As 2025 draws to a close, the cryptocurrency industry is reflecting on one of its most tumultuous years for security. Blockchain analytics firm Chainalysis reports that hackers stole more than $3.4 billion in digital assets from January through early December 2025—a figure driven by a handful of massive breaches on centralized exchanges and services. While earlier estimates from firms like TRM Labs and De.Fi pegged the total closer to $2.7 billion, Chainalysis’s comprehensive data, which includes a broader scope of incidents, confirms this as the highest annual total on record.
This surge continues an upward trend in crypto thefts, fueled largely by state-sponsored actors, particularly North Korea’s elite hacking units. Yet, amid the headlines of billion-dollar heists, subtler shifts emerged: a rise in attacks on individual wallets and signs of improving security in decentralized finance (DeFi) protocols.
The Dominance of North Korea: A Nation-State Threat
No story of 2025 crypto crime is complete without North Korea. The Democratic People’s Republic of Korea (DPRK)-linked hackers, often associated with the Lazarus Group and subgroups like TraderTraitor, stole a record $2.02 billion—accounting for nearly 60% of all thefts and marking a 51% increase from 2024. This brings their cumulative haul since 2017 to approximately $6.75 billion, much of which U.S. officials believe funds the regime’s nuclear and ballistic missile programs.
North Korean tactics evolved in 2025: fewer attacks (down 74% in known incidents) but far larger payouts. Hackers increasingly infiltrated crypto firms by posing as remote IT workers—often using AI to fake locations—or through sophisticated social engineering targeting executives. Once inside, they gained privileged access for massive thefts.
The Bybit Heist: The Largest Crypto Theft in History
The year’s defining incident was the February 2025 hack of Dubai-based exchange Bybit, where attackers drained approximately $1.5 billion in Ethereum (around 401,000 ETH) from a cold wallet. Attributed to North Korea’s Lazarus Group by the FBI and firms like Elliptic and TRM Labs, this single breach surpassed all previous records—more than double the $624 million Ronin Network hack in 2022.
The attack exploited a supply-chain compromise: Malware injected into the Safe{Wallet} multisig interface (used by Bybit for secure transfers) tricked signers into approving malicious transactions during what appeared to be a routine internal move. Funds were rapidly laundered through intermediaries, bridges, and mixers, with hundreds of millions moved in days.
Bybit’s CEO reassured users that other wallets were secure and secured bridge loans to cover losses, but the incident shook market confidence and highlighted vulnerabilities in third-party tools.
Historical Context: A Decade of Escalating Threats
Crypto hacks are not new, but 2025’s totals reflect a maturation of the threat landscape. Early incidents like the 2014 Mt. Gox collapse (losing 850,000 BTC, worth billions today) stemmed from poor operational security. The 2016 DAO exploit on Ethereum ($50-60 million at the time) exposed smart contract vulnerabilities, leading to a hard fork.
The 2020s saw nation-states enter the fray:
- 2021: Poly Network ($611 million, mostly returned).
- 2022: Record year prior to 2025, with $3.8 billion stolen, including Ronin ($624 million) and FTX’s collapse (though not a hack).
- 2023-2024: Declines in DeFi hacks due to better audits, but rises in private key compromises; totals around $2 billion annually.
- 2025: Outlier-driven spike to $3.4 billion, with top three hacks (led by Bybit) comprising 69% of losses.
Chainalysis notes personal wallet compromises surged to 158,000 incidents (affecting 80,000 victims), though their value ($713 million) dipped slightly as attackers spread efforts wider.
Emerging Trends and Silver Linings
Despite the grim totals, not all trends were negative. DeFi protocol hacks remained suppressed despite rising total value locked (TVL), suggesting audits, bug bounties, and better code practices are paying off.
Infrastructure attacks—private key thefts, seed phrase compromises, and front-end hijacks—dominated, comprising over 80% of losses in some mid-year reports. Geopolitical angles appeared too, like the alleged Israel-linked hack of Iran’s Nobitex exchange ($90+ million).
Laundering evolved: North Korean actors favored Chinese-language services and bridges, cashing out over 45 days, while others used P2P platforms.
Looking Ahead: Lessons for 2026
2025 underscores crypto’s dual-edged nature: immense innovation alongside persistent risks. Exchanges must prioritize multisig hygiene, insider threat detection, and third-party audits. Individuals should embrace hardware wallets, multifactor authentication, and vigilance against phishing.
As adoption grows, so do targets—but improved traceability (thanks to firms like Chainalysis) has led to more freezes and recoveries. While $3.4 billion is staggering, it represents a tiny fraction of the trillions in crypto transaction volume, reminding us that the ecosystem’s resilience is growing alongside its threats.
The record losses of 2025 serve as a stark warning: in the world of cryptocurrency, security is not optional—it’s existential.