Poly Network to Squid token scam: All the cryptocurrency heists of 2021

Cybercriminals are now taking advantage of the ongoing craze around cryptocurrencies to trick potential victims and steal their digital money. In fact, a report by Chainalysis revealed that hackers have exploited vulnerabilities within crypto platforms or used traditional scamming methods like ‘rug pull’, mooching off over $7.7 billion (Rs 58,698 crore approx.) worth of cryptocurrency from victims in 2021. Here we list all the major cryptocurrency scams that occurred this year.

Poly Network

In August 2021, hackers pulled off one of the biggest ever cryptocurrency heists stealing $613 million in digital coins from token-swapping platform Poly Network. However, the hackers returned $260 million worth of tokens in less than 24 hours.

For the uninitiated, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions enabling users to transfer or swap cryptocurrencies across multiple blockchains. For example, a customer could use Poly Network to transfer tokens such as Bitcoin from the Ethereum blockchain to the Binance Smart Chain, perhaps looking to access a specific application.

The attackers stole funds in more than 12 different cryptocurrencies, including Ether and a type of Bitcoin, according to Chainalysis.

Interestingly, in the beginning, the hacker refused to hand the stolen crypto assets over. That was until Poly Network requested for them to release it, coughed up $500,000 as a gesture for finding the system vulnerability, and even offered them a job. Poly Network later revealed that the so-called “Mr. White Hat” had given them the private key.


On May 19, the PancakeBunny hack took place, with the cybercriminals making off about $45 million in a flash loan exploit, and tanking the price of Bunny tokens by 96 per cent from $220 to around $10 within 24 hours.

A flash loan is an unsecured loan where no security is needed on the part of the borrower, it is collateral-free. We have to understand that it is automated so the lenders get their lent amount within a specific timeline automatically. However, fraudsters take advantage of such loans, by increasing the price of the coins and then withdrawing all their investments causing the crypto market to tumble.

The hacker borrowed more than $700 million in Binance Coin (BNB) from seven PancakeBunny lending pools. They used this to manipulate the price of BNB— which caused the price of Bunny coins to crater. After repaying the flash loans, the hacker was left with 114,631 BNB worth about $45 million.

On July 16, the company’s new Polygon blockchain fork, PolyBunny, was also hit, with a flash loan attack minting $2.1 million worth of Polybunny— tanking its tokens from $10 to below $2.


Hackers stole $196 million from crypto trading platform Bitmart, the company called the attack “a large-scale security breach”. A mix of more than 20 tokens were stolen, including cryptocurrencies like BSC-USD, Binance Coin (BNB), BNBBPay (BPay), and Safemoon, while large amounts of Moonshot, Floki, and BabyDoge were also compromised.

Vulcan Forged

Play-to-earn non fungible token (NFT) platform Vulcan Forged said it refunded over $140 million (Rs 1,062 crore approx.) worth of cryptocurrency to all investors, a day after its platform was compromised. The cybercriminals stole assets in Ether, Polygon as well as the native cryptocurrency of Vulcan Forged termed ‘PYR’.

Vulcan Forged offers over six blockchain games, and also has an active NFT marketplace, and its own decentralized exchange, where users can trade its token ‘PYR’. Jaime Thomson, the CEO of Vulcan Forged acknowledged the breach on Twitter and called December 13 the “darkest day in Vulcan Forged history”.

Cream Finance

2021 was a bad year for Cream Finance, not only did hackers make off with $130 million in this October 2021 attack, but this was the third attack the company had suffered in the year. In February, hackers stole $37 million, and in August, $29 million.

The latest attack saw hackers exploiting what was thought to be a vulnerability in the DeFi platform’s flash loan system. They were able to steal all of Cream Finance’s tokens and assets on the Ethereum blockchain, which amounted to $130 million.


Cybercriminals stole at least $120.3 million (roughly Rs 900 crore) in cryptocurrency by hacking into decentralised finance (DeFi) protocol Badger DAO. The attack was identified on November 1.

Badger DAO, often referred to as BADGER is an open-source, decentralised automated organisation that is focused on developing infrastructure and products in order to simplify the overall use of Bitcoin, across Ethereum along with many other blockchains.

The hack, first discovered by blockchain security firm PeckShield, tracked down the missing funds. According to the security firm, the company lost at least 2,100 Bitcoin and 151 Ethereum.


At least $31 million (Rs 226 crores approx) in cryptocurrency were stolen by hacking into multi-chain decentralised exchange MonoX. The attack was first identified on December 1.

MonoX Finance is a decentralied finance (DeFi) platform that is focused on developing infrastructure and products in order to simplify the overall use of Bitcoin, Ethereum along with many other blockchains.

Among the funds lost are $18.2 million in Ethereum and $10.5 million in Matic. There are also smaller quantities of several other tokens, including cryptocurrencies such as— Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X. It should be noted that Bitcoin is currently trading at $47,564 (roughly Rs 35 lakh) per coin, Ethereum’s present value is $3,974 (roughly Rs 2.90 lakh) per token.

Squid Game token

Millions of dollars vanished in a matter of minutes after investors piled into a new cryptocurrency inspired by “Squid Game,” the popular Netflix survival series, only to watch its value plunge to nearly zero in a few short hours.

Popular crypto exchange Binance, initiated a probe into the Squid token and froze wallet addresses of the token developers, and called it a potential “rug pull” case. A rug pull is a malicious maneuver in the cryptocurrency industry where crypto developers abandon a project and run away with investors’ funds. In the case of Squid crypto, it is estimated that the creators have vanished with $3.3 million (roughly Rs 22 crore).

Stolen Bored Ape NFTs

Calvin Becerra, the owner of three Bored Ape Yacht Club NFTs was tricked by fraudsters under the guise of providing technical support.

For those who don’t know, BAYC NFTs are a popular collection of 10,000 unique bored apes created by Yuga Labs. This collection has seen over half a billion dollars in sales to date, as per dappradar.com metrics. It is worth noting that the minimum price of a BAYC NFT starts at 52 Ethereum or approximately $210,000. Becerra claims the three Bored Ape NFTs he owned were over $1 million.

Read More:Poly Network to Squid token scam: All the cryptocurrency heists of 2021