Crypto Hack Losses in First Half of 2025 Exceed 2024 Total
A alarming trend is unfolding in the cryptocurrency market as losses due to hacks, scams, and exploits in the first half of 2025 have already surpassed the total amount lost in 2024. According to new data from CertiK, a whopping $2.47 billion has been stolen, with two major security incidents - ByBit breach and Cetus Protocol incident - collectively costing $1.78 billion.
The surge in crypto losses can be largely attributed to the ByBit breach, which saw hackers steal $1.4 billion from the Dubai-based exchange in February 2025. The notorious North Korean state actor Lazarus group is suspected of carrying out the Ethereum attack, making it the largest ever crypto theft to date.
The Cetus incident occurred in May, where attackers stole around $225 million worth of digital assets from Cetus Protocol, the biggest DEX on the Sui blockchain. However, thanks to a governance proposal for user repayment, validators were able to freeze and return $162 million of the stolen assets.
"While the overall figures are alarming, it is essential to point out that the majority of the funds lost in H1 were attributable to two concentrated, high-impact events," said Ronghui Gu, co-founder of CertiK. "However, regardless, these results serve as another reminder to the industry that there is still much work to be done when it comes to security."
CertiK observed a total of 344 security incidents involving cryptocurrency theft in H1 2025. The average loss per incident was $7.18 million, significantly higher than across the whole of 2024, which had an average loss of $3.1 million.
Phishing returned as the most lucrative vector in Q2 2025, with $1.7 billion stolen across 34 incidents in H1 2025. The top attack vector overall was wallet compromise, resulting from just three incidents during Q1 2025, which saw hackers stealing $1.45 billion.
Ethereum experienced the highest number of security incidents and losses in H1, with 175 incidents and $1.63 billion in losses. This was largely comprised of the ByBit hack. In Q2, Bitcoin experienced the highest volume of losses, at $373.6 million across nine incidents.
As the cryptocurrency market continues to evolve, it is crucial that developers and institutions prioritize robust security measures to protect users' assets. A multi-layered approach encompassing code audits, formal verification, real-time monitoring, incident response plans, vulnerability assessments, and employee awareness training should be treated as the norm, not the exception.