Crypto Hacks Surge to $2.4B in 2025: DeFi and Exchanges Under Fire

First Half of 2025 Sees $2.4B in Crypto Losses, Led by DeFi and Exchange Breaches

Crypto-related hacks and scams cost the blockchain industry more than $2.37 billion in the first half of 2025, according to a mid-year report from blockchain security firm SlowMist. The number marks a 66% jump in financial losses compared to the same period in 2024 — even as the overall number of incidents dropped.

The damage was spread across 121 security events, with centralized exchanges (CEXs) and decentralized finance (DeFi) protocols being the most lucrative targets for attackers.

Centralized Exchanges Hit the Hardest

Surprisingly, while DeFi continued to rack up the most incidents — accounting for 76% of all breaches — centralized exchanges suffered the heaviest monetary losses, with $1.88 billion stolen across just 11 incidents. That’s an average loss of over $171 million per breach, highlighting how high-value and vulnerable these centralized platforms remain, despite tighter security over the years.

DeFi, meanwhile, saw around $470 million in total losses, impacted mainly by smart contract flaws and account compromises.

How the Attacks Are Evolving: AI, Deepfakes, and Phishing

Beyond the raw numbers, the SlowMist report highlights a disturbing trend: scams are becoming more personalized and AI-driven.

🔹 Phishing via EIP-7702 Delegation

Following Ethereum's Pectra upgrade, attackers are abusing EIP-7702 — a new contract delegation feature. In one case, a user lost $146,551 after unknowingly granting token permissions through a fake MetaMask prompt linked to the Inferno Drainer scam group.

🔹 Deepfake Zoom Calls and Trust Scams

In one high-profile attack, scammers used a deepfake Zoom call to impersonate trusted contacts and tricked Hypersphere Ventures partner Mehdi Farooq into downloading malware. Similar AI-generated videos featuring fake endorsements by Elon Musk and Singaporean officials have also made the rounds.

🔹 Telegram ‘Verification’ Scams

Hackers lured users into fake Telegram groups via impersonated crypto influencer accounts on X. Victims were asked to “Tap to verify,” triggering malicious code that handed over full control of their systems — including wallets, private keys, and Telegram accounts.

🔹 Malicious Browser Extensions

A fake Chrome extension called “Osiris”, disguised as a Web3 security tool, pushed malware to 2.6 million users by exploiting a legitimate developer’s hijacked Chrome Web Store credentials.

🔹 LinkedIn Developer Bait

Scammers impersonated blockchain startups on LinkedIn, offering job candidates mock technical assignments embedded with malware. Once opened, these scripts stole credentials, SSH keys, and even macOS Keychain data.

Inside the New Threat Landscape: AI as a Cybercrime Multiplier

The 2025 report also shines a light on how large language models (LLMs) are being misused in increasingly sophisticated ways. Jailbroken AIs like WormGPT, FraudGPT, and DarkBERT are now being used to write phishing emails, create fake crypto projects, and coordinate deepfake-driven scams.

One particularly worrying example is GhostGPT, an AI trained to impersonate exchange executives and deploy trust-based fraud campaigns using hyper-realistic video and audio.

Meanwhile, attackers are using low-cost AI development tools to sneak backdoors into software packages — a method that reportedly compromised over 4,200 developers, mostly on macOS, via poisoned npm packages.