Key Takeaways
- 2025 was one of the most profitable years on record for crypto scammers, with losses topping $4 billion.
- The February Bybit breach became the largest centralized exchange hack in history, draining more than $1.5 billion.
- North Korea–linked hacking groups were responsible for over 60% of the year’s stolen crypto.
As 2025 comes to a close, the crypto industry is taking stock of a year defined by sharp contrasts.
On one side were record-breaking ETF inflows, growing institutional adoption, and long-awaited regulatory clarity.
On the other hand, there was a relentless surge in hacks, scams, and state-backed cybercrime that quietly drained billions from the ecosystem.
This year marked a grim milestone. More than $3 billion in crypto was stolen in the first half alone—already exceeding the total losses recorded in all of 2024.
By year-end, estimates place total losses closer to $4–$5 billion, driven by a mix of high-profile exchange breaches, DeFi exploits, and an explosion in increasingly sophisticated phishing campaigns.
At the center of it all were well-organized threat actors.
North Korea–linked hacking groups emerged as the most prolific offenders, accounting for the majority of stolen funds.
Their operations grew more advanced, blending malware, social engineering, and AI-assisted phishing to target both centralized platforms and decentralized protocols.
What follows is a breakdown of 2025’s biggest crypto heists, the groups behind them, and the structural weaknesses they exposed.
Consider it crypto’s year-end “naughty list”—not just a tally of losses, but a look at the lessons the industry is being forced to learn heading into 2026.
Mining Rig Rentals
Hashing24
Binance Pool
Bybit Exchange Hack (February 21, 2025 – ~$1.46–1.5 Billion Lost)
North Korea’s Lazarus Group orchestrated the largest single cryptocurrency theft in history by exploiting the Bybit exchange.
Hackers compromised a third-party multi-signature wallet interface by injecting malware into the signing process, tricking approvers into redirecting over 400,000 ETH from Bybit’s cold wallet.
Funds were rapidly laundered across chains using bridges and mixers.
This incident alone accounted for nearly 70% of first-half losses, triggering market dips, regulatory scrutiny, and a reevaluation of third-party dependencies in exchange infrastructure.
The hack shook global markets, and the BTC price dipped 8%.
Although Bybit reimbursed users, it faced lawsuits due to security lapses. The incident highlighted the risks associated with cold wallet exchanges.
Coinbase Insider Breach (March 2025 – $200-400 Million)
The incident involved an employee leaking API keys and insider information about individuals for bribes.
As a result, unknown hackers drained hot wallets. However, it wasn’t a full-fledged direct exploit but enabled targeted thefts.
Coinbase pledged reimbursements, and it led to enhanced insider vetting industry-wide.
Nobitex Exchange Attack (June 2025 – ~$90–100 Million)
Iran’s largest crypto platform fell victim to a politically motivated breach, attributed to hacktivist group “Predatory Sparrow” in retaliation against the regime.
Hot wallets were drained, with funds partially “burned” or frozen—highlighting rare geopolitical hacks amid rising nation-state involvement.
BtcTurk Hot Wallet Exploit (August- $48—$50 Million)
In August 2025, BtcTurk, a Turkish CEX, suffered its second major hack in a little over a year.
This time, the attackers stole an estimated $48 million from the exchange’s hot wallets.
The 2025 attack on BtcTurk was a less expensive mirror of its June 2024 incident.
In both cases, the attacker gained access to the private keys used to manage the protocol’s hot wallets.
With this access, the attackers were able to drain funds from these wallets.
In 2024, the CEX lost approximately $55 million, while the more recent incident resulted in roughly $48 million being stolen from the exchange across seven blockchains.
These funds were then consolidated into a few different accounts.
Individual BTC Phishing (August-$91 Million)
In August 2025, a cryptocurrency investor was defrauded of 783 BTC (valued at approximately $91 million at the time) through a sophisticated social engineering phishing scam.
This incident is considered one of the largest individual Bitcoin losses due to this type of attack.
The scammers convinced the victim to provide sensitive access credentials or their seed phrase, allowing them to drain the entire 783 BTC from the wallet in a single transaction within minutes.
