drained from Mixin Network hot wallets after attackers compromised the cloud provider hosting Mixin's centralised database — an infrastructure wake-up.

Lazarus drained $54M from CoinEx hot wallets across Ethereum, Tron, BSC and seven other chains, reusing infrastructure from the prior week's Stake.com hit.

A private-key compromise drained $60M from AlphaPo's hot wallets across Tron, Bitcoin and Ethereum. The FBI attributed the payment-processor breach to Lazarus.

A Lazarus operation targeted Atomic Wallet's software, not individual seeds, draining $100M+ from roughly 5,500 users and bypassing self-custody guarantees.

Attacker drained $28M from Deribit BTC/ETH/USDC hot wallets; the largest crypto-options exchange covered it from its balance sheet, cold storage untouched.

~$97M drained from Japan-based Liquid Global's warm wallets across ETH, XRP, BTC and stablecoins; FTX extended a $120M emergency loan, then acquired it.

$281M drained from KuCoin hot wallets across BTC, ETH and ERC-20s — the third-largest exchange hack ever, a Lazarus operation; ~84% later recovered.