Chainalysis recorded $3.4 billion in cryptocurrency theft from January through early December 2025, with the Bybit exchange hack alone accounting for $1.5 billion of that annual total. Four major publishers tracked crypto hack losses with different methodologies: CertiK recorded $3.35 billion, PeckShield $4.04 billion, and SlowMist $2.935 billion for the same period. North Korean state-aligned hackers stole $2.02 billion in 2025, a 51% increase year over year, pushing their all-time cumulative total to $6.75 billion according to Chainalysis data. The top three hacks in 2025 drove 69% of all service losses, and the ratio between the largest hack and the median incident crossed the 1,000x threshold for the first time. These figures reflect different measurement frames applied to the same underlying activity, with each publisher defining scope, incident categories, and recovery calculations differently.
Each tracking firm defines its scope differently, which explains the variation. Chainalysis captures stolen from cryptocurrency services plus a sampled expansion to personal wallet compromises attributable through on-chain telemetry. CertiK's Hack3d report tallies blockchain security incidents broadly, recording an average loss per incident of $5.32 million in 2025, up 66.6% year over year. PeckShield includes scams alongside hacks, pushing its total to $4.04 billion. SlowMist works from its SlowMist Hacked archive, combined with anti-money-laundering data, according to the Stingrai 2026 reference compilation.
The methodological differences matter for anyone citing these figures. Chainalysis excludes scams from its hack total. PeckShield includes them. CertiK counts blockchain security incidents that may include rug pulls and access control failures. SlowMist tracks confirmed incidents from its own monitoring network. A single incident can appear in all four databases with slightly different loss figures depending on how partial recoveries, bridge exploits, and flash loan attacks are categorized.
The Bybit exchange hack on February 21, 2025, resulted in approximately $1.5 billion stolen, making it the largest single digital-asset heist ever attributed. The FBI's IC3 public service announcement confirmed the attack as the work of North Korea's TraderTraitor cluster within the Lazarus Group. The hack involved approximately 401,000 ETH drained from Bybit's signing infrastructure, as reported by The Block.
Andrew Fierman, head of national security intelligence at Chainalysis, told Cointelegraph: "It's difficult to predict if it will get worse in 2026, as hacks are very outlier-driven. One or two big hacks can set records for a given year. But what I can say is that this trend of big game hunting seems to be continuing, and there's no reason to believe hacks will decline next year."
The concentration is extreme. The top three hacks accounted for 69% of all 2025 service losses. The ratio between the largest hack and the median incident crossed the 1,000x threshold for the first time.
The threat surface migrated from smart contracts to operators in 2025. Halborn, Trail of Bits, and TRM Labs all converged on the same conclusion: top-tier adversaries now compromise signing infrastructure, key custody, and exchange operator workflows rather than hunting for novel logic errors in DeFi protocols. The Bybit Safe Wallet UI exploit and the Phemex hot-wallet private-key theft are both infrastructure attacks, not smart contract exploits.
DeFi hack losses remained suppressed even as total value locked rebounded to $119 billion, per DefiLlama. Chainalysis noted this represents a clear divergence from historical trends. The Venus Protocol incident of September 2025 demonstrated improved security practices: the protocol detected suspicious activity 18 hours before the attack and recovered funds within hours, according to Chainalysis.
North Korean state-aligned hackers stole at least $2.02 billion in 2025, a 51% year-over-year increase that pushed their cumulative total to $6.75 billion. DPRK accounted for 76% of all service compromises. Their primary tactic is embedding IT workers inside crypto services to gain privileged access. Recovery rates collapsed: Immunefi recorded only 0.4% of Q1 2025 stolen funds recovered, compared with 21.2% in Q1 2024.
The FBI logged 181,565 cryptocurrency-related fraud complaints in 2025, totaling $11.366 billion in losses, a 22% year-over-year increase, per the FBI IC3 2025 Internet Crime Report. The Chainalysis 2026 Crypto Crime Report found $154 billion in total illicit crypto received in 2025, of which 84% rode stablecoins. The GENIUS Act now requires payment stablecoin issuers to demonstrate seize-freeze-burn capabilities for law enforcement compliance.
Q1 2026 recorded $168.6 million in hack losses across 34 confirmed incidents, an 88% year-over-year decline largely driven by the absence of a Bybit-scale outlier. However, April 2026 set a record as the single worst month in crypto history, with $629.69 million drained across the industry.
How much crypto was stolen by hackers in 2025?
Chainalysis recorded $3.4 billion stolen from January through early December 2025; CertiK tallied $3.35 billion, PeckShield $4.04 billion, and SlowMist $2.935 billion using different scopes.
What was the largest crypto hack in history?
The Bybit exchange hack on February 21, 2025, resulted in approximately $1.5 billion stolen, attributed by the FBI to North Korea's TraderTraitor cluster within the Lazarus Group.
How much did North Korean hackers steal in 2025?
North Korean state-aligned hackers stole at least $2.02 billion in 2025, a 51% year-over-year increase, pushing their all-time cumulative total to $6.75 billion per Chainalysis.
Related News