Cryptocurrency-related theft climbed to new highs in 2025, with hackers stealing more than $3.4 billion worth of digital assets so far this year, according to new data from blockchain intelligence firm Chainalysis. The total, recorded from January through early December, slightly surpasses last year’s $3.38 billion and underscores how cybercrime continues to evolve alongside the crypto industry.
While the headline number is striking, the story behind it reveals a changing threat landscape. Fewer but far larger attacks drove much of the damage, even as hackers increasingly turned their attention to individual users rather than platforms alone.
A year shaped by mega-hacks
One incident dominated the numbers: a $1.5 billion breach of the Bybit exchange, which accounted for roughly 44% of all stolen funds in 2025. In fact, the three largest attacks together made up 69% of losses tied to crypto services, highlighting how a small number of high-impact events can skew annual totals.
Despite increasingly sophisticated security teams and infrastructure, centralized exchanges and services remain vulnerable, particularly when private keys are compromised. Chainalysis found that such breaches were responsible for 88% of stolen funds in the first quarter of 2025 alone.
Individual wallets face rising pressure
Beyond headline-grabbing exchange hacks, Chainalysis pointed to a sharp rise in attacks on personal wallets and private keys. These compromises now account for a much larger share of overall theft than in previous years.
Personal wallet attacks represented 44% of total stolen value in 2024, up from just 7.3% in 2022. In 2025, more than 158,000 such incidents were recorded, affecting at least 80,000 unique victims.
Interestingly, while the number of victims increased, the total value stolen from individuals fell to $713 million, down from $1.5 billion the year before. This suggests attackers are increasingly targeting smaller balances across a wider pool of users, rather than focusing on fewer, high-value accounts.
Chainalysis also noted differences across blockchain networks. Ethereum and Tron showed higher victim rates per 100,000 wallets compared with networks such as Solana and Base.
Signs of progress in DeFi security
Not all trends were negative. Losses from decentralized finance (DeFi) hacks remained relatively low in 2025, even as total value locked in DeFi protocols rebounded. In past market cycles, rising activity often led to more successful attacks, making this divergence notable.
Chainalysis attributed part of this improvement to stronger monitoring tools and faster response mechanisms. One example cited was the September 2025 incident involving Venus Protocol. With the help of security platform Hexagate, Venus detected suspicious activity 18 hours before an attack fully unfolded. The protocol paused operations, recovered funds within hours, and later froze $3 million still under the attacker’s control.
As a result, the perpetrator ultimately lost money. According to Chainalysis, this combination of real-time monitoring, rapid intervention, and governance-based countermeasures reflects a more mature and resilient DeFi ecosystem than in its early years.
North Korea’s growing role in crypto theft
Chainalysis identified the Democratic People’s Republic of Korea (DPRK) as the single largest threat actor in crypto-related crime. In 2025, North Korea-linked groups stole at least $2.02 billion in digital assets, a record figure and roughly $681 million more than in 2024.
That brings the cumulative total attributed to DPRK cyber operations to approximately $6.75 billion. A significant portion of these funds is believed to support the regime’s nuclear weapons program.
According to the report, North Korean hackers rely heavily on infiltrating crypto companies by placing fraudulent IT workers inside firms to gain privileged access. Their laundering methods also differ from those of typical cybercriminals, often involving Chinese-language platforms, cross-chain bridges, mixers, and specialized services such as Huione.
Their operations tend to follow a structured timeline, starting with rapid obfuscation through DeFi protocols, followed by gradual integration into no-KYC exchanges and bridges, and eventually converting funds through less-regulated platforms over a 45-day period.
Looking ahead
The data paints a complex picture of crypto security in 2025. While large-scale hacks and state-backed cybercrime remain serious risks, improvements in DeFi defenses and faster response capabilities show that progress is possible.
As Chainalysis cautions, the challenge heading into 2026 will be detecting and disrupting high-impact operations early, especially those linked to state actors. For users, platforms, and regulators alike, the year’s findings serve as a reminder that security practices must continue to evolve just as quickly as the technology itself.
