Simply put
- Total losses from cryptocurrency hacks in 2025 are expected to hit $2.72 billion, surpassing last year’s record, even in the midst of a sluggish market.
- The largest breach occurred in February at Bybit, where North Korean hackers are believed to have stolen up to $1.5 billion.
- Major exchanges and DeFi platforms, such as Coinbase, Cetus Protocol, Nobitex, UPCX, BtcTurk, and Upbit, reported significant breaches throughout the year.
Over $2.72 billion has been stolen this year, setting a new record for hacks in the cryptocurrency sector, as reported by TRM Labs.
Indeed, 2025 has been a rough year for security breaches, even after 2024 saw low crypto prices affecting investors.
The year started off poorly with a North Korean hacker attack resulting in a staggering $1.5 billion loss, marking the most significant exploit by the centralized exchange Bybit.
This incident seemed to kick off a trend of “more organized and specialized” cybercrime, according to the TRM Institute.
Ari Redboard, TRM’s head of global policy, mentioned that attacks have become swifter, more coordinated, and easier to scale compared to previous years. Moreover, North Korea has been refining its IT worker network, leading to increased efficiency in various operations.
Now, let’s take a look at the year’s major breaches.
Bybit: $1.5 billion
The beginning of the year was especially disappointing due to these hacker assaults. Bybit, an exchange often linked to North Korean sources, suffered a theft of around $1.4 billion to $1.5 billion, which included Ethereum and related tokens.
The scale of the incident shocked many; notably, the funds were kept in cold, multi-signature wallets, which are supposed to be the safest method for storing digital assets.
Multi-signature wallet provider Safe determined that the breach was enabled when a developer’s laptop was compromised. An investigation revealed that a high-level developer had been tricked by a malicious app on February 4.
Coinbase: up to $400 million
In May, Coinbase, the largest cryptocurrency exchange in the U.S. and a familiar name in the industry, made headlines with a major data breach.
The attackers demanded a ransom of $20 million in Bitcoin for stolen customer data. In a bid to catch the culprits, Coinbase’s co-founder and CEO Brian Armstrong offered the same sum as a reward.
The exchange reassured its users that no funds, passwords, or private keys were compromised. However, due to intimidation, some overseas subcontractors handed over sensitive information, potentially costing Coinbase as much as $400 million.
Cetus Protocol: $223 million
Despite a shift to targeting centralized protocols this year, decentralized financial platforms still attract hackers. Cetus Protocol, the flagship decentralized exchange of Sui, faced a significant breach.
In May, attackers exploited vulnerabilities in the protocol’s smart contracts, using counterfeit tokens to manipulate price metrics and drain the liquidity pool.
In a somewhat unusual twist for the DeFi space, Cetus was able to recover around $162 million from the attack and resumed operations just 17 days later.
Nobitex: $90 million
In June, the pro-Israel hacker group Gonjeszke Dalande targeted Iran’s largest exchange, Nobitex, resulting in a leak of $90 million in cryptocurrencies.
The group claimed that Nobitex had connections to the Islamic Revolutionary Guard Corps.
However, the attack drew criticism, as many innocent investors seemed to be affected based on insights from compliance firm Crystal Intelligence.
UPCX: $70 million
Another DeFi platform faced cyber setbacks when UPCX lost $70 million in April due to hackers who exploited compromised private keys.
This incident didn’t receive much media coverage, even though significant sums were involved.
The protocol’s native tokens saw a steep decline in value, dropping from $4 in April to just over $1.20 by December 5, according to CoinGecko.
BtcTurk: $50 million
In August, Turkish exchange BtcTurk reported a loss of $48 million. This followed a theft of $54 million the previous year.
The exchange had previously alerted users about suspicious transactions, particularly in Ethereum, leading to a temporary halt of withdrawals.
After two major incidents in such quick succession, it’s hard to see how confidence among retail investors could be restored.
Upbit: $36 million
By November, North Korean hackers were identified as prime suspects again after South Korean exchange Upbit announced it had lost around $36 million from its Solana hot wallet.
The stolen assets also included meme coins. Upbit quickly reassured its users that they had moved funds to cold wallets shortly after the exploit. The rapidity of the attack led authorities to attribute it to state-backed hacking groups such as Lazarus.
