In brief
- Total crypto hack losses reached $2.72 billion in 2025, surpassing last year’s record despite subdued market conditions.
- The Bybit breach in February marked the year’s largest exploit, with North Korean actors suspected of stealing up to $1.5 billion.
- Major exchanges and DeFi platforms, including Coinbase, Cetus Protocol, Nobitex, UPCX, BtcTurk, and Upbit, reported significant compromises across the year.
This year was a record for hacks in the crypto sector, with over $2.72 billion stolen, according to data from TRM Labs.
Yes, with depressed crypto prices getting investors down, 2025 was a particularly bad year for exploits—even after 2024 broke records.
The year got off to a terrible start with a $1.5 billion loss in February after North Korean hackers targeted centralized exchange Bybit in the most significant crypto exploit in history.
That set the tone for the rest of the year, with "even more organized and professionalized" crimes, TRM Labs told Decrypt.
"Attacks are faster, better coordinated, and far easier to scale than they were in previous cycles," TRM's Global Head of Policy Ari Redbord said. "In 2025, we also saw the continued expansion of North Korea's IT worker schemes, which further added to the operational sophistication behind many campaigns."
Let's dive in and take a look at the biggest hacks and breaches of 2025.
Bybit: $1.5 billion
The year got off to the worst possible start when hackers—believed to be from North Korea—targeted crypto exchange Bybit and made off with between $1.4 and $1.5 billion in Ethereum and related tokens.
The exploit shocked the industry not only because of its size, but also because the funds were supposedly held in cold, multi-signature wallets—the safest way to store digital assets securely.
Multi-signature wallet provider Safe said the heist stemmed from a compromised developer laptop. An investigation later found that a high-level Safe developer's workstation was compromised on February 4 when it interacted with a malicious application.
Coinbase: Up to $400 million
Coinbase, America's biggest crypto exchange and one of the most well-known and trusted brands in the space, dropped a bomb in May when it revealed a data breach.
Criminals had sent the company a letter demanding $20 million in Bitcoin in exchange for stolen customer details. Coinbase co-founder and CEO Brian Armstrong then offered the same bounty to help catch the criminals.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
The exchange assured people that no funds, passwords, or private keys were compromised in the hack. And although customer funds weren't stolen, Coinbase's overseas subcontractors were bribed into handing over sensitive information. Coinbase said that the incident could cost the firm as much as $400 million to remedy.
Cetus Protocol: $223 million
Despite crooks eying centralized protocols this year, decentralized finance protocols remained a favorite for hackers, with Sui's leading decentralized exchange, Cetus Protocol, receiving the biggest gut punch.
In May, attackers exploited vulnerabilities in Cetus Protocol's smart contracts, using spoof tokens to manipulate price calculations and drain liquidity pools on the largest decentralized exchange in the Sui ecosystem.
In a rare outcome for the DeFi space, Cetus recovered around $162 million in funds frozen by the attack, and the protocol went back online 17 days after the exploit.
Nobitex: $90 million
Pro-Israeli hacker group Gonjeshke Darande hit Iran's biggest crypto exchange Nobitex in June, draining $90 million in crypto from the centralized platform.
The group alleged that Nobitex had links to the Islamic Revolutionary Guard Corps.
But the attack was controversial as compliance firm Crystal Intelligence told Decrypt at the time that many innocent retail investors were likely affected, despite the Israeli group's claims.
UPCX: $70 million
Another DeFi protocol was hurt this year after cybercrooks drained $70 million from the open-source platform UPCX in April.
Hackers exploited a compromised private key to steal funds in the form of the protocol's native UPC token, an exploit that barely made headlines despite the large amount of funds pinched.
The price of the protocol's token has since struggled to recover, according to CoinGecko, after plunging hard following the exploit, from $4 in April to just over $1.20, as of December 5.
BtcTurk: $50 million
Hackers again targeted Turkish exchange BtcTurk in August, walking away with $48 million at the time. The attack came after cybercriminals made away with $54 million in 2024.
The exchange told users it had suspended withdrawals after blockchain analysts flagged suspicious transactions—mostly in Ethereum.
BtcTurk has said very little since the incident, but two major hacks in such a short period have done little to shore up confidence among retail investors.
Upbit: $36 million
North Korean actors were the main suspects again after South Korean exchange Upbit announced in November that it had lost around $36 million from its Solana hot wallet.
Meme coins were among the assets stolen, and the exchange was quick to reassure users that funds were quickly moved to cold wallets following the exploit. The speed of the attack led South Korean authorities to point the finger at the state-sponsored hacking organization, Lazarus.