Cybercriminals have treated 2025 as a target-rich environment, draining digital wallets, exchanges, and DeFi protocols at a pace that rivals the frothiest bull markets. New datasets show that hackers made off with more than $2.7 billion in cryptocurrency this year, even as some security metrics improved and incident counts fell. I see a maturing ecosystem that is still bleeding value at industrial scale, with a handful of sophisticated actors driving a disproportionate share of the losses.
The headline number masks a more complex reality: total theft estimates cluster between roughly $2.7 billion and $3.4 billion, depending on what is counted and how. Some tallies focus on on-chain exploits and protocol hacks, while others fold in scams, service-provider failures, and thefts linked to state-backed groups. What is clear across the data is that 2025 cemented crypto crime as a structural risk rather than a cyclical anomaly.
The big picture: billions gone, fewer incidents
At the macro level, I see two trends moving in opposite directions. On one side, the dollar value of stolen crypto remains enormous, with one major dataset pegging losses at more than $2.7 billion in 2025, and other analyses placing the figure closer to $3.3 billion or even over $3.4 billion when broader categories of theft are included. On the other side, the number of discrete hacks and security incidents has actually fallen, suggesting that while the industry is getting better at closing off low-level vulnerabilities, the attacks that do succeed are larger, more targeted, and more professional.
Blockchain security specialists have highlighted that hackers collectively siphoned off about $3.3 billion in cryptocurrency this year, even as they recorded 162 fewer incidents than in the prior period. Other forensic teams, looking at a wider universe of thefts and service-related losses, have put the global total at over $3.4 billion, underscoring how much value is still at risk whenever assets are held in hot wallets, cross-chain bridges, or loosely governed protocols. The spread between these figures reflects different methodologies, but the direction of travel is unmistakable: fewer, bigger heists are defining the threat landscape.
North Korean hackers dominate the 2025 haul
Behind the aggregate numbers sits one outsized actor. I see North Korean hacking units emerging as the single most consequential force in crypto theft this year, both in absolute terms and as a share of global losses. Their operations have evolved from opportunistic raids on poorly secured exchanges into disciplined campaigns that target cross-chain infrastructure, DeFi protocols, and service providers that sit at the junction of multiple asset flows.
Fresh analysis shows that North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a record-breaking haul that represents a 51% year-over-year increase and roughly North Korea-linked thefts totaling around US$2 billion. That $2.02 billion figure is $681 million higher than in 2024, with some reports describing it as a jump of both $681 m and $681 million, depending on the notation. In other words, a single state-linked ecosystem is responsible for well over half of all stolen crypto value this year, turning digital assets into a core funding channel for a heavily sanctioned regime.
How researchers arrive at $2.7B, $3.3B, and $3.4B
The fact that different teams land on $2.7 billion, $3.3 billion, or more than $3.4 billion for 2025 losses is not a sign that the data is unreliable, in my view, but rather that they are measuring slightly different things. Some datasets focus narrowly on on-chain exploits, protocol hacks, and direct thefts from exchanges and custodians. Others fold in rug pulls, exit scams, and service-related failures that may not look like classic hacks but still result in irreversible loss of customer funds.
One widely cited forensic report describes a global cryptocurrency industry hit by US$3.4 billion in 2025 theft incidents, with Share data indicating that 47 percent of all service-related losses were concentrated in a handful of high-profile events. Another dataset, focused more tightly on protocol and platform hacks, arrives at the Crypto Hack News estimate of $3.3 billion. The lower bound, just over $2.7 billion, typically excludes some of the more ambiguous failures and off-chain frauds, which is why I treat it as a conservative floor rather than a comprehensive ceiling.
Inside The Bybit Hack of 2025
Among the individual incidents that shaped sentiment this year, I see The Bybit Hack of 2025 as a turning point for centralized exchanges and their infrastructure partners. The case illustrates how even large, well-capitalized platforms can be undermined when they rely on third-party services for critical functions like transaction routing, key management, or cross-chain transfers. It also shows how a single integration point can become a systemic weakness if attackers find a way to pivot through it.
According to a detailed legal and policy analysis titled The Bybit Hack of 2025, the incident began when Bybit, which had used a third-party service as a solution for moving assets, saw that integration exploited in a way that compromised user funds and platform liquidity. The Background section of that analysis notes that Bybit’s reliance on external infrastructure created a chain of dependencies that attackers were able to abuse, raising hard questions about vendor risk management, due diligence, and the legal responsibilities of exchanges that outsource key parts of their stack.
What the TechCrunch $2.7B figure actually covers
The $2.7 billion figure that has circulated widely this month comes from a synthesis of blockchain analytics and security firm data, and I read it as a snapshot of confirmed hacks and exploits rather than a full accounting of every crypto-related loss. The analysis, attributed to reporter Lorenzo Franceschi Bicchierai, focuses on cybercriminals who directly stole funds from exchanges, DeFi protocols, and other on-chain targets, based on data shared by specialized tracking firms. It does not attempt to quantify every scam, rug pull, or off-chain fraud, which is one reason it sits below the $3.3 billion and $3.4 billion estimates.
In that reporting, the $2.7 billion total is framed as “over $2.7 billion” in stolen crypto, which aligns with the idea that it is a lower bound rather than a precise cap on losses. The piece notes that cybercriminals siphoned off this amount across a mix of large, headline-grabbing exploits and a long tail of smaller attacks, with some of the biggest single hits involving cross-chain bridges and DeFi protocols that had not fully hardened their smart contracts. By anchoring the figure to verifiable on-chain thefts, the analysis offers a conservative but concrete view of the damage, even as broader industry studies argue that the true cost of 2025’s crypto crime spree is higher.
Chainalysis data and the hidden long tail
When I look at the forensic work from blockchain analytics firms, I see a consistent pattern: a few giant hacks dominate the charts, but a long tail of smaller thefts quietly erodes user trust and platform resilience. One major analytics provider has emphasized that, beyond the headline-grabbing exploits, there are hundreds of smaller incidents that rarely make the news but still add up to substantial losses for retail users and smaller projects. These include compromised wallets, phishing-driven drainers, and targeted attacks on individual high-net-worth holders.
In one example, Chainalysis tracked another $700,000 stolen from individual crypto wallets, a figure that might look small next to billion-dollar totals but is significant when viewed as part of a broader pattern of targeted retail theft. The same firm has also highlighted that, when you aggregate these smaller incidents with larger protocol hacks, the total value of stolen crypto in 2025 climbs toward $2 billion in some datasets and over $3.4 billion in others, depending on what is included. I read this as a reminder that the industry’s security problem is not just about spectacular failures, but also about the everyday vulnerabilities that drain value from ordinary users.
Why fewer hacks are causing more damage
The paradox of 2025 is that there were fewer recorded hacks, yet the financial damage remained extreme. I interpret this as evidence that attackers are moving up the value chain, focusing on infrastructure that aggregates liquidity and on protocols that sit at the center of complex DeFi ecosystems. Instead of spraying exploits across dozens of small targets, sophisticated groups are investing time in reconnaissance, social engineering, and zero-day research to compromise a handful of high-value platforms.
Security researchers have pointed out that, even with 162 fewer incidents than the previous year, the total value stolen still reached about $3.3 billion in the Blockchain security firm’s tally. Combined with the more than $3.4 billion in theft incidents identified in other analyses, this suggests that each successful hack is, on average, larger and more damaging than in prior years. The concentration of risk in cross-chain bridges, liquidity pools, and centralized service providers means that a single compromised private key or misconfigured smart contract can unlock hundreds of millions of dollars in value for attackers.
Regulators, insurers, and the shifting risk calculus
As the numbers climb, I see regulators, insurers, and institutional investors recalibrating how they think about crypto risk. Supervisory agencies are increasingly treating large exchanges, custodians, and stablecoin issuers as critical financial infrastructure, which means they are expected to meet higher standards for cybersecurity, operational resilience, and incident disclosure. At the same time, traditional insurers are experimenting with coverage for digital assets, but they are pricing policies to reflect the reality that a single breach can trigger catastrophic losses.
One recent case that illustrates this convergence involves a major U.S. insurer, where a cyber incident exposed personal and health data for tens of millions of people and prompted closer scrutiny of how sensitive information and digital assets are protected. In the context of crypto, the same reporting noted that $700,000 in additional wallet thefts had been identified by forensic analysts, underscoring how cyber risk now spans both traditional and digital finance. As regulators digest figures like $2.02 billion stolen by North Korean hackers and more than $3.4 billion in total crypto theft incidents, I expect to see tougher requirements around custody, key management, and incident reporting for any firm that wants to handle customer assets at scale.
What 2025’s theft wave means for everyday users
For individual investors and everyday users, the 2025 theft wave is a blunt reminder that crypto’s self-custody ethos comes with real operational risk. I see a growing gap between users who treat security as a core part of their financial life and those who still rely on default settings, weak passwords, and unvetted platforms. The former group is increasingly turning to hardware wallets, multi-factor authentication, and reputable custodians, while the latter remains vulnerable to phishing links, fake apps, and malicious browser extensions that can drain wallets in seconds.
The data on smaller thefts, such as the PST-timeframe wallet compromises and the $700,000 in individual losses tracked by forensic firms, shows that retail users are still a soft target. At the same time, the concentration of multi-hundred-million-dollar hacks in a small number of protocols and service providers means that even users who think they are playing it safe by sticking to large platforms can be caught in the blast radius of a single exploit. In a year when hackers stole more than $2.7 billion in crypto and total theft incidents topped $3.3 billion or even $3.4 billion depending on the methodology, the message for users is stark: security is no longer optional, it is the price of admission to the digital asset economy.
More from MorningOverview