Crypto hacks decreased by 50% in 2025, yet the statistics uncover a far more perilous financial risk.

This year’s pivotal security incident was not a complex DeFi breach or an unprecedented protocol malfunction, but the $1.46 billion theft from Bybit, a leading centralized exchange.

This singular occurrence, linked to advanced state-sponsored entities, reshaped the narrative of the year. It demonstrated that although the incidence of attacks has declined, the intensity of the damage has surged to systemic proportions.

Related Reading

ByBit suffers $1.5 billion Ethereum heist in cold wallet breach

The intricate attack targeted ByBit’s Ethereum cold wallet, yet all other systems reportedly remain intact.

Feb 21, 2025 · Oluwapelumi Adejumo

Data from blockchain security firm SlowMist illustrates an industry under attack from professional, large-scale threats. In 2025, there were around 200 security events throughout the ecosystem, about half of the 410 recorded in the prior year.

Nonetheless, total losses soared to approximately $2.935 billion, a significant increase from $2.013 billion in 2024.

To 10 Crypto Hacks in 2025 (Source: SlowMist)

The figures are stark: the average loss per incident more than doubled, increasing from around $5 million to nearly $15 million.

This indicates that attackers have shifted their focus from low-value targets to deep liquidity and high-value centralized vulnerabilities.

State actors and the industrial supply chain

The increase in lost value is directly associated with the evolving profile of the attackers.

In 2025, the “lone wolf” hacker has largely been overtaken or merged with organized crime networks and nation-state actors, particularly groups associated with the Democratic People’s Republic of Korea (DPRK).

These entities have transitioned from opportunistic, single-point attacks to organized, multi-faceted operations targeting centralized services and utilizing structured laundering methods.

Indeed, the distribution of losses by sector corroborates this shift.

While DeFi protocols still incurred the highest volume of incidents, with 126 events resulting in approximately $649 million in losses, centralized exchanges accounted for the majority of financial destruction. Just 22 incidents involving centralized platforms led to roughly $1.809 billion in losses.

Crypto Loss by Sector (Source: SlowMist)

Related Reading

Iran-based crypto exchange hacked for $48M amid cyberattack claims by Israel-linked group

Nobitex taken offline as Israel-linked Predatory Sparrow threatens data release in escalating cyber conflict.

Jun 18, 2025 · Oluwapelumi Adejumo

Supporting these high-level operators is an underground supply chain that operates with the efficiency of a commercial software ecosystem.

Models termed Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have lowered entry barriers, enabling less experienced criminals to rent advanced infrastructure.

This industrialization has also impacted the “drainer” market, which consists of toolkits designed to deplete wallets through phishing.

Although total losses from drainers fell to about $83.85 million across 106,106 victims, reflecting an 83% decrease in value from 2024, the sophistication of the tools has advanced.

Crypto Phishing Scams (Source: SlowMist)

SlowMist highlighted that organized cybercrime has learned to regard Web3 as a consistent, reliable revenue stream.

Simultaneously, supply chain attacks have introduced a perilous aspect to the threat landscape.

Malicious code embedded in software libraries, plugins, and development tools placed backdoors upstream from end applications, enabling criminals to compromise thousands of downstream users at once.

Consequently, high-privilege browser extensions became a preferred vector. Once compromised, these tools transformed user machines into silent collection points for seeds and private keys.

The pivot to social engineering and AI

As protocol security strengthened, attackers redirected their attention from the code to the human behind the keyboard.

2025 illustrated that a leak of a private key, an intercepted signature, or a compromised software update can be just as destructive as a complicated on-chain arbitrage exploit.

The statistics reveal this equivalence: there were 56 smart contract exploits and 50 account compromises documented during the year. The divide between technical risks and identity risks has effectively vanished.

Crypto Security Breaches Causes in 2025 (Source: SlowMist)

To breach these human defenses, criminals have weaponized artificial intelligence.

Throughout the year, the marked rise in synthetic text, voice, images, and video provided attackers with a cost-effective, scalable means to impersonate customer support agents, project founders, recruiters, and journalists.

Additionally, deepfake calls and voice replicas rendered traditional verification practices obsolete, boosting the success rate of social engineering campaigns.

At the same time, phishing campaigns evolved from simple malicious links into multi-stage operations.

Related Reading

Crypto hacker falls victim to own scam losing $50 million to phishing attack

The UXLINK attacker had minted 2 billion unauthorized tokens and was selling them via exchanges.

Sep 23, 2025 · Oluwapelumi Adejumo

Ponzi schemes adapted concurrently, shedding the overt “yield farm” aesthetics of the past for the guise of institutional finance.

This led to new frauds masquerading as “blockchain finance” or “big data” platforms. These scams also employed stablecoin deposits and multi-level referral structures to feign legitimacy.

For context, projects like DGCX demonstrated how traditional pyramid schemes could operate behind the facade of professional dashboards and corporate branding.

Enforcement and the regulatory hammer

The magnitude of the year’s losses compelled a decisive shift in regulatory actions as authorities transitioned from theoretical discussions about jurisdiction to direct, on-chain interventions.

Consequently, their focus broadened beyond the entities themselves to the infrastructure facilitating crime, including malware networks, dark web marketplaces, and laundering hubs.

A notable example of this expanded scope was the pressure exerted on the Huione Group, a conglomerate scrutinized by investigators for its role in facilitating laundering operations.

Similarly, platforms like Garantex faced ongoing enforcement actions, indicating that regulators are ready to dismantle the financial infrastructures employed by cybercriminals.

Stablecoin issuers emerged as vital components of this enforcement strategy, effectively acting as agents in the effort to freeze stolen assets. Tether froze USDT on 576 Ethereum addresses, while Circle froze USDC on 214 addresses during the year.

These actions produced concrete outcomes. Across 18 major incidents, around $387 million of the $1.957 billion in stolen funds was frozen or recovered.

Frozen Tether's USDT Addresses (Source: SlowMist)

While a recovery rate of 13.2% remains modest, it signifies a substantial shift in capability: the industry can now halt or reverse portions of criminal flows when compliant intermediaries are involved in the transaction.

Regulatory expectations have consequently intensified. Strong Anti-Money Laundering (AML) and Know Your Customer (KYC) frameworks, tax transparency, and custody controls have transitioned from competitive advantages to baseline survival imperatives.

Infrastructure providers, wallet developers, and bridge operators now find themselves encompassed within the same regulatory environment as exchanges.

The solvency test and future landscape

The contrast between the Bybit hack and the FTX collapse offers the most significant lesson of 2025.

In 2022, the loss of customer funds revealed a hollow balance sheet and fraud, leading to immediate insolvency. In 2025, Bybit’s capacity to absorb a $1.46 billion loss indicates that top-tier platforms have amassed sufficient capital depth to consider substantial security breaches as manageable operational costs.

However, this resilience carries a caveat, as the concentration of risk has never been greater. Attackers are now targeting centralized chokepoints, while state actors are allocating vast resources to infiltrate them.

For builders and businesses, the era of “move fast and break things” is definitively concluded. Security and compliance have now become prerequisites for market access. Projects unable to demonstrate robust key management, permission design, and credible AML frameworks will find themselves excluded from banking partnerships and user access.

For investors and users, the message is clear: passive trust is a liability. The combination of AI-driven social engineering, supply chain compromises, and industrial-scale hacking indicates that capital preservation now necessitates active, ongoing vigilance.

2025 revealed that while the crypto industry has constructed stronger defenses, the adversaries outside the gate have brought larger battering rams.

The post Crypto hacks dropped by half in 2025, but the data reveals a much deadlier financial threat appeared first on CryptoSlate.