2025 delivered no shortage of crypto hacks and scams, though one incident stood out from the crowd.
A total of around $4 billion was lost, a 37% increase on 2024’s total, with over half linked to North Korea, according to blockchain security firm Hacken.
Protos has put together a rundown of the year’s biggest, strangest, and most significant incidents, and asks what they told us about crypto security in 2025.
Far and away the year’s biggest loss, both in terms of scale and impact, was February’s ByBit hack.
Over $1.4 billion of crypto assets were drained from the exchange after one of its cold wallets was compromised. The hack was later attributed to North Korean hackers’ crypto-focused campaign dubbed “TraderTraitor.”
After “compromising a Safe {Wallet} developer machine,” the hackers disguised malicious transactions presented to the ByBit team, to take control of the wallet.
Read more: The solution to crypto’s Lazarus problem could be simpler than expected
In response to the “blind signing” problem facing multisig operators, hardware wallet manufacturer Ledger introduced a new “clear signing” feature. However, the announcement was met with backlash after the “free” security upgrade turned out not to be free, at all.
TRM Labs sees this as part of a shifting trend in North Korea’s “industrialization of infrastructure attacks.” The focus appears to have moved from targeting bridges (2021-2022) to service providers (2023-2024) to “CEX Mega-Heists” (2024-2025).
Apart from ByBit, exchanges hit by North Korean hackers in 2025 include Swissborg, which lost $41 million in September, and (most likely) South Korean exchange Upbit, hit for $30 million in November.
The year also saw significant hacks on DeFi projects, though with lower severity and frequency than previous years.
The most serious incident came in November, when Balancer’s v2 pools were exploited for $129 million. In addition to the large loss, the hack was surprising in that it came a full five years after the pools were launched.
Read more: Is an AI hacker targeting old DeFi projects in $5M spree?
Balancer wasn’t the only OG DeFi protocol hit this year, either. December’s trio of hacks on Ribbon Finance, Rari Capital and iEarn (now Yearn) Finance had some suspecting a $5 million AI-assisted hacking spree.
Read more: Circle rarely freezes stolen funds but wants reversible transactions
One hacker showed particular flair, sending stolen ether to Tornado Cash developer Roman Storm’s defence fund after taunting auditors on-chain.
A monster $27 million loss initially caused worries of a large-scale hack of Venus Protocol in July. However, the transaction turned out to be a single “whale” who had fallen victim to a phishing scam.
There were more reminders that even experienced experts sometimes get hooked, as crypto veteran Jill Gunter was drained and the UXLINK hacker lost their loot phishing.
Disaster also struck the ZKLend hacker who was phished for $9.5 million after reportedly using a malicious Tornado Cash front-end.
Despite all the bad news, some light relief came in September when what was dubbed “likely the largest supply chain attack in history,” managed to steal just $0.05.
Hacks and scams aside, there were plenty of other dramas played out on the DeFi stage.
After almost three years on the OFAC’s naughty list, sanctions placed on crypto mixer Tornado Cash were lifted in March.
The ByBit hack, in its complexity and level of preparation needed, showed that crypto’s weakest link is humans, not code. A need for clear, tamper-proof signing methods remains a crucial space to improve, both for teams and individuals.
The willingness of politically-motivated actors to target foreign CEXs demonstrates an additional, geopolitical, danger to traders. (As if they didn’t already have enough risks to deal with.)
Maturing codebases also proved their worth in that many of the year’s DeFi hacks were on legacy protocols.
After years being plagued by blackhats, perhaps devs are learning to avoid the pitfalls of previous incidents.
