Quick Takeaways
- Hackers stole about $2.2 billion in the 10 bombastic crypto attacks of 2025.
- Bybit suffered the largest crypto theft ever, using $1.4 billion in ETH.
- Attacks blended key compromises, server rift, and protocol logic flaws.
Crypto security presents another brute examination in 2025. Attackers drained gazillions from rally, DeFi protocols, and substructure providers. The years reach a count of $2.2 billion across the 10 largest incidents. That figure is roughly twin 2024’s wide-cut-class total.
However, the damage was far more concentrated. A handful of massive breaks predominate the year. Bybit’s $1.4 billion exploit became the largest crypto theft ever recorded. Other fires peril deep weaknesses in billfold, server, and smart contracts.
Bybit Sets Record With $1.4 Billion Breach
Bybit suffered the most devastating hack in crypto history. On February 21, attackers drained about 401,000 ETH.
The funds came from Safe-based multisig wallets. Assets moved across Ethereum and Arbitrum within minutes.
Security firms pointed to a likely signing-key compromise. Abnormal approval patterns suggested that attackers gained multisig control.
Bybit paused withdrawals and launched an internal investigation. The exchange pledged to honor user balances.
Chain analysts tracked funds as they fragmented across bridges. Mixing services later obscured portions of the stolen ETH.
Major DeFi Exploits Shake Liquidity and Protocol Design
DeFi protocols also suffered heavy losses. Several attacks exploited logic flaws rather than stolen keys.
Cetus, a Sui-based DEX, lost about $223 million in May. Attackers used spoofed tokens to manipulate liquidity pools.
Faulty pricing logic treated fake assets as legitimate. Liquidity providers absorbed most of the damage.
Balancer followed with a $128 million exploit in November. A rounding-error bug in V2 stable pools allowed repeated value extraction.
The protocol disabled affected pools and urged LPs to exit. White hats helped recover part of the funds.
GMX lost roughly $42 million in July. A reentrancy-style flaw drained liquidity from its V1 GLP pool.
Centralized Exchanges Remain Prime Targets
Centralized platforms also faced relentless pressure. Several breaches stemmed from key or server compromises.
Bitget disclosed a $100 million loss in April. Attackers exploited flaws in its market-making bot logic.
Phemex lost about $85 million in January. Investigators linked the breach to compromised hot-wallet keys.
Iran-based Nobitex suffered losses between $80 million and $90 million. Hackers drained hot wallets across several assets.
BtcTurk reported $48 million in unusual outflows in August. The exchange said cold storage remained secure.
CoinDCX lost $44.2 million after a server-side breach. Authorities later arrested an employee linked to the incident.
Infrastructure Failures Expose Systemic Weaknesses
Not all attacks relied on complex smart contract tricks. Some exploited overlooked permissions and governance gaps.
Infini lost $49.5 million in February. The attack abused elevated developer privileges in smart contracts.
An admin function allowed direct access to reserves. Funds moved without normal user checks.
The incident raised concerns about internal audits. Infini paused operations and began a governance review.
Across 2025, attackers mixed social engineering with technical exploits. Compromised keys remained a recurring theme.
Server breaches also played a growing role. Insiders and weak access controls amplified risks.
What 2025’s Hacks Reveal About Crypto Security
The biggest crypto hacks of 2025 shared common patterns. Security failures clustered around privileged access points.
Multisig wallets proved vulnerable when keys were compromised. Smart contract bugs still escaped audits.
Losses also spread faster across chains. Bridges and liquidity routing accelerated fund movement.
Despite improved monitoring, response times lagged behind attackers. By the time alerts fired, funds were already dispersed.
Industry experts warn that scale increases risk. As platforms grow, attack surfaces expand.
For users, the message remains clear. Security assumptions can fail quickly.
For builders, 2025 delivered a harsh reminder. Robust key management and rigorous audits remain essential.