Cryptocurrency exploits and hacks accelerated dramatically in 2025, culminating in a record-breaking year for theft with total losses exceeding $4.04 billion. This represents a 34.2% year-on-year increase from the $3.01 billion estimated for 2024, according to data from blockchain security firm PeckShield.
The past 12 months were characterized by highly directed attacks targeting systemic vulnerabilities across both centralized exchanges and smart contract protocols. Losses were split between hacks, which stole $2.67 billion (a 24.2% increase), and scams, which surged by 64.2% to $1.37 billion. Efforts to track and freeze stolen tokens managed to recover only $334.9 million, down significantly from $488.5 million in 2024.
The single largest incident was the Bybit hack in February, which alone accounted for over $1.4 billion in losses, primarily from Ethereum (ETH) thefts. Other notable breaches occurred at protocols like Cetus and Balancer. The concentration of losses in fewer, larger incidents marked a shift in attacker tactics.
North Korean state-sponsored hackers were a dominant force, responsible for an estimated $2.02 billion (or 52%) of the total haul from Web3 projects, according to data from Hacken. Their activities highlight the persistent and sophisticated threat facing the industry.
The nature of exploits also evolved. While smart contract vulnerabilities accounted for around 12.8% of incidents, access control attacks emerged as a major source, linked to up to 53% of hacks. These often involved direct compromise of multisig wallets or admin rights. Attackers increasingly shifted from broad phishing campaigns to targeting high-value wallet holders directly, including Web3 developer teams.
A new attack vector involves threat actors posing as legitimate projects hiring Web3 developers. The interview process is used to deliver malware via meeting links, infecting machines to steal private keys and gain access to project wallets or smart contract admin controls. DeFi exploits in the latter half of 2025 became more sophisticated, leveraging robust systems to swap or hide funds, with Tornado Cash remaining a primary mixer for Ethereum, alongside standard DEX routing.
The report underscores an urgent need for enhanced security measures across the cryptocurrency industry as systemic vulnerabilities and sophisticated social engineering continue to erode investor confidence and market stability. The trend has continued into 2026, with the TrueBit protocol hack in January stealing up to $26 million using a similar model of unauthorized token minting and withdrawal.
