The global cryptocurrency industry endured one of its most challenging years in 2025, as digital asset thefts surged to more than $3.4 billion, underscoring persistent vulnerabilities in the rapidly evolving ecosystem. A new report by Chainalysis reveals that while the total number of attacks did not rise dramatically, the scale and financial impact of individual breaches increased sharply, reshaping the risk profile of the crypto market.
According to the report, the amount stolen in 2025 represents a 54% year-on-year jump from the $2.2 billion lost to hacks in 2024. This increase reflects a clear shift toward fewer but far more destructive incidents, with a handful of high-profile breaches accounting for the majority of losses recorded during the year. Analysts say this trend signals growing systemic risks, particularly for large exchanges and custodial platforms that hold vast pools of customer assets.
Fewer attacks, bigger losses
Chainalysis estimates that more than $3.4 billion worth of cryptocurrency was stolen between January and early December 2025. A single incident alone made a dramatic contribution to that figure: the February breach of Bybit, which resulted in losses estimated at about $1.5 billion. The attack now stands as the largest individual crypto theft ever recorded and was the primary driver behind the sharp rise in annual losses.
Beyond the headline numbers, the report highlights a structural change in how crypto thefts are carried out. Over the past three years, personal wallet compromises have become an increasingly important vector for attackers. Their share of total stolen value rose from just 7.3% in 2022 to 44% in 2024. In 2025, personal wallet breaches would have accounted for roughly 37% of losses if not for the outsized impact of the Bybit hack, which skewed overall figures.
The data further show that crypto thefts in 2025 were highly outlier-driven. For the first time on record, the ratio between the largest hack and the median theft exceeded 1,000 times, surpassing even the extremes seen during the 2021 bull market. The top three hacks alone were responsible for 69% of all losses linked to crypto services this year, highlighting how a small number of catastrophic failures can dominate industry-wide outcomes.
North Korea’s growing dominance
One of the most striking findings of the report is the continued dominance of North Korea as a nation-state threat actor in the crypto space. Despite a decline in the number of confirmed attacks attributed to the country, the financial value of its operations rose sharply. Chainalysis estimates that hackers linked to the Democratic People’s Republic of Korea (DPRK) stole at least $2.02 billion in cryptocurrency in 2025, representing a 51% increase from 2024.
These attacks accounted for a record 76% of all service-related compromises during the year. Cumulatively, the lower-bound estimate of crypto assets stolen by DPRK-linked actors has now reached $6.75 billion, reinforcing concerns among regulators and security experts that digital assets remain a critical funding channel for the isolated state.
The report notes that North Korean hackers typically conduct fewer attacks than other criminal groups, but each operation tends to be far more lucrative. Their targets often include major exchanges, custodians, and Web3 firms with deep liquidity and complex operational structures. Chainalysis also highlights the group’s increasing reliance on sophisticated social engineering techniques, such as embedding IT workers within crypto companies or impersonating recruiters, investors, and acquisition partners to gain privileged access.
Once funds are stolen, DPRK-linked actors follow distinctive laundering patterns. Rather than moving assets in large, easily traceable tranches, they typically break transactions into smaller amounts, with more than 60% of transfers falling below $500,000. They also show a strong preference for Chinese-language money laundering networks, cross-chain bridges, and mixing services, while largely avoiding lending protocols, peer-to-peer exchanges, and even some KYC-free platforms commonly used by other cybercriminals.
What you should know
The crypto industry was shaken early in 2025 when Bybit disclosed that it had suffered a “sophisticated attack” resulting in the theft of Ethereum valued at about $1.4 billion from one of its offline wallets. The breach surpassed previous high-profile incidents, including the $624 million Ronin Network hack and the $611 million Poly Network exploit, according to data from Rekt, a platform that tracks Web3 and crypto-related breaches.
Overall, the 2025 figures reinforce a sobering reality: while security practices across the industry have improved in some areas—such as decentralised finance protocols—the stakes of failure are now far higher. As attackers become more selective and better resourced, the crypto sector faces mounting pressure to strengthen governance, internal controls, and cross-border cooperation to prevent a small number of devastating attacks from destabilising the broader market.
Emmanuel Bassey is a Financial Expert that has worked in the Banking and Finance Industry for over 15+ years across different banks in Nigeria
