The year 2025 was a painful year for cybersecurity in the field of digital assets, ending with the theft of over $3.4 billion in cryptocurrencies through hundreds of incidents. Independent statistics show that more than 300 major security incidents occurred during the year. At least, a significant share of those thefts was attributed to North Korean hackers, particularly in the "bybit" hacking incident.
According to the Skynet Hack3d report for 2025
Losses amounting to $3.35 billion. Over 700 incidents. New attack vectors. Key trends.
Here are the five largest heists of 2025, including one where social engineering was the main driver.
$1.5 billion (February 2025) in Bybit
U.S. authorities attributed the largest cryptocurrency theft in history to the North Korean "Lazarus" group. Investigators said the attackers seized a "cold" (offline) Ethereum (ETH) wallet, then quickly laundered the money across blockchains using Bitcoin (BTC) and other cryptocurrencies. Exchange disclosures and subsequent forensic analyses showed that large portions were funneled through "THORChain" and split across tens of thousands of addresses.
According to a subsequent report from "Crystal Intelligence", the attack faced by "Bybit" was a complex operation that breached the frontend, thus deceiving staff into believing they were signing legitimate transactions. "WazirX" and "Femex" were similarly hacked.
After the incident, "Bybit" launched a 10% recovery reward and partnered with blockchain investigators to help freeze the stolen funds. Portions of it were tracked, although most remain in motion.
Decentralized platform Cetus: $220 million (May)
$220 million was stolen from the largest decentralized exchange and liquidity provider on the "Sui" network (Sui), the Cetus platform, in just 15 minutes. According to "Merkle Science", the hackers did not exploit a vulnerability in a smart contract, which is considered typical in the industry. Instead, they took advantage of a rounding bug in a third-party math library that was used for liquidity and pricing calculations.
An attacker exploited a vulnerability in rounding/MSB-check to manipulate liquidity pool parameters and withdraw assets. Teams acted quickly to temporarily halt contracts and later announced that approximately $160 million had been frozen or recovered.
However, over $60 million remained at risk. This was the largest exploitation in the decentralized finance (DeFi) space this year, and trading was temporarily halted in the "Sui" ecosystem.
Balancer: $116 million (November)
A hack in the "Balancer" protocol, a popular protocol in decentralized finance, was first discovered by cryptocurrency investigators on platform X. The attacker exploited a rounding error in the stable pool logic of the Balancer version 2 (V2) across Ethereum and several layer two networks and sidechains. The Balancer disclosure confirms the underlying technical reason.
Initial estimates put the losses near $120 million, mostly on the Ethereum mainnet. Furthermore, a large inactive investor withdrew $6.5 million immediately after the hack. Total value locked (TVL) in Balancer halved from $442 million to $214.5 million in a single day.
However, according to "Crystal Intelligence", most of the funds were tracked. Suspicious wallets are now being closely monitored for any potential transactions to freeze the stolen funds.
Femex (Centralized Exchange): $73 million (January)
The hot wallet of the centralized exchange "Femex", based in Singapore, was hacked across 16 different blockchains. Security firms pointed to dozens of suspicious external flows from "Femex" hot wallets across major networks.
This was the first major hack in 2025 that shook the community. Prominent expert on X, "ZachXBT", who participated in the "Bit Byte" investigations, proved that the "Femex" and "Bit Byte" attacks were carried out by the "Lazarus" group using similar addresses.
The Lazarus Group just linked the Bybit hack to the Femex hack directly on-chain by mixing funds from the initial theft address of both incidents.
After the incident, the company completely halted deposits and withdrawals, but by February, services were fully resumed with additional security enhancements.
Upbit (Centralized Exchange): Over $30 million (November)
South Korea's largest exchange, Upbit, reported a hack in November, with a total impact of 44.5 billion won (approximately $34 million). Customers were fully compensated from reserves, while Upbit's own funds lost 5.9 billion won ($4 million). Only a small portion valued at $1.77 million was frozen through tracing.
Upbit halted flows on the Solana network, moved funds to cold storage (offline wallets), coordinated freezing operations with other exchanges and issuers, and gradually reopened wallets using new deposit addresses. Even with compensation, the incident underscored the risks of concentration in centralized finance (CeFi).
Cryptocurrency hack numbers in 2025
· Total stolen: $3.3 - $3.4 billion (reflecting the range of methodologies between "Chainalysis" and "Beosin/Footprint").
· Number of incidents: Approximately 313 major cases (according to Beosin/Footprint).
· Snapshot for the first half of the year: Approximately $2.5 billion stolen across over 300 incidents. According to "Certik", this already exceeds the total for 2024.
· Typical attacks: The hacked wallets and phishing/social engineering were major physical drivers.
· Targeted platforms: Some infrastructure-level attacks dominated losses (such as "Bybit"), while the number of decentralized finance (DeFi) incidents remained significantly higher, albeit with generally lower losses.
Key Highlights:
In 2025, total losses in the Web 3 ecosystem from hacks, phishing scams, and rug pulls reached $3.375 billion across 313 major security incidents.
Why was social engineering more important?
Overall, security firms noted a shift towards exploiting human factors and the supply chain. Hackers moved from poisoned frontends and multisig UI signing tricks to impersonating executives and stealing keys, thus reducing the relative share of pure programming errors in smart contracts. Exceptional losses in 2025 were due to access control failures, not due to exploits of new on-chain mathematics.
