$3.4 Billion Stolen: Crypto Hacks in 2025
The year of the mega hack. Bybit's $1.4B breach, North Korea's $2B heist, and browser extensions draining wallets. A complete breakdown of what went wrong.
Dive Deeper with AI
Click → prompt copied → paste in AI chat
2025 will be remembered as the year crypto security failed at scale.
$3.4 billion stolen. One exchange lost $1.4 billion in a single attack. North Korean hackers broke their own record. And your browser extensions became weapons.
Here's everything that went wrong.
The numbers
Let's start with the damage:
- $3.4 billion total stolen in 2025
- $1.4 billion from Bybit alone (largest crypto hack ever)
- $2.02 billion stolen by North Korea (new record)
- $713 million drained through browser extensions
- 196 incidents tracked by security firms
For context: 2024's total was around $1.7 billion. We doubled it.
The Bybit hack: $1.4 billion
February 2025. Dubai-based exchange Bybit gets breached.
Hackers drain $1.4 billion in ETH. In one attack.
This wasn't some smart contract exploit. This was an operational security failure at a centralized exchange. The FBI attributed it to North Korean state hackers.
$1.4 billion. Largest known crypto theft ever. One of the largest financial heists in human history.
And it happened to a major exchange in 2025. Not 2014. Not a small DeFi protocol. A top-tier CEX.
North Korea: The $2 billion shadow
The Democratic People's Republic of Korea continues to be crypto's biggest threat.
2025 stats:
- $2.02 billion stolen
- $681 million more than 2024
- Multiple exchange breaches
- Sophisticated social engineering
Their tactics evolved:
Fake IT workers. North Korean operatives embed themselves in crypto companies as remote developers. They gain privileged access. Then they wait.
Supply chain attacks. Compromise development tools, inject malicious code upstream.
Social engineering at scale. Not just phishing emails. Full relationship building with targets over months.
This is nation-state hacking with unlimited patience and zero legal consequences.
Browser extensions: The $713 million blindspot
Here's a stat that should terrify you:
$713 million stolen through browser extension vulnerabilities in 2025.
That's 20% of all crypto theft. From extensions.
The attack vector:
- Malicious extension gets approved (or legitimate one compromised)
- Extension has permission to read/modify web pages
- You visit your wallet interface
- Extension intercepts transactions, swaps addresses, or exfiltrates keys
- You sign what looks normal. Funds gone.
December 2025: Trust Wallet's Chrome extension shipped a malicious update. Drained roughly $7 million from hundreds of accounts before the fix.
This wasn't some no-name extension. Trust Wallet. One of the most popular wallets in crypto.
Other major hacks
Cetus DEX: $223 million Decentralized exchange on Sui network. Price oracle manipulation led to massive losses.
Balancer: $128 million Vulnerability in Balancer's rate provider system exploited across multiple chains.
Phemex: $73 million Hot wallet compromise at Singapore-based exchange.
Flow blockchain: $3.9 million December breach affecting multiple projects on Flow.
DeBot: $255,000 AI-based DeFi trading tool hacked through exploited server.
What actually improved
Not everything got worse.
DeFi security is maturing. Despite rising TVL, DeFi hack losses didn't scale proportionally. Protocols are learning.
Better monitoring. Venus Protocol detected suspicious activity 18 hours before an attack hit. They paused operations, recovered funds, and the attacker actually lost money.
Faster response. When Wormhole got exploited, recovery took weeks. Now protocols can respond in hours.
December was calm. "Only" $76 million stolen across 26 incidents. Still bad. But compared to earlier months, a relative success.
The attack vector breakdown
Where did the money go?
Centralized exchanges: 45% Bybit alone skews this massively. But CEX security remains a critical weak point.
Personal wallets: 20% Browser extensions, phishing, compromised devices. Individual operational security.
Smart contract exploits: 25% The traditional DeFi hack. Still happening, but security is improving.
Other (bridges, oracles, etc.): 10% Mixed bag of attack vectors.
Common vulnerabilities
What actually causes these hacks?
Input validation failures: 34.6% Contracts that don't properly check what they're receiving. The most common direct exploit cause.
Access control issues: 22% Functions that should be restricted but aren't. Admin keys that shouldn't exist.
Oracle manipulation: 18% Price feeds that can be manipulated within a single transaction.
Off-chain vulnerabilities: Growing The trend is moving away from pure smart contract bugs. Now it's operational security, key management, and supply chain attacks.
What this means for you
Use a hardware wallet. Not optional. Browser extensions can be compromised. Hot wallets get drained. Hardware wallets require physical confirmation.
Minimize browser extensions. Every extension is an attack surface. Remove what you don't need. Be paranoid about permissions.
Verify transactions. Don't trust what your screen shows. Verify on the hardware wallet. Check addresses character by character.
Diversify custody. Don't keep everything in one place. Multiple wallets. Multiple chains. Multiple approaches.
Assume exchanges can fail. Not your keys, not your coins. Even "safe" exchanges get hacked.
Looking at 2026
What to expect:
More sophisticated attacks. Nation-state hackers aren't going away. AI tools are making attacks easier to execute.
Browser security will be a focus. After $713 million in losses, expect new security models for wallet interfaces.
Regulation will tighten. $3.4 billion in theft gets attention. Compliance requirements will increase.
Security audits aren't enough. Multiple 2025 hacks hit audited protocols. Operational security matters more.
The uncomfortable truth
$3.4 billion stolen in one year.
Most of it wasn't sophisticated cryptographic attacks. It was operational failures. Social engineering. Supply chain compromises. Browser extensions.
The code is getting better. Human systems aren't.
The biggest threat to your crypto isn't a smart contract bug. It's everything around the smart contract.
Act accordingly.
Sources: