Crypto Hacks Q1 2025: How Hackers Stole Over $1.67 Billion in 197 Attacks

The first quarter of 2025 was a rollercoaster for the crypto world. Governments pushed for stronger regulations – like the US Strategic Cryptocurrency Reserve and the SEC’s Crypto Task Force – while the EU tightened its grip with new MiCA rules. The goal? To make crypto safer and more transparent.

But despite these efforts, hackers had their most profitable quarter yet. Crypto scams and cyberattacks exploded, draining billions from wallets and exchanges. One breach alone wiped out over a billion dollars, shaking the industry to its core.

So, what went wrong? How did security fail so badly? Let’s break it all down.

Crypto Hacks Surge by 303%, Exceeding 2024’s Losses

According to CertiK’s Q1 2025 Web3 Security Report, more than $1.67 billion was stolen across 197 incidents—a shocking 303% increase from the previous quarter. This amount already exceeds two-thirds of the total losses recorded in 2024, highlighting the growing threat of cybercrime in the industry.

The most devastating attack of the quarter was the Bybit hack, which resulted in a staggering $1.45 billion loss. This single breach shook the entire crypto sector, raising serious concerns about the security of centralized exchanges. Regulators and security experts are now calling for stronger protective measures to prevent similar large-scale breaches.

“The increasing sophistication of hacker techniques highlights the pressing need for blockchain entities to enhance their security strategies,” remarked CertiK Co-Founder Ronghui Gu. 

He pointed to the Bybit breach as a major wake-up call, emphasizing that security should no longer be viewed just as a way to gain a competitive edge. Instead, it needs to be seen as a shared responsibility that everyone in the blockchain industry must take seriously to protect the ecosystem as a whole.

Wallet Compromises Lead the Way

Aside from Bybit, several other platforms suffered major losses:

• Phemex lost $71.7 million
• 0xInfini was hit for $49.5 million
• MIM Spell suffered a $12.9 million breach

A large portion of these losses came from wallet compromises, with private key thefts causing $142.4 million in damages across 15 incidents. Code vulnerabilities led to another $47.1 million in losses from 68 exploits, while phishing attacks accounted for $15.8 million stolen in 81 separate cases.

Recovery Efforts Hit a New Low

Efforts to recover stolen funds have been largely unsuccessful. Only 0.38% of the stolen assets were recovered, a sharp decline from 42% in the previous quarter. In February 2025, not a single stolen dollar was returned, showing how difficult it has become to track and retrieve lost funds.

CertiK’s report highlighted how hackers are evolving, using techniques like social engineering, artificial intelligence, and contract manipulation to bypass even the strongest security defenses. As crypto adoption grows and asset values rise, experts warn that attacks are likely to become even more frequent.

Ethereum Remains the Prime Target

Ethereum remained the most targeted blockchain, with $1.54 billion stolen across 98 incidents. Its dominance in decentralized finance (DeFi) and smart contracts makes it a frequent target for hackers, as billions of dollars are locked in protocols that remain vulnerable to security flaws.

The Urgent Need for Stronger Security

Gu stressed the importance of a multi-layered security approach to prevent future losses. He highlighted key measures such as:

• Thorough code audits to identify vulnerabilities
• Constant monitoring to detect suspicious activity
• Clear incident response plans for quick action
• Regular security assessments to strengthen defenses
• Employee training to prevent human-related breaches

With crypto crime on the rise, stronger security measures and stricter regulations will be crucial in protecting the industry from further attacks.

The industry is learning the hard way—if security isn’t a priority, losses will be.