Crypto Heists Surpass $2.7 Billion in 2025
Cybercriminals stole over $2.7 billion in crypto in 2025, driven by a massive $1.4B breach at Bybit and rising state-sponsored attacks. This report details the shift from DeFi exploits to high-value centralized exchange heists.
Cybercriminals have stolen over $2.7 billion in cryptocurrency throughout 2025, marking a severe escalation in high-value digital thefts. New data released by blockchain intelligence firms reveals that while the total number of hacks has fluctuated, the sheer scale of individual attacks has reached unprecedented levels.
According to reports from OODA Loop and Business Today published on (December 24, 2025), the year’s losses were driven heavily by a few catastrophic security breaches. This figure represents a significant increase compared to 2024, signaling that attackers are shifting their focus toward larger, centralized targets rather than smaller, frequent exploits.
The data indicates that a massive portion of the year's stolen funds can be traced back to a single event. In (February 2025), hackers breached the Dubai-based crypto exchange Bybit, making off with approximately $1.4 billion to $1.5 billion. This incident alone accounted for nearly half of the total stolen value for the entire year, as detailed by SC Media.
Security researchers note that this "mega-hack" trend is a departure from previous years, where losses were more evenly distributed across various Decentralized Finance (DeFi) protocols. In 2025, the ratio between the largest hack and the median incident size widened drastically, with top-tier exchanges becoming prime targets for sophisticated syndicates.
A major driver behind these astronomical figures is the continued aggression of state-sponsored hacking groups. The Chainalysis report highlights that North Korean hacking groups, such as the Lazarus Group, were responsible for at least $2.02 billion of the stolen funds in 2025.
These groups have reportedly evolved their tactics, moving beyond simple code exploits to elaborate social engineering schemes. By posing as recruiters or investors, they have successfully tricked high-level executives and developers into granting access to critical internal systems.
While centralized exchanges faced the brunt of the financial damage, individual users also faced growing risks. Reports from Help Net Security suggest that personal wallet compromises surged in frequency, although the average value stolen per victim decreased. This indicates a "spray and pray" approach targeting a wider net of casual users, even as the "whales" targeted the massive exchange vaults.
Despite the grim statistics, there is a silver lining for the DeFi sector. Security practices within decentralized protocols appear to be improving, with hack-related losses in that specific sub-sector remaining relatively suppressed compared to the explosive growth in Centralized Finance (CeFi) attacks.
