Crypto-related thefts reached record levels in 2025, with losses exceeding 4.04 billion USD, according to PeckShield's annual security report.
This increase shows that attacks are becoming more advanced, and security challenges are growing for the crypto industry.
The 2025 report on crypto security shows increasing losses and reduced recovery of assets
The figure for 2025 represents an increase of 34.2% compared to the 3.01 billion USD stolen in 2024 and an increase of approximately 55% from 2023's 2.61 billion USD.
Despite fewer security incidents in 2025, the total value of stolen assets increased significantly. Therefore, criminals shifted focus toward fewer but larger attacks.
"2025 has become a record year for crypto thefts, primarily due to vulnerabilities in centralized infrastructure and a clear shift toward targeted social manipulation," wrote PeckShield.
The crypto security report showed that exploitation-based attacks accounted for 66% of total losses. These attacks often involve smart contract flaws, compromised private keys, or infrastructure breaches, leading to approximately 2.67 billion USD being stolen. This represents a 24.2% increase compared to the previous year.
Fraud accounted for the second-largest share of losses. PeckShield reported that 1.37 billion USD was lost to fraud in 2025, a 64.2% increase compared to the previous year.
The report also showed that social manipulation, including phishing and identity theft, accounted for 12% of total losses. Unlike technical attacks, these rely on deceiving users rather than exploiting weaknesses in blockchain code.
Recovery efforts lagged far behind the scale of the losses. Only about 334.9 million USD of stolen crypto assets were recovered or frozen in 2025, much less than the 488.5 million USD recovered in 2024. The decline indicates that money laundering methods have become more advanced.
PeckShield's list of the top crypto heists of 2025
The report covered the ten largest crypto-related thefts in 2025. Losses in these cases ranged from tens of millions of USD to over 1 billion USD. Some of the most notable cases include:
Bybit: The largest known attack in the crypto industry, where the North Korean Lazarus Group stole over 1.4 billion USD from the exchange.
Libra Token: A major so-called rug pull that resulted in investors losing approximately 251 million USD.
Cetus Protocol: This decentralized exchange on the Sui blockchain lost over 200 million USD in an attack.
Nobitex: Iran's largest cryptocurrency exchange reportedly suffered around 81.7 million USD in losses after Gonjeshke Darande (Predatory Sparrow) exploited vulnerabilities.
At the same time, monthly figures show that losses varied significantly throughout the year. February was the worst month, with 1.77 billion USD in losses, primarily due to the Bybit attack. Losses were lowest in October, amounting to approximately 21.6 million USD, but the figure rose again in November.
These trends appear to continue into 2026. Already thirteen days into the new year, the crypto industry has been hit by two major attacks. The first was the Truebit attack, followed by a social engineering attack targeting users of the investment platform Betterment.