Crypto security came under intense scrutiny in 2025 after a wave of high-profile hacks drained more than $2.38 billion from exchanges and decentralized finance platforms.
The losses recorded throughout 2025 came from a broad range of security failures, including unauthorized wallet access, compromised private keys, smart contract bugs, and abuse of administrative privileges. More worryingly, centralized exchanges, DeFi protocols, payment platforms, and liquidity pools were all affected. Here’s a breakdown of the data compiled by CoinGecko Research on the year’s security incidents.
Bybit’s $1.5B Hack Dominated 2025 Losses
The most consequential incident occurred on February 21, when Bybit suffered a staggering $1.5 billion hack, now regarded as the largest crypto breach to date. Notably, the theft alone accounted for nearly two-thirds of all crypto losses recorded in 2025. The attack was attributed to the Lazarus Group, a North Korean state-linked hacking organization that has been repeatedly connected to major crypto exploits over the years.
Meanwhile, on January 23, Singapore-based exchange Phemex was drained of $85 million after attackers gained unauthorized access to its hot wallets.
Just weeks later, on February 24, Infini, a Hong Kong-based stablecoin neobank, lost $49 million. The attackers exploited admin privileges and drained its smart contracts, highlighting how internal access controls can become critical points of failure.
Smart Contract Exploits Plagued DeFi Platforms
On April 1, payment platform UPCX lost $70 million after unauthorized access to its smart contract led to the theft of 18.4 million UPC tokens. In May, Cetus, a decentralized exchange built on the Sui network, suffered one of the year’s largest DeFi losses when attackers drained its liquidity pools, resulting in $223 million in damages.
Later in the year, on November 3, Balancer experienced a catastrophic exploit tied to a rounding-error bug in its V2 composable stable pools. The flaw led to losses exceeding $128 million and caused a ripple effect across other DeFi protocols that relied on Balancer’s infrastructure.
On December 1, DeFi protocol Yearn Finance reported a $9 million exploit affecting its yETH liquid staking pool token. While modest relative to other losses, the attack showed that even mature, widely audited protocols remain exposed to complex attack vectors.
Other Notable Hacks
Not all exploits targeted traditional DeFi platforms. On April 20, crypto exchange Bitget suffered $100 million in losses due to a trading exploit involving the gaming token VOXEL.
Similarly, perpetual DEX GMX was hit on July 9, when attackers drained $42 million from its legacy v1 vaults. The hacker later returned the funds after negotiating a $5 million bounty.
Several regionally significant exchanges also fell victim to major hacks. Iranian exchange Nobitex lost $90 million on June 18, with responsibility claimed by Predatory Sparrow, a hacking group reportedly linked to Israel.
On August 14, Turkish exchange BtcTurk suffered $48 million in losses after attackers gained access to the platform’s private keys. Later in the year, on November 27, South Korea’s Upbit lost $36 million, a breach that was again allegedly linked to the Lazarus Group.
It is worth noting that the incidents mentioned above reflect only the major hacks of 2025. The industry also recorded several smaller breaches, including an attack on the Shibarium Bridge, which resulted in losses exceeding $3 million.
What 2025’s Hacks Reveal About Crypto Security
The pattern of attacks in 2025 reveals systemic issues rather than isolated failures. Many of the year’s largest losses stemmed from admin key compromises, flawed smart contract logic, and insufficient segregation of funds. The recurrence of state-linked hacking groups further illustrates how crypto platforms are increasingly targeted by highly resourced adversaries.
Perhaps most concerning is that size and reputation offered little protection. Both leading global exchanges and niche DeFi protocols suffered devastating breaches, a stark reminder that security remains crypto’s most persistent challenge.
As regulators, developers, and users push for stronger protections, the lessons of 2025 may prove pivotal. Without significant improvements in smart contract auditing, key management, and operational security, crypto’s next growth phase risks being overshadowed by yet another record-breaking year of losses.
The CoinRemark Team
Evans Kelvin
