In 2025, the cryptocurrency sector faced unprecedented challenges, with total hack losses soaring to $2.72 billion, surpassing the previous year’s figures despite a sluggish market environment. The most significant breach occurred in February, involving the Bybit exchange, where it is believed that North Korean cybercriminals pilfered an estimated $1.5 billion. Prominent exchanges and decentralized finance (DeFi) platforms, such as Coinbase, Cetus Protocol, Nobitex, UPCX, BtcTurk, and Upbit, experienced major security violations throughout the year. According to TRM Labs, the total stolen this year marked a new high for hacks within the cryptocurrency industry.
Even with declining cryptocurrency values dampening investor enthusiasm, 2025 proved to be a notably detrimental year for security breaches, following a record-breaking 2024. The year commenced on a grim note, as North Korean hackers executed a staggering $1.5 billion theft from centralized exchange Bybit, marking the most significant exploit in the history of crypto. This incident set a troubling precedent for the remainder of the year, with TRM Labs indicating a rise in organized and professional cybercrimes. Ari Redbord, TRM’s Global Head of Policy, noted that these attacks have become quicker, more coordinated, and easier to execute compared to previous cycles. Furthermore, 2025 saw an ongoing expansion of North Korea’s IT worker schemes, which contributed to the increasing sophistication of various hacking operations.
Major Hacks of 2025
Let’s examine some of the most notable hacks and breaches that occurred in 2025.
Bybit: $1.5 Billion
The year began with a catastrophic incident when hackers, suspected to be affiliated with North Korea, infiltrated the Bybit exchange and absconded with between $1.4 billion and $1.5 billion worth of Ethereum and related tokens. This breach was shocking not only due to its scale but also because the stolen assets were reportedly stored in cold, multi-signature wallets, which are generally considered one of the safest methods for securing digital currencies. According to Safe, the provider of the multi-signature wallet, the breach originated from a compromised developer laptop, with investigations revealing that a high-level developer’s workstation was infiltrated after interacting with a malicious application on February 4.
Coinbase: Up to $400 Million
In May, Coinbase, the largest cryptocurrency exchange in the United States and a well-regarded name in the industry, disclosed a significant data breach. The perpetrators sent a ransom note demanding $20 million in Bitcoin in exchange for stolen customer information. In a twist, Coinbase’s co-founder and CEO Brian Armstrong offered the same amount as a reward for information leading to the arrest of the criminals. While the exchange assured users that no funds, passwords, or private keys were compromised during the breach, it was revealed that sensitive information had been extracted from Coinbase’s overseas contractors, with the incident potentially costing the company up to $400 million in damages.
Cetus Protocol: $223 Million
Despite a trend towards targeting centralized platforms, decentralized finance protocols continued to attract hackers. In May, the Sui ecosystem’s leading decentralized exchange, Cetus Protocol, suffered a significant attack. Hackers exploited vulnerabilities in Cetus’s smart contracts, utilizing spoof tokens to distort price calculations and drain liquidity pools. In a somewhat rare positive outcome for the DeFi sector, Cetus managed to recover approximately $162 million that had been frozen during the attack, allowing the protocol to resume operations just 17 days following the incident.
Nobitex: $90 Million
In June, the Iranian crypto exchange Nobitex became the target of the pro-Israeli hacking group Gonjeshke Darande, which claimed to have siphoned off $90 million. The group alleged that Nobitex had ties to the Islamic Revolutionary Guard Corps. However, the attack raised ethical concerns, as compliance firm Crystal Intelligence warned that many innocent retail investors likely suffered losses despite the group’s assertions.
UPCX: $70 Million
Another DeFi protocol fell victim to cybercriminals in April, as hackers successfully stole $70 million from the open-source platform UPCX. The breach occurred due to a compromised private key that allowed the attackers to seize funds in the protocol’s native UPC token. This exploitation went largely unnoticed by the media, despite the substantial amount of money involved. Following the incident, the value of UPCX’s token plummeted from $4 in April to just over $1.20 by December 5, according to CoinGecko.
BtcTurk: $50 Million
In August, the Turkish exchange BtcTurk was again targeted by hackers, resulting in a loss of approximately $48 million. This breach followed a previous incident in 2024 where the exchange lost $54 million. After blockchain analysts flagged unusual transactions—primarily in Ethereum—the exchange suspended withdrawals. Since then, BtcTurk has remained largely silent about the incident, raising concerns among retail investors regarding the exchange’s security measures.
Upbit: $36 Million
In November, South Korean exchange Upbit reported a loss of around $36 million from its Solana hot wallet, with North Korean hackers once again being the primary suspects. The stolen assets included various meme coins, and Upbit quickly moved to reassure users that funds were promptly transferred to cold wallets after the breach. The rapid execution of the attack prompted South Korean authorities to link it to the state-sponsored hacking group known as Lazarus.
