Over $2 billion was lost to cryptocurrency hacks in the first quarter of 2025.
According to a report shared with Cointelegraph by crypto cybersecurity firm Hacken, in Q1 2025, nearly $1.63 billion was lost just to access control exploits. Anmol Jain, vice president of investigations at crypto forensics firm AMLBot, told Cointelegraph that the exceptionally high figure is mainly attributable to the recent hack of the crypto exchange Bybit.
The data is similar to that recently shared by crypto cybersecurity firm PeckShield. The competing firm’s report — which excludes scams — suggested that crypto hacks total at $1.6 billion in Q1 2025.
Total 2025 Q1 crypto hack losses by category. Source: Hacken
Late February reports indicate that the North Korean hackers behind the $1.4 billion Bybit hack control over 11,000 cryptocurrency wallets used to launder stolen funds. The increasing participation of North Korean state actors highlights increasing sophistication and scale.
This hack had a significant impact on this quarter’s figures. This is particularly clear when one considers that the entirety of 2024 saw a total loss of $2.25 billion. Hacken shared a key lesson on the subject:
“Securing digital assets requires more than just secure on-chain code — the entire infrastructure, from front-end interfaces to internal processes, must be equally hardened, as all it takes is a single weak spot to wreck the entire system.”
No one is safe
Hacken’s report highlighted that the past few months saw “even the biggest centralized and decentralized players falling victim to operational failures, access control weaknesses, and in a few cases, social engineering.” The quarter did not see any notable new exploits, “but rather the continued effectiveness of existing attack vectors.”
The report further highlights that, while smart contract vulnerabilities remain an issue, “most damage is now caused by failures in people, processes, or permission systems.” This is also reportedly the third quarter in a row that has seen the top exploit be a multisignature wallet-related hack.
The ByBit hackers compromised the Safe{Wallet} front end. Previous hacks involving multisignature wallet implementations or management include the Radiant Capital hack in Q4 2024 and the WazirX hack in Q3 2024.
The crypto scam industry
Scams also resulted in large-scale damage, with Hacken data attributing $96.37 million of losses to phishing scams and $300 million to rug pulls. Jain also highlighted a troubling trend in crypto scams becoming an industry:
“The most worrying trend is the professionalization of scam networks, where criminals operate with startup-like efficiency, including ‘training programs’ for scammers, internal quotas, and multi-stage laundering schemes using platforms like Huione Pay.”
The statement follows mid-January reports that Huione, often described as “the largest online illicit marketplace to have ever operated,” highlighted that the service has seen its monthly inflows increase by 51% in just half a year. This growth followed the platform’s deployment of its USD-pegged stablecoin and financial services dedicated to illegal activities.
Anmol highlighted that “most pig butchering scams originate from Southeast Asian cybercrime compounds,” with many being located in Cambodia, Myanmar, and Laos, with some presence in Thailand. The operators also often “employ” human trafficked young people from India, Nepal, Vietnam, and the Philippines.