The biggest crypto hacks of 2025

2025 was a deadly year for digital asset cybersecurity, ending with over $3.4 billion worth of crypto stolen in hundreds of incidents. Independent counts report more than 300 major security incidents for the year. At least $2 million of these thefts have been traced to North Korean hackers, primarily in the Bybit hack case.

The Skynet Hack3d 2025 report is here.

$3.35 billion lost. More than 700 incidents. New attack vectors. Key trends.

Get the most detailed description of Web3 security in 2025, from exploits to insights.

Read the full report👇

– CertiK (@CertiK) December 23, 2025

Below are the five biggest heists of 2025, including one primarily motivated by social engineering.

Bybit: $1.5 billion (February 2025)

US authorities have attributed the largest crypto theft in history to the North Korean group Lazarus. Investigators said the attackers took control of an ETH cold wallet, then quickly laundered funds across chains via

BTC
$88,160

24h volatility:
0.6%

Market capitalization:
$1.77T

Flight. 24h:
$40.04 billion

and other currencies. Exchange disclosures and subsequent forensic analyzes showed that large portions were routed through THORChain and spread across tens of thousands of addresses.

According to a later report from Crystal Intelligence, the attack Bybit faced was a sophisticated operation that compromised its interface, making employees believe they were signing legitimate transactions. WazirX and Phemex were hacked in the same way.

Following the incident, Bybit launched a 10% recovery bonus and hired blockchain investigators to help freeze the stolen funds. Portions have been tracked, although most remain in motion.

Cetus DEX (Sui): $220 million (May)

Sui’s largest DEX and liquidity provider, Cetus, lost $220 million in just 15 minutes. According to Merkle Science, the hackers did not exploit an industry-typical smart contract vulnerability. Instead, they benefited from a rounding bug in a third-party math library used for liquidity and price calculations.

An attacker abused an MSB rounding/verification flaw to manipulate pool settings and extract assets. The teams quickly suspended the contracts and later claimed about $160 million had been frozen or recouped.

However, more than $60 million remained at risk. This is the most significant DeFi exploit of the year and briefly disrupted trading in the Sui ecosystem.

Balancer: $116 million (November)

A flaw in Balancer, a popular DeFi protocol, was initially spotted by crypto detectives on X. An attacker exploited a rounding bug in the stable pool logic of Balancer V2 on Ethereum and several L2s and sidechains. Balancer’s disclosure confirms the technical root cause.

Initial estimates put losses at nearly $120, most of it on the Ethereum mainnet. Additionally, a sleeping whale withdrew $6.5 million right after the hack. Balancer’s total value locked (TVL) was cut in half from $442 million to $214.5 million in a single day.

However, according to Crystal Intelligence, most of the funds have been recovered. Wallets are now closely monitored for possible transactions aimed at freezing stolen funds.

Phemex (CEX): $73 million (January)

Phemex, a centralized exchange (CEX) based in Singapore, had its hot wallet compromised on 16 chains. Security firms have reported dozens of suspicious exits from Phemex hot wallets spanning major networks.

This is the first big hack of 2025 that shook the community. Prominent X-expert ZachXBT, who participated in the Bybit investigation, proved that the Phemex and Bybit attacks were carried out by Lazarus and used similar addresses.

The Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain, mixing funds from the original theft address for both incidents.

Superimposed address:
0x33d057af74779925c4b2e720a820387cb89f8f65

Bybit hack txns on February 22, 2025:… pic.twitter.com/dh2oHUBCvW

-ZachXBT (@zachxbt) February 22, 2025

After the incident, the company completely halted deposits and withdrawals, but in February, services fully resumed with additional security tightening.

Upbit (CEX): more than $30 million (November)

South Korea’s largest exchange, Upbit, reported a hack in November, with a total impact of 44.5 billion won (about $34 million). Customers were saved thanks to reserves, while $US5.9 billion ($4 million) of Upbit corporate funds were lost. Only a small portion of $1.77 million was frozen thanks to tracing.

Upbit halted Solana flows, moved funds to cold storage, coordinated freezes with issuers/exchanges, and gradually reopened wallets using new deposit addresses. Even with reimbursement, the incident highlighted CeFi’s concentration risk.

Crypto hacks 2025 in numbers

Total stolen: $3.3-3.4 billion (range reflects different methodologies between Chainalysis and Beosin/Footprint).
Number of incidents: ~313 major cases (Beosin/Footprint).
First semester overview: approximately $2.5 billion stolen in more than 300 incidents. According to CertiK, this figure already exceeds the 2024 total.
Typical attacks: compromised wallets and phishing/social engineering were driving factors.
Targeted platforms: A few infrastructure-level attacks dominated losses (e.g., Bybit), while the overall number of DeFi incidents remained much higher, albeit with more minor losses.

🛡️ Beosin is excited to release the Global Web3 Security Report 2025!

🔍 Highlights:
In 2025, total losses in the Web3 ecosystem due to hacks, #phishing scams and carpet thefts reached $3.375 billion across 313 major security incidents.

Major incidents: the largest single loss… pic.twitter.com/EhI6RZqIL1

– Beosin 🛡 Web3 Security & Compliance (@Beosin_com) December 29, 2025

Why social engineering was more important

Generally speaking, security companies have noted a trend toward compromising human factors and the supply chain. Hackers have moved from poisoned interfaces and multisig UI tricks to executive impersonation and key theft, reducing the relative share of pure solidity bugs. The outlier losses of 2025 were largely due to gatekeeping failures, not new on-chain math.

following

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article is intended to provide accurate and current information, but should not be considered financial or investment advice. Because market conditions can change quickly, we encourage you to verify the information for yourself and consult a professional before making any decisions based on this content.

Cybersecurity News, News

Yana Khlebnikova joined CoinSpeaker as an editor in January 2025, following previous stints at Techopedia, crypto.news, Cointelegraph and CoinMarketCap, where she honed her expertise in cryptocurrency journalism.

Yana Khlebnikova on LinkedIn

Source link

Categories

Hand picked

Crypto Policy in the Hot Spot as US Lawmakers Call SEC Hearing

Price Forecast 12/29: SPX, DXY, BTC, ETH, BNB, XRP, SOL, DOGE, ADA, BCH

GameFi funding drops 55% in 2025 as Web 2.5 games gain ground

Riyadh to Host Global AI Show 2026: Where Minds and Machines Meet

Powering the Future of Play: Riyadh Welcomes the Global Games Show 2026

HYPE Stabilizes as Post-Airdrop LIT Selling Intensifies: What Happens Next?

Cantor Fitzgerald Says “Positive Momentum” Suggests Crypto Winter Is Not Yet Underway

South Korean Crypto Regulations Delayed as Stablecoin Rules Face Impasse