In brief
Total losses from cryptocurrency hacks reached an alarming $2.72 billion in 2025, breaking previous records despite a generally sluggish market. The most significant incident occurred in February when a breach of the Bybit exchange, allegedly orchestrated by North Korean hackers, resulted in the theft of between $1.4 and $1.5 billion. Prominent exchanges and decentralized finance (DeFi) platforms, such as Coinbase, Cetus Protocol, Nobitex, UPCX, BtcTurk, and Upbit, all reported substantial security breaches throughout the year. According to TRM Labs, 2025 became a landmark year for hacks in the crypto industry, with over $2.72 billion stolen.
### A Year of Declining Prices and Increased Exploits
Despite the downturn in cryptocurrency values leaving many investors disheartened, 2025 proved to be particularly disastrous for security breaches, even following the record-setting year of 2024. The year commenced with a staggering $1.5 billion loss in February due to a major hack at the centralized exchange Bybit, marking it as the largest exploit in the history of cryptocurrency. This incident set a grim tone for the rest of the year, as organized cybercriminal activities became “more sophisticated and coordinated,” according to TRM Labs. Ari Redbord, TRM’s Global Head of Policy, noted that attacks have become quicker, better organized, and easier to execute compared to previous years. Additionally, the ongoing expansion of North Korea’s IT worker schemes contributed to the increasing complexity of these cyber operations.
### Bybit: $1.5 Billion
The year began on a particularly negative note when hackers, suspected to be linked to North Korea, targeted the crypto exchange Bybit, resulting in the theft of between $1.4 and $1.5 billion worth of Ethereum and related tokens. The magnitude of this exploit was shocking to the industry, especially given that the funds were believed to have been stored in cold, multi-signature wallets, which are typically regarded as the most secure method for safeguarding digital assets. A provider of multi-signature wallets, Safe, indicated that the breach originated from a compromised developer’s laptop. Investigations revealed that the workstation of a senior developer at Safe was compromised on February 4 through interaction with a malicious application.
### Coinbase: Up to $400 Million
In May, Coinbase, the largest crypto exchange in the United States and a well-respected brand in the sector, made headlines by disclosing a significant data breach. Hackers sent a ransom letter demanding $20 million in Bitcoin in exchange for stolen customer information. In response, Coinbase co-founder and CEO Brian Armstrong offered the same amount as a reward for information leading to the arrest of the perpetrators. The exchange reassured users that no funds, passwords, or private keys had been compromised in the breach. However, sensitive information was obtained through bribery of Coinbase’s overseas subcontractors. The fallout from this incident could cost the company up to $400 million in recovery efforts.
### Cetus Protocol: $223 Million
Although centralized exchanges were a prime target for hackers this year, decentralized finance protocols continued to attract attention from cybercriminals. In May, the Sui ecosystem’s leading decentralized exchange, Cetus Protocol, fell victim to a significant attack. Hackers exploited weaknesses in the smart contracts of Cetus Protocol, using spoof tokens to manipulate price calculations and drain liquidity pools. In an unusual turn of events for the DeFi sector, Cetus successfully recovered around $162 million from funds that had been frozen as a result of the attack, allowing the protocol to resume operations just 17 days after the exploit.
### Nobitex: $90 Million
In June, the Iranian crypto exchange Nobitex was targeted by the pro-Israeli hacker group Gonjeshke Darande, resulting in a loss of $90 million in cryptocurrency. The group claimed that Nobitex had ties to the Islamic Revolutionary Guard Corps. However, the attack stirred controversy, as compliance firm Crystal Intelligence noted that many innocent retail investors were likely impacted, regardless of the hacker group’s assertions.
### UPCX: $70 Million
Another DeFi protocol faced significant losses in April when hackers drained $70 million from the open-source platform UPCX. The cybercriminals exploited a compromised private key to steal funds in the form of UPC’s native token. This breach received minimal media coverage despite the substantial amount stolen. Following the exploit, the value of the protocol’s token plummeted from $4 in April to just over $1.20 by December 5, as reported by CoinGecko.
### BtcTurk: $50 Million
In August, the Turkish exchange BtcTurk experienced another major breach, with hackers making off with approximately $48 million. This incident followed a previous hack in 2024, during which $54 million was stolen. After blockchain analysts flagged suspicious transactions, primarily involving Ethereum, BtcTurk announced the suspension of withdrawals. The exchange has remained largely silent since this event, and the occurrence of two major hacks in such a short timeframe has done little to restore confidence among retail investors.
### Upbit: $36 Million
In November, South Korean exchange Upbit reported a loss of around $36 million from its Solana hot wallet, with North Korean actors suspected to be behind the attack. Among the assets taken were various meme coins, and Upbit quickly reassured its users that funds had been swiftly transferred to cold wallets following the breach. The rapid execution of the hack led South Korean authorities to suspect the involvement of the state-sponsored hacking group Lazarus.
