Record high for 2025: $2.1B in crypto stolen by hackers in six months

Introduction

Cybercriminals have been relentless in 2025, making off with an astonishing $2.1 billion in cryptocurrency in just the first half of the year. This figure represents a record high pace of theft, outstripping the losses seen in previous years over comparable periods. To put it in perspective, approximately $3.8 billion was stolen in all of 2022 (which was then a record annual total), and around $2.3 billion was lost in all of 2024. Now, merely six months into 2025, hackers have already pilfered nearly that 2024 yearly amount. The trend is alarming for investors and platforms alike, as it highlights evolving tactics by malicious actors and the urgent need for stronger security measures across the crypto ecosystem.

A Wave of Crypto Hacks and Exploits

The sheer volume of stolen funds in early 2025 stems from a mix of high-profile breaches and countless smaller attacks. In late February 2025, a single incident shook the industry: a $1.4 billion hack of the Bybit exchange, reportedly orchestrated by the North Korea-linked Lazarus Group. This exploit – believed to be the largest crypto theft ever – alone accounted for roughly two-thirds of all crypto lost in hacks during 2024, illustrating how one major breach can drastically skew the numbers. Exchange hacks like this grab headlines due to the eye-popping sums and often state-sponsored sophistication behind them.

However, not all of the $2.1B has been taken in large heists. There have been dozens of other incidents, ranging from DeFi protocol exploits to cross-chain bridge attacks to phishing scams targeting individual holders. For example, in April 2025, hackers executed a social engineering scheme that drained about $330 million worth of Bitcoin from an elderly investor’s wallet. In that case, criminals didn’t crack any code or break any encryption – they simply tricked the victim into sending funds to a fraudulent address (a tactic known as “address poisoning”). Similarly, numerous decentralized finance platforms have faced sophisticated attacks where criminals find and exploit a bug in a smart contract or manipulate liquidity pools to steal millions in minutes.

All told, crypto crime in 2025 has been both quantitatively and qualitatively intense. Roughly 75 separate major incidents in H1 2025 were documented, averaging over $28 million stolen per incident – but with a huge variance given the outlier of the $1.4B exchange hack. The diversity of targets (from centralized exchanges (CEXs) to DeFi apps to individual wallets) shows that no part of the crypto market has been immune. Attackers go wherever funds are accessible and vulnerabilities exist, whether that’s an unaudited smart contract or an unsuspecting person’s private keys.

From Code Exploits to Social Engineering

One striking trend in 2025 is how hacker tactics have shifted compared to the past. A few years ago, the most notorious crypto heists often involved technical exploits – for instance, finding a bug in a DeFi protocol’s code or compromising a cross-chain bridge’s smart contracts. Those still happen, but cybersecurity experts are observing that hackers are increasingly targeting the human element rather than just the technology. In 2025’s record haul, a significant portion of the theft has come from phishing attacks, wallet compromises, and other forms of social engineering, as opposed to purely exploiting software flaws.

What does this mean in practice? Phishing attacks typically involve tricking users into giving up their private keys or seed phrases – the secret codes that control their crypto wallets. Attackers might send an email or direct message that looks like it’s from a trusted source (e.g., a popular exchange or wallet provider), urging the user to log in to “secure their account” via a provided link. That link is fraudulent and captures the login details or seed phrase, which the hacker then uses to drain the victim’s funds. Another ploy is creating fake websites or token airdrops that entice users to connect their wallets; once the user grants permission, the smart contract can steal their assets.

According to CertiK, a blockchain security firm, phishing scams and similar user-targeted attacks were the single costliest attack vector in 2024, leading to over $1 billion in losses, and that trend has continued into 2025. Hackers are realizing that it’s often easier to con a person than to crack a well-secured piece of code. “Attackers always target the weakest point,” notes Ronghui Gu, the co-founder of CertiK. As crypto platforms have fortified their code and conducted more audits, the weakest link has increasingly become human behavior. A moment of misplaced trust or a lapse in judgment by an individual can open the door for thieves, no advanced hacking skills needed.

This isn’t to say that pure technical exploits are over – far from it. The Bybit exchange hack by Lazarus Group, for instance, presumably involved a high level of technical compromise (whether through insiders, malware, or advanced persistent threats). Likewise, vulnerabilities in smart contracts still accounted for hundreds of millions in stolen value through various DeFi hacks in 2025. But the balance is shifting: more of the stolen sum now comes from breaking into accounts, tricking custodians, or stealing credentials than from breaking cryptographic systems. It’s a reminder that fancy blockchain technology still relies on people at many touchpoints, and those people can be manipulated.

Notable Incidents and Lessons Learned

Beyond the headline numbers, each major hack in 2025 has provided painful lessons for the crypto community. The Bybit incident underscored the risks of centralized exchanges holding huge troves of digital assets in hot wallets. Even with security protocols, a determined state-sponsored group was able to infiltrate and siphon an unprecedented amount. This has reignited discussions about proof-of-reserves, decentralized exchange alternatives, and how to better secure centralized platforms against both cyber attacks and insider threats.

Another lesson comes from the slew of DeFi exploits. For instance, early 2025 saw attacks on several yield farming protocols where attackers used flash loans (instant, uncollateralized loans) to manipulate asset prices and collateral values, profiting as the protocols couldn’t respond fast enough. These incidents teach that DeFi protocols must rigorously test for economic exploits, not just code bugs – adding circuit-breakers or oracles to freeze abnormal activity could help prevent cascades.

However, the most human-centric hacks – like phishing – have perhaps the clearest takeaway: user education and better wallet security are paramount. The fact that an individual investor could lose over $300 million to a social engineering con is startling. Crypto users, especially those holding large sums, are being urged to adopt stronger safeguards: hardware wallets (which keep keys offline), multi-signature setups (requiring multiple approvals before large transfers), and practicing extreme caution with unsolicited messages or links. Projects and exchanges are likewise investing in warning systems – for example, wallet software that can flag known scam addresses or UIs that make it harder to accidentally send tokens to a fresh, possibly malicious address (to counter address poisoning).

Blockchain analytics firms like TRM Labs and Chainalysis are also increasingly helping track stolen funds across the blockchain. In some cases, they’ve assisted in freezing or recovering a portion of hacked funds, especially when thieves try to cash out through regulated exchanges. Nonetheless, prevention is far better than after-the-fact reaction. Once coins have been whisked into obscurity (through tumblers, privacy wallets, etc.), recovery is slim.

Strengthening Security in a Maturing Industry

The first half of 2025 has been a wake-up call for the crypto industry regarding security. The eye-watering $2.1 billion stolen in such a short span highlights that as the stakes get higher in terms of crypto’s total market value, malicious actors are equally raising their game. On a positive note, awareness is leading to action. Crypto companies are increasingly hiring security experts, undergoing audits, and launching bug bounty programs to catch vulnerabilities before hackers do. There is also a push for better regulation and standards for custodians holding users’ assets, similar to banking security requirements.

For individual users, now is the time to double down on security best practices. Educational initiatives are in full swing, emphasizing “Do Your Own Research (DYOR)” and caution when managing funds. That means being skeptical of unsolicited offers, verifying URLs and sources before entering keys or signing transactions, and staying informed about common scams. Ultimately, the goal is to make 2025’s record-breaking thefts an outlier rather than a new normal. If users remain vigilant and industry stakeholders double down on security, the hope is that the next reports will tell a different story – one of foiled hacks and shrinking losses.

Until then, every crypto participant should remember that in the digital asset realm, security is a shared responsibility. Staying informed and adopting best practices is not just prudent; it’s essential for survival in the evolving landscape of crypto threats.