Crypto Hack Losses in First Half of 2025 Exceed 2024 Total – Source: www.infosecurity-magazine.com

Around $2.47bn in cryptocurrency has been stolen via scams, hacks and exploits in H1 2025, already exceeding the total amount lost during 2024, new data from CertiK has revealed.

The surge in crypto losses in 2025 is largely the result of two major security incidents – the ByBit breach and Cetus Protocol incident. Collectively, these incidents cost $1.78bn, 72% of the total.

In the ByBit incident, hackers stole $1.4bn in cryptocurrency from the Dubai-based exchange in February 2025. The notorious North Korean state actor Lazarus group is suspected of carrying out the Ethereum attack, which is the largest ever crypto theft to date.

The Cetus incident took place in May, when attackers stole around $225m worth of digital assets from Cetus Protocol, the biggest DEX on the Sui blockchain.

Sui validators managed to freeze and return $162m of the stolen assets, following a governance proposal for user repayment.

The CertiK report noted that without those two individual incidents, total losses in 2025 would stand at $690m, indicating that the broader trend may not be as severe as raw figures imply.

CertiK co-founder Ronghui Gu, commented: “While the overall figures are alarming, it is important to point out that the majority of the funds lost in H1 were attributable to two concentrated, high-impact events.”

He added: “But regardless, the results serve as another reminder to the industry that there is still much work to be done. When it comes to security, a multi-layered approach encompassing robust code audits, formal verification, real-time monitoring, incident response plans, vulnerability assessments and employee awareness training should be treated as the norm, not the exception.” 

CertiK observed a total of 344 security incidents involving cryptocurrency theft in H1 2025.

The average loss per incident was $7.18m, which was significantly higher than across the whole of 2024, when average losses were $3.1m.

When excluding funds that were frozen or returned by white hat hackers, net losses in H1 2025 currently stand at $2.29bn. This is comfortably higher than the $1.98bn in net losses recorded for the whole of 2024.

Phishing Returns as Most Lucrative Vector in Q2 2025

Wallet compromise was the costliest attack vector overall, with $1.7bn stolen across 34 incidents in H1 2025.

This was largely the result of just three incidents during Q1 2025, which resulted in hackers stealing $1.45bn. This included the ByBit incident.

Wallet compromise occurs when a user’s private keys or recovery phrases are exposed, resulting in the theft of digital assets from the compromised wallet.

This is in contrast to 2024, when phishing was the top attack vector.

However, when analyzing Q2 2025 alone, phishing resumed as the costliest attack vector, with $395.06m in losses recorded across 52 incidents.

In contrast, wallet compromise was the fifth costliest attack vector in Q2, with $11.2m in losses recorded across two incidents.

Ethereum experienced the highest number of security incidents and losses in H1, at 175 incidents and $1.63bn in losses. This was largely made up of the ByBit hack.

In Q2, Bitcoin experienced the highest volume of losses, at $373.6m across nine incidents.

Ethereum experienced the highest volume of incidents in Q2, at 60, but the fourth highest losses, at $37.2m.