Crypto hacks surged to a record $2.7 billion in 2025, driven largely by state-linked North Korean hacking groups, according to data from blockchain monitoring firms Chainalysis, TRM Labs, and exploit tracker De.Fi.
The figure marks the third consecutive record year for cryptocurrency theft, underscoring persistent security gaps across centralized exchanges, Web3 projects and decentralized finance (DeFi) protocols, even as the industry claims improved defenses.
At the centre of the 2025 spike was a historic breach of Dubai-based cryptocurrency exchange Bybit in February, in which hackers stole about $1.4 billion to $1.5 billion worth of digital assets, primarily Ethereum.
Read also: Crypto liquidation hits $583m as Bitcoin slides to $86,000
The US Federal Bureau of Investigation (FBI) later attributed the attack to North Korea, describing it as the largest single cryptocurrency theft on record.
“The Federal Bureau of Investigation is releasing this PSA to advise the Democratic People’s Republic of Korea was responsible for the theft of approximately $1.5 billion USD in virtual assets from cryptocurrency exchange Bybit,” the agency said in a public service announcement issued on February 26, 2025.
The Bybit hack alone eclipsed previous landmark breaches, including the $624 million Ronin Network attack and the $611 million Poly Network exploit, both recorded in 2022.
Its scale also reflected a broader shift in tactics, with attackers increasingly favouring fewer but far larger operations.
North Korea’s expanding crypto haul
Chainalysis estimates that North Korean-linked actors stole at least $2.02 billion in cryptocurrency in 2025, representing a 51 percent increase from 2024.
Since 2017, the regime’s cumulative crypto haul is now estimated at between $6 billion and $6.75 billion, funds Western governments say help support Pyongyang’s sanctioned nuclear and ballistic missile programmes.
“The reality is that cryptocurrency, because of its global 24/7 access, creates a unique value proposition for the regime to target,” said Andrew Fierman, head of national security intelligence at Chainalysis.
Beyond Bybit, other major breaches in 2025 included $223 million stolen from Cetus, a decentralized exchange; $128 million from Ethereum-based protocol Balancer; and more than $73 million from crypto exchange Phemex, according to compiled industry data.
The trend builds on previous years showed that roughly $2 billion was stolen in 2023, rising to about $2.2 billion in 2024, before jumping again in 2025 to a new high.
DeFi resilience, centralized risks
Despite the grim headline figures, analysts say the data shows diverging risk profiles across the crypto ecosystem. While centralized platforms and private key management systems remain prime targets for sophisticated, state-backed attackers, DeFi protocols have shown signs of improved resilience.
“Despite increased total value locked in DeFi, hack losses remained suppressed in 2024–2025, suggesting improved security practices are making a meaningful difference,” Chainalysis said in its 2025 crypto crime report.
The firm added that faster detection, response and even partial recovery of stolen funds marked a fundamental shift from the early days of decentralized finance, when hacks often resulted in permanent losses.
Read also: Why crypto Is sliding as bitcoin struggles to hold $90,000
Calls for stronger safeguards
As North Korean hacking operations evolve, often relying on social engineering, executive impersonation and embedded IT workers, analysts warn that closer collaboration between exchanges, regulators and blockchain analytics firms will be critical to slowing the pace of large-scale crypto thefts and preventing another record-breaking year.
Security experts and blockchain analysts are urging exchanges and custodians to accelerate adoption of multi-party computation (MPC) wallets, hardware security modules (HSMs), stricter signer approval processes, and continuous code audits and insider-threat monitoring. They also advocate broader industry-wide data sharing and real-time monitoring tools to help disrupt laundering networks linked to state-sponsored groups.
“Data-sharing initiatives, real-time security solutions, advanced tracing tools, and targeted training can empower stakeholders to quickly identify and neutralize malicious actors,” Chainalysis said.
