Crypto thieves absconded with over $2.7 billion in digital assets last year, a newly set annual record, according to data gathered by blockchain intelligence companies and Web3 security researchers. That total surpasses numbers from the last several years and shows that attackers are focusing on high-liquidity targets while also taking advantage of known weak points among exchanges and DeFi platforms.
The Year’s Biggest Heist Set a New High-Water Mark
By far the biggest single theft on record was a hack of the Dubai-based exchange Bybit, which attackers used to siphon off about $1.4 billion in crypto. Both the blockchain analytics firms and statements from U.S. law enforcement pointed to North Korean state-backed hackers as being behind the operation. The takedown was a record for the group, far eclipsing losses reported from hacks of the Ronin Network and Poly Network of $624 million and $611 million.
- The Year’s Biggest Heist Set a New High-Water Mark
- DeFi and Exchanges Suffered the Bulk of the Losses
- North Korea Is Still the Biggest Crypto Thief
- Data Shows an Escalating Trend in Large Crypto Heists
- How Defenders Are Adapting to Reduce Crypto Theft Risk
- Policy and Enforcement Pressures Mount on Laundering
- The Bottom Line: Crypto Heists Are Growing in Scale
The centralization of funds in points of failure is still a major point of risk. And while exchanges are hardening their defenses, the sheer size of liquidity pools and hot wallet balances can transform a single lapse — say, a compromised key or flawed withdrawal logic — into a multibillion-dollar affair.
DeFi and Exchanges Suffered the Bulk of the Losses
Separate from the Bybit breach, protocols and trading venues across the board were hit hard by a series of large-scale attacks. Attackers made off with an estimated $223 million in a hack of the decentralized exchange Cetus. Balancer, an Ethereum-based automated market maker, lost roughly $128 million after a security incident. $73+M “STOLEN”—JUST IN!!! Centralized exchange @Phemex_official shows how OUT OF CONTROL the hacking of their wallets became.
The mechanisms were familiar: theft of a private key, a compromise in infrastructure, and vulnerabilities in smart contract logic that allow for abuses like flash-loan exploits or oracle manipulation. Cross-chain bridges and liquidity routers were also of interest to attackers, who are still investigating message validation and custody models across chains.
North Korea Is Still the Biggest Crypto Thief
Chainalysis and Elliptic say North Korean operators stole a minimum of $2 billion in cryptocurrency over the year, leaving them with an estimated $6 billion burglary haul since 2017. These proceeds are routed through mixers, over-the-counter brokers and gambling services to obfuscate origins before cash-out, analysts say — even though sanctions have forced the closure of established mixing services.
The playbook is more or less identical: Spear-phishing developers and exchange staff, exploiting leaked keys or CI/CD pipelines — and moving quick to split stored funds amongst thousands of addresses. Recovery, however, becomes much more difficult once the liquidity is spread and shifted between chains.
Data Shows an Escalating Trend in Large Crypto Heists
Security firm De.Fi, which documents the REKT database of cryptocurrency thefts, separately estimated upwards of $2.7 billion stolen over the year in general accordance with studies undertaken by major blockchain analytics companies. That’s up from around $2.2 billion in 2024 and about $2.0 billion in 2023, an escalation of multi-year increase in both the number and the severity of crypto heists.
Worth mentioning is that a few mega-hacks and breaches comprised most of the losses — emphasizing that while many attacks are small or opportunistic, only a relatively small number can determine annual totals.
This “fat-tail” risk distribution remains in place because adversaries only need one high-payoff exploit to overshadow dozens of less successful efforts.
How Defenders Are Adapting to Reduce Crypto Theft Risk
Exchanges are expanding their use of multi-party computation for hot wallets, enhancing controls over withdrawal velocity, and implementing automatic detection of anomalies using on-chain data analytics. Others are deploying hardware-based transaction attestation internally to lower the risk of key exfiltration.
On the DeFi side, projects are adopting formal verification and runtime “circuit breakers” that could pause compromised contracts without permanently locking user funds. And increasingly, incident playbooks are adding pre-established lines to market makers and stablecoin issuers for instant blacklisting and judicial recovery — Tether’s address freezes prove this dynamic has already been employed to cut losses in multiple headline cases.
Policy and Enforcement Pressures Mount on Laundering
The authorities have stepped up scrutiny of laundering infrastructure. Sanctions on mixers, and pressure on risky locations have forced malign actors to split up their obfuscation pathways. While this raises the costs of doing business for criminals, it hasn’t stemmed the tide of stolen funds, particularly because attackers are adept at pivoting across new chains and more poorly regulated service providers.
The implementation of the Travel Rule amongst major exchanges and further tightening of counterparty screening has limited exit ramps. Yet without more global coordination/standards and some baseline of security for cross-chain systems, the incentives for widescale theft are still very much there.
The Bottom Line: Crypto Heists Are Growing in Scale
With the $2.7 billion, this is a sober reminder that crypto’s attack surface becomes larger and larger with market infrastructure. The big heists keep getting bigger, and state-aligned groups persist. Until private key management, cross-chain security, and real-time response become status quo, the industry will be shaped by outliers like these that obliterate hundreds of millions in a matter of minutes.