In 2025, crypto hacks totaled $3.4B across 300+ incidents, where social-engineering and access-control failures dominated. Let’s look at the major ones.
By Yana Khlebnikova
Editor Hamza Tariq
Updated
4 mins read
2025 was a bruising year for cybersecurity in digital assets, ending with over $3.4 billion in crypto stolen across hundreds of incidents. Independent tallies show over 300 major security incidents for the year. At least $2 million of those thefts was attributed to North Korean hackers, mainly in the Bybit hack case.
The 2025 Skynet Hack3d Report is here.
$3.35B lost. 700+ incidents. New attack vectors. Key trends.
Get the most detailed breakdown of Web3 security in 2025, from exploits to insights.
Read the full report👇https://t.co/EfWupS604N
— CertiK (@CertiK) December 23, 2025
Below are the five biggest heists of 2025, including one driven primarily by social engineering.
U.S. authorities attributed the largest crypto theft in history to North Korea’s Lazarus Group. Investigators said attackers took control of a cold ETH wallet, then rapidly laundered funds across chains via BTC $88 160 24h volatility: 0.6% Market cap: $1.77 T Vol. 24h: $40.04 B and other currencies. Exchange disclosures and later forensic analysis showed that large portions were routed through THORChain and split across tens of thousands of addresses.
According to a later report by Crystal Intelligence, the attack Bybit faced was a sophisticated operation that compromised its frontend, thereby tricking employees into believing they were signing legitimate transactions. WazirX and Phemex were hacked similarly.
Following the incident, Bybit launched a 10% recovery bounty and engaged blockchain investigators to help freeze the stolen funds. Portions were tracked, though most remain in motion.
Sui’s largest DEX and liquidity provider, Cetus, was drained $220 million in just 15 minutes. According to Merkle Science, the hackers did not exploit a smart contract vulnerability, which is typical in the industry. Instead, they benefited from a rounding bug in a third-party math library, used for liquidity and pricing calculations.
An attacker abused a rounding/MSB-check flaw to manipulate pool parameters and extract assets. Teams moved quickly to pause contracts and later claimed that around $160 million had been frozen or recovered.
However, more than $60M remained at risk. This was the year’s most significant DeFi exploit and briefly halted trading in the Sui ecosystem.
A breach in Balancer, a popular DeFi protocol, was initially spotted by crypto sleuths on X. An attacker exploited a rounding bug in Balancer V2’s stable pool logic across Ethereum and several L2s and sidechains. Balancer’s disclosure confirms the technical root cause.
The initial estimates placed losses near $120, with the bulk on the Ethereum mainnet. Moreover, a dormant whale withdrew $6,5 million just after the hack. Balancer’s Total Value Locked (TVL) halved from $442 million to $214.5 million in a single day.
However, according to Crystal Intelligence, most of the funds were traced. The wallets are now closely monitored for potential transactions to freeze the stolen funds.
Phemex, a centralized exchange (CEX) based in Singapore, saw its hot-wallet compromised across 16 chains. Security firms flagged dozens of suspicious outflows from Phemex hot wallets spanning major networks.
This was the first big hack of 2025 that shook the community. Prominent expert on X, ZachXBT, who participated in the Bybit investigation, proved that the Phemex and Bybit attacks were carried out by Lazarus and used similar addresses.
Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the intial theft address for both incidents.
Overlap address:
0x33d057af74779925c4b2e720a820387cb89f8f65Bybit hack txns on Feb 22, 2025:… pic.twitter.com/dh2oHUBCvW
— ZachXBT (@zachxbt) February 22, 2025
After the incident, the company completely halted deposits and withdrawals, but by February, services were fully resumed with additional security hardening.
South Korea’s largest exchange, Upbit, reported a hack in November, with a total impact of 44.5 billion won (around $34 million). Customers were made whole from reserves, while 5.9B ($4 million) in Upbit corporate funds was lost. Just a small portion of $1.77 million got frozen through tracing.
Upbit halted Solana flows, moved funds to cold storage, coordinated freezes with issuers/exchanges, and gradually reopened wallets using new deposit addresses. Even with reimbursement, the incident underscored CeFi’s concentration risk.
🛡️ Beosin is thrilled to release the 2025 Global Web3 Security Report!
🔍 Key Highlights:
In 2025, total losses in the Web3 ecosystem from hacks, #phishing scams, and rug pulls reached $3.375 billion across 313 major security incidents.Major Incidents: The largest single loss… pic.twitter.com/EhI6RZqIL1
— Beosin 🛡 Web3 Security & Compliance (@Beosin_com) December 29, 2025
In general, security firms noted a shift toward human-factor and supply-chain compromises. Hackers moved from poisoned frontends and multisig UI tricks to executive impersonation and key theft, thus reducing the relative share of pure solidity bugs. 2025’s outlier losses were overwhelmingly due to access-control failures, not to novel on-chain math.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Yana Khlebnikova joined CoinSpeaker as an editor in January 2025, after previous stints at Techopedia, crypto.news, Cointelegraph, and CoinMarketCap, where she honed her expertise in cryptocurrency journalism.
