In the first half of 2025, crypto hacks and exploits resulted in over $2.47 billion in losses, surpassing the entire 2024 total of $2.2 billion, according to CertiK, per. The Bybit exchange suffered the largest breach, losing $1.5 billion in Ethereum tokens on February 21, attributed to North Korean hackers from the Lazarus Group, per. This marks the biggest crypto heist ever, dwarfing the 2022 Ronin attack ($611M), per. CertiK co-founder Ronghui Gu called it an “endless war” against cybercriminals, with phishing and human errors now the primary vectors, per.
The Bybit hack compromised a cold wallet during a routine transfer, with hackers using malware to manipulate the Safe Wallet interface and steal 401,000 ETH, per. Elliptic and Chainalysis traced the funds to North Korea, with $160M laundered in 48 hours via DEXs, cross-chain bridges, and services like eXch, per. Bybit CEO Ben Zhou confirmed the exchange’s solvency, covering losses through loans and reserves, processing 350,000+ withdrawal requests within 72 hours, per. The attack caused ETH to drop 24% and BTC below $90,000, but markets recovered, per.
CertiK reports wallet compromises accounted for $1.7B across 34 incidents, with phishing surging due to deceptive campaigns, per. Ethereum saw 70 incidents, down from 98 in Q1, but DeFi TVL on ETH declined sharply post-breaches, per. Access control flaws like multisig wallet exploits drove $1.63B in Q1 losses, per. TRM Labs attributes 70% of 2025 thefts to North Korea, with $1.6B stolen, funding their missile program, per. Hacken noted $96M from phishing and $300M from rug pulls, per.
The hacks, including Cetus Protocol’s $225M loss on Sui, highlight DeFi risks, with $187M recovered via community efforts, per. CertiK advocates for user education, hardware wallets, and real-time monitoring, per. SEC’s Cyber Unit and Trump administration’s pro-crypto stance may lead to stricter cybersecurity rules, per. BTC ($113,234) and ETH ($4,070) stabilized, but Total Value Locked in DeFi fell, per CoinMarketCap. X posts from @Crypto_Briefing warn of “professionalized scam networks,” per.
Investors should use hardware wallets like Ledger, enable 2FA, and verify links to avoid phishing, per. Monitor hacks via CertiK’s dashboard and diversify into USDC or stablecoins, per. Set stop-losses below BTC’s $112,000 and ETH’s $4,000, per TradingView. Follow @TheBlock__ on X for updates. CertiK predicts $1B+ losses in 2026, but improved security could mitigate risks, per. With institutional adoption rising, proactive defenses are essential, per.
