Crypto hackers steal over $2.7 billion in 2025 as nation-state attacks reach record highs

The cryptocurrency sector has been hit hard in 2025, with hackers pilfering over $2.7 billion through a series of high-profile breaches. Insights from blockchain analytics firms Chainalysis and TRM Labs indicate that while the frequency of attacks has varied, the magnitude of these thefts has reached alarming new heights. A significant contributor to this year's staggering losses was the monumental $1.5 billion hack of the Bybit exchange that occurred in February. Security experts from Immunefi, a prominent Web3 bug bounty platform, have identified this incident as the largest theft in crypto history, accounting for approximately 69% of all funds stolen from services within the first half of the year. According to Steve Schmidt, Amazon's Chief Security Officer, and various cybersecurity experts, a principal factor behind this surge in hacks is the Lazarus Group, a notorious hacking collective believed to be associated with North Korea. Chainalysis reported that the Democratic People’s Republic of Korea (DPRK) has stolen at least $2.02 billion this year alone, marking a 51% increase compared to the previous year. These hackers are employing advanced social engineering techniques, often masquerading as recruiters or investors to deceive company executives into granting access to their systems. Since 2017, North Korean hackers have amassed around $6 billion in stolen cryptocurrencies, which are reportedly diverted to support the country's sanctioned nuclear weapons program. While in prior years, Decentralised Finance (DeFi) platforms were the primary targets, 2025 has seen a notable shift towards Centralised Finance (CeFi) and cross-chain bridges. Hackers are now adeptly exploiting private key vulnerabilities and errors in smart contracts. Despite the overwhelming losses, there is a glimmer of hope: recovery initiatives are becoming more structured. Chainalysis has observed that collaborative efforts between exchanges and law enforcement agencies have successfully frozen millions in stolen assets shortly after they were relocated. For the Indian tech landscape, these revelations highlight an urgent need for enhanced "liveness" checks and the implementation of zero-trust security frameworks to combat the increasingly sophisticated nature of global cybercrime.