Cryptothreads.io

Can Bitcoin Be Hacked? Understanding Real Security Risks

Can Bitcoin be hacked? The blockchain has never been breached, but exchanges, wallets, and users lose billions every year. Here's what's really at risk.

Can Bitcoin Be Hacked? Understanding Real Security Risks

Key takeaways

  • Bitcoin the protocol and Bitcoin the ecosystem are two different things. The blockchain has never been hacked; the exchanges, wallets, and users around it are hacked routinely.
  • Bitcoin's security is built on decentralization and economic alignment. It would cost billions of dollars to attack the network.
  • Theoretical attacks exist but have not succeeded against Bitcoin. The real threats live in human and custodial layers.
  • "Can Bitcoin be hacked?" has two correct answers. As a network: practically no. As an asset you personally hold: yes.

Bitcoin can be hacked, technically, but not in the way most people think. Bitcoin's blockchain has never been hacked in its 17-year history. However, individual Bitcoin can be stolen, and routinely is, when attackers compromise the exchanges, wallets, or users that hold it, rather than the protocol underneath.

This distinction is the single most important thing to understand about Bitcoin security. It helps to separate what Bitcoin actually is from how people interact with it – because the threats at each layer are completely different.

Has Bitcoin's Blockchain Ever Been Hacked?

No. In its 17-year history, the Bitcoin blockchain has never been successfully hacked, and no counterfeit bitcoin has ever circulated on the network. Every transaction since January 2009 remains intact and verifiable.

"Hacking Bitcoin" can mean three very different things, and conflating them causes most of the confusion in this topic:

  1. Hacking the Bitcoin protocol – breaking the blockchain's consensus rules, forging transactions, or creating bitcoin out of thin air. This has never happened.
  2. Hacking a custodian – breaking into a centralized exchange or service that holds bitcoin on behalf of users. This happens often.
  3. Hacking an individual user – stealing private keys, seed phrases, or login credentials from a specific person. This happens constantly.

Only the first one is truly an attack on Bitcoin. The other two are attacks on companies or people who happen to hold bitcoin.

Why is Bitcoin so difficult to hack? Bitcoin's security comes from a combination of cryptography, decentralization, and economic incentives that reinforce each other.

  • The network is spread across tens of thousands of Bitcoin nodes with no central server to target.
  • Every block is cryptographically chained to the previous one.
  • Any attacker capable of breaking it would have far more to lose than to gain.

Theoretical Attacks on the Bitcoin Protocol

There are several known ways the Bitcoin protocol could theoretically be attacked. None have succeeded against Bitcoin itself, but they're worth understanding because they shape how the network is designed and defended.

51% attack

Bitcoin 51% attack happens when one entity controls more than half of the network's mining power and uses it to rewrite recent transactions, primarily to "double-spend" the same coins twice.

The cost makes this impractical against Bitcoin.

A 2025 analysis by Duke University professor Campbell Harvey estimated that one week of dominating the Bitcoin blockchain would cost roughly $6 billion – about $4.6 billion for hardware, $1.34 billion for data center construction, and the rest for electricity. Other institutional estimates put the figure as high as $20 billion.

Even then, the attacker still couldn't steal coins from other people's wallets, create new bitcoin, or alter the 21 million supply cap. They could only reverse their own recent transactions or censor others, while crashing the market they just spent billions to attack.

Sybil attacks

A Sybil attack is when one person or group creates many fake identities (nodes) to flood the network and influence it.

On Bitcoin, this attack is largely neutered by proof-of-work: influence on the network depends on computing power, not on the number of nodes you run. Spinning up a million fake nodes gets you nothing if you can't also bring a million machines worth of hashrate.

Sybil attacks become a concern mainly when combined with other tactics, like eclipse attacks below.

Routing/eclipse attacks

  • An eclipse attack isolates a single node from the rest of the network by surrounding it with attacker-controlled peers. The victim only sees what the attacker wants them to see, which can enable double-spending against that specific node.
  • routing attack goes broader: an attacker with control of internet infrastructure (such as a malicious ISP or BGP hijacker) intercepts traffic between Bitcoin nodes to delay or partition the network.
routing and eclipse attacks
Researchers at ETH Zurich demonstrated that a small number of ISPs could, in theory, partition Bitcoin's network by hijacking routing announcements.

These attacks don't break the protocol's rules, but they can disrupt specific users or temporarily slow down the network. Mitigations include connecting to peers over Tor, using multiple network paths, and running nodes that connect to known trusted peers.

Quantum computing concerns

Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) to secure ownership of coins. A sufficiently powerful quantum computer running Shor's algorithm could, in theory, derive the private key from a public key.

That means an attacker could spend coins from any address whose public key has been exposed (which is most addresses that have already sent a transaction).

The good news: that quantum computer doesn't exist yet.

A survey of global experts cited in a Chaincode research paper found that about one-third estimated a 50% or higher chance that cryptographically relevant quantum computers could emerge between 2030 and 2035.

NIST has already standardized post-quantum cryptography algorithms (FIPS 203, 204, 205 in 2024 and HQC in 2025), giving the Bitcoin community a clear path to migrate.

The full scope of this threat is something we've explored in Quantum Risk in Crypto: From Cryptography to Monetary Warfare.

Software vulnerabilities

Bitcoin's code is written by humans, and humans make mistakes.

The most famous example happened on August 15, 2010, when a bug allowed someone to create a transaction producing 184 billion BTC out of thin air. Developers patched the issue and forked the chain within hours, erasing the bad block from history.

Other notable bugs include CVE-2018-17144 (2018), a vulnerability in Bitcoin Core that could have allowed miners to inflate the supply. It was discovered and patched before anyone exploited it.

Bitcoin Core is open-source and audited by a wide developer community, which makes catastrophic, undetected bugs less likely than in closed systems – but never impossible. Reviewing and stress-testing the reference implementation is an ongoing security effort.

Bitcoin Protocol vs Exchange Hacks: Why They’re Not the Same

The Bitcoin protocol has never been hacked, but crypto exchanges have lost over $3.4 billion in cumulative breaches since 2012, across at least 49 major incidents. These are completely different threat models.

Dimension

Protocol-level attack

Exchange / custodian hack

TargetBitcoin blockchain itselfCentralized company holding user funds
Successful incidents since 2009049+ major hacks
Cumulative losses$0$3.4 billion+
Attack methods51% attack, quantum, protocol bugsStolen private keys, phishing, insider, social engineering
Who is affectedTheoretically the whole networkCustomers of that specific platform
Can you avoid it?No – affects everyoneYes – self-custody your bitcoin

The biggest exchange breaches in history are mostly failures of custodians, not failures of Bitcoin:

  • Mt. Gox (2014): ~850,000 BTC stolen over several years due to poor internal security and code management. Worth around $460 million at the time, tens of billions today.
  • KuCoin (2020): $275 million stolen via compromised hot wallet keys. The exchange recovered $204 million through tracing and partner cooperation.
  • DMM Bitcoin (2024): 4,503 BTC (~$305 million) stolen after attackers used a fake job offer to plant malware on an employee's machine. Attributed to North Korea's Lazarus Group.
  • WazirX (2024): $235 million drained via a multi-sig wallet compromise.
  • Bybit (February 2025): ~$1.5 billion in Ethereum stolen – the largest crypto theft ever recorded – again linked to Lazarus Group.

A 2025 industry report found that centralized exchanges accounted for 71% of all reported crypto platform breaches in H1 2025, with phishing alone responsible for 48% of those breaches.

None of these breaches changed a single rule on the Bitcoin blockchain. They simply emptied the wallets of companies that held bitcoin for other people.

The Most Realistic Ways People Lose Bitcoin

Most stolen bitcoin is taken by tricking the person who owns it. The weakest link in Bitcoin security is almost always human, not technical.

If you own Bitcoin, the threats you actually need to worry about have almost nothing to do with 51% attacks or quantum computers. They have to do with you, your devices, and the people trying to trick you.

Phishing Attacks

Phishing is the most common way individual crypto users get drained. Attackers impersonate exchanges, wallet apps, or support staff and lure victims to fake websites that capture login credentials or seed phrases.

According to SlowMist's 2025 data, phishing accounted for around $410 million in stolen crypto in the first half of 2025 alone, and fake-exchange phishing toolkits saw a 40% rise in usage. Even when the year-over-year total fell, individual quarters still spiked sharply.

Always type exchange URLs by hand or use bookmarks, never click email links to log in, and verify domain names carefully – binnance.com and coinbasё.com are not the same as the real thing.

Malware and Keyloggers

Malware steals crypto in three main ways:

  • logging keystrokes (capturing passwords and seed phrases)
  • reading clipboard data (replacing copied wallet addresses with the attacker's)
  • remotely controlling the victim's device
malware and keyloggers
Clipboard-hijacking malware is one of the cheapest crypto attack tools available. Kits are sold on dark web forums for under $100 and can infect thousands of machines through cracked software, browser extensions, or fake wallet downloads.

Clipboard hijackers are especially nasty because most users don't notice. You copy your friend's address, paste it into a transaction, and malware silently swaps it for the attacker's. By the time you realize, the funds are gone.

Mitigations: use a dedicated device for crypto if possible, keep your OS and antivirus updated, never run pirated software, and always verify the first and last few characters of any address before sending.

Seed Phrase Theft

Your seed phrase (12 or 24 words) is the master key to your wallet. Anyone who has it owns your bitcoin – full stop. Common ways seed phrases get stolen:

  • Taking a photo of it with a phone that backs up to the cloud
  • Storing it in a notes app, password manager, or email draft
  • Writing it on paper that gets found, photographed, or destroyed
  • Typing it into a fake "wallet recovery" website
  • Sharing it with anyone, including "support staff" (real support never asks)

SIM Swaps and Account Takeovers

SIM swap is when an attacker convinces your mobile carrier to transfer your phone number to their SIM card. Once they control your number, they receive your SMS codes and can reset passwords on email and exchange accounts.

The damage can be enormous.

In March 2025, a single arbitration case resulted in T-Mobile being ordered to pay $33 million after a SIM swap allowed attackers to drain roughly $38 million in crypto from one victim. The November 2022 FTX hack – about $400 million stolen – traced back to a single SIM swap at an AT&T retail store.

Fake Apps and Scam Websites

App stores are full of convincing fakes. Searches for "Trezor", "Ledger Live", "MetaMask", or major exchanges regularly return fraudulent apps that look identical to the real thing but quietly transmit your seed phrase or credentials to attackers.

A common tactic is to publish a malicious wallet app, get it approved, then push a malicious update later. Even Apple's App Store and Google Play have repeatedly hosted such apps before takedowns.

Rug Pulls and Fake Investment Schemes

rug pull is when developers of a project (almost always a token or DeFi platform, not Bitcoin itself) abandon it and run off with investor funds. While true rug pulls aren't a direct threat to Bitcoin holders, Bitcoin-adjacent investment scams absolutely are.

Common varieties include:

  • fake "Bitcoin doublers"
  • fraudulent cloud mining services
  • fake yield programs that promise impossibly high returns
  • pig-butchering scams where attackers cultivate fake romantic or friendly relationships before convincing victims to "invest" their BTC into rigged platforms.

The FBI's 2024 Internet Crime Report attributed over $9.3 billion in losses across all categories with a cryptocurrency nexus.

Rule of thumb: if something promises guaranteed returns, multiplies your bitcoin, or requires you to send funds before withdrawing, it's a scam.

How to Make Your Bitcoin (Practically) Unhackable

The single most important rule: hold your own keys. Every other security measure builds on this – without self-custody, your bitcoin is only as safe as the company holding it. 

You can't make Bitcoin custody perfectly unhackable, but you can get close enough that you're not worth attacking.

  1. Move bitcoin off exchanges. Exchanges are honeypots. Use them to buy and sell, not to store. "Not your keys, not your coins" remains the most repeated phrase in crypto for a reason.
  2. Use a hardware wallet. Devices like LedgerTrezor, or Coldcard keep your private keys offline in dedicated chips. Even if your computer is fully compromised, the keys can't be extracted, and every transaction must be approved on the device's screen.
  3. Protect your seed phrase physically. Write it on paper or, ideally, stamp it into metal (steel plates resist fire and water). Store it somewhere only you can access. Never type it into any computer except your hardware wallet's own interface.
  4. Use multi-sig for large holdings. A 2-of-3 or 3-of-5 multi-signature wallet requires multiple keys to authorize a transaction. Even if one key is stolen, your funds stay safe.
  5. Harden your accounts. Replace SMS 2FA with hardware security keys (YubiKey, Google Titan). Use a unique, long password for every exchange, ideally generated by a password manager. Lock your phone number with a port-out PIN.
  6. Verify everything. Always check the first and last 5 characters of any address before sending. Bookmark exchange URLs. Never click "support" links sent through DM or email.
  7. Stay quiet. Don't advertise that you hold bitcoin. Public bragging makes you a target for both online and physical attacks.

None of these steps are technically hard. The hard part is doing them consistently.

how to make your bitcoin unhackable
Self-custody and hardware wallets make Bitcoin far safer.

So, Can Bitcoin Be Hacked?

Practically, no - not the network. But the bitcoin you own? That depends entirely on how you store it.

The harder truth: Bitcoin is safer than your bank, and also more dangerous. Safer because no institution can freeze, seize, or lose it for you. More dangerous because no institution can save you from your own mistakes either. That trade-off is the deal Bitcoin offers, and it's the one every holder eventually has to make peace with.

Sources and Further Reading

Disclaimer:The content published on Cryptothreads does not constitute financial, investment, legal, or tax advice. We are not financial advisors, and any opinions, analysis, or recommendations provided are purely informational. Cryptocurrency markets are highly volatile, and investing in digital assets carries substantial risk. Always conduct your own research and consult with a professional financial advisor before making any investment decisions. Cryptothreads is not liable for any financial losses or damages resulting from actions taken based on our content.
bitcoin
network security
attack
btc

FAQs About Bitcoin Hacks

Bitcoin sitting in a self-custodied wallet that has never connected to the internet is extraordinarily difficult to attack. The risk grows only when you interact: signing transactions, restoring from a seed, or entering credentials. Long-term cold storage on a hardware wallet is one of the safest forms of asset custody in the world.

BytebyByte
WRITTEN BYBytebyByteBytebyByte is a blockchain developer and crypto market researcher contributing technical analysis and research at Cryptothreads. His work focuses on the infrastructure, economic design, and market structure of digital asset systems. With a background spanning blockchain development, quantitative analysis, and financial market dynamics, BytebyByte specializes in examining how crypto protocols operate—from consensus mechanisms and token economics to on-chain market behavior. His research often explores the intersection between blockchain technology and the broader financial system, translating complex technical concepts into structured insights accessible to a wider audience. At Cryptothreads, BytebyByte contributes in-depth articles covering blockchain architecture, protocol economics, and emerging narratives shaping the digital asset ecosystem. His work aims to help readers better understand the mechanisms behind crypto markets and the technological foundations that drive the industr
FOLLOWBytebyByte
XFacebook

More articles by

BytebyByte

Hot Topic