2025 becomes costliest year for crypto hacks as $1.4 billion Bybit breach tops list

In 2025, the crypto industry suffered the highest number of cyberattacks on record, with cumulative losses from high-profile attacks totaling over $2.2 billion. The statistics gathered by the Phoenix Group are concerning because centralized exchanges, as well as decentralized protocols, have fallen victim to well-developed exploits. The intensity, frequency, and variety of attack modalities have become a major concern for security standards in the digital asset ecosystem.

The biggest attacks of the year are on trading platforms, DeFi protocols and infrastructure providers, which prove that no one is safe in the market.

Bybit Hack Emerges as Largest Crypto Breach

First on the list is the Bybit hack which took place on February 21, 2025 and cost an incredible amount of money, $1.4 billion. The attackers used a phishing attack on a Safe multisignature wallet and were able to avoid internal verification and drain assets en masse, according to the report. This attack alone accounts for more than fifty percent of the overall losses recorded in the list of biggest hacks of the year.

The Bybit hack has had repercussions across the industry, with the security of multisig wallets and internal access management practices at major exchanges coming under increased scrutiny.

DeFi protocols targeted by complex exploits

In 2025, decentralized finance platforms have also been hit hard, with multiple high-profile attacks leveraging smart contract design and liquidity mechanisms. On May 22, Cetus was hacked and its assets worth $223 million were stolen according to a spoofed token exploit that was used to compromise asset validation. A subsequent attack took place on November 3 of the following year, and Balancer lost $128 million related to a composable stable pools exploit.

Such breaches have shown some long-standing weaknesses in DeFi designs, particularly where composability and automated market components present unforeseen attack surfaces.

Centralized exchanges face structural weaknesses

Other centralized exchanges also saw significant breaches during the year, in addition to Bybit. On April 20, Bitget lost $100 million due to a liquidity operation as part of the market maker exploit. On January 23, Phemex was hacked and suffered an $85 million loss due to private key exposure, while on June 18, Nobitex suffered an $82 million loss after being compromised in a hot wallet attack.

They highlighted ongoing threats related to key management, wallet segregation, and internal operational security of core platforms.

Private key compromises remain a critical threat

One of the most widespread and harmful attack methods of 2025 has been the compromise of private keys. Stream Finance spent $93 million on November 4, Phemex spent $85 million earlier in the year, and BtcTurk announced a $48 million personal key breach on August 14.

The recurring nature of incidents means that after years of warnings, major storage and access policies remain a vulnerable point across the industry, particularly in combination with human error or insufficient oversight.

Security monitoring and the path forward

Other notable breaches include UPCX, which suffered a $70 million loss on April 1 due to loss of access control, and Infini, which lost a total of $49.5 million on February 24 due to misuse of developer privileges. These examples demonstrate that technical weaknesses and failures of governance systems can have disastrous consequences.

With crypto adoption continuing, the scale of losses in 2025 has led to increased calls for stricter security audits, better internal controls, and more transparent risk disclosure. Regulators and even industry leaders are currently feeling the pressure to address systemic weaknesses before user confidence erodes further.

After losing billions in one year, 2025 could become a year to remember as the crypto industry will need to focus as much on security as innovation.