The speed of crypto theft has reached alarming levels
I was looking at the 2025 Global Ledger report and honestly the numbers are pretty surprising. Hackers are now moving stolen cryptocurrencies just two seconds after an attack begins. It’s faster than most people can even process what’s happening. In most cases, they transfer their assets before victims even have a chance to publicly disclose the breach.
Nor are these a few isolated incidents. The report analyzed 255 crypto hacks worth $4.04 billion and found that 76% of these attacks resulted in funds moving before any public disclosure. This figure actually increased to 84.6% in the second half. So it’s becoming more common, not less.
The bleaching process has changed
What’s interesting though is that while the initial transfer happens almost instantly, the entire bleaching process now takes longer. On average, hackers took around 10.6 days during the second half of 2025 to reach their final deposit points like exchanges or mixers. That’s an increase from about eight days earlier in the year.
I think this shows something important about how the ecosystem has evolved. Once an incident becomes public, exchanges and blockchain analysis companies begin tagging addresses and increase their monitoring. The attackers have therefore adapted. They divide the funds into smaller pieces and route them through several levels before attempting to cash them out.
Bridges have become the main highway
Nearly half of all stolen funds, approximately $2.01 billion, passed through cross-chain bridges. This is more than three times the amount routed through mixers or privacy protocols. In the Bybit case alone, 94.91% of the stolen funds passed through bridges.
At the same time, Tornado Cash has regained some prominence. The protocol appeared in 41.57% of hacks in 2025, and its share of use jumped sharply in the second half of the year. The report mentions changes in sanctions as a possible factor.
It is also worth noting that direct withdrawals to centralized exchanges declined sharply during the second half of the year. DeFi platforms have instead received an increasing share of stolen funds. It seems that attackers avoid obvious exits until their attention disappears.
The scale of the problem remains enormous
Ethereum accounted for $2.44 billion in losses, or 60.64% of the total. That’s a huge share, but perhaps not surprising given its position in the market. A total of $4.04 billion was stolen during these 255 incidents.
Recovery rates are also pretty dismal. Only about 9.52% of the funds were frozen and 6.52% were returned. Nearly half of all stolen funds have not been spent at the time of analysis, meaning billions remain in wallets, potentially awaiting future laundering attempts.
We therefore see the emergence of a clear trend. Attackers operate at machine speed in the first critical seconds following a breach. Defenders respond later, forcing criminals to adopt slower, more staggered laundering strategies. The race is not over, it has simply entered a new phase where the start is measured in seconds and the finish takes days.
