Key Takeaways
As 2025 unfolds, the cryptocurrency world continues to be a dynamic battlefield where evolving technologies are met with equally sophisticated threats. This year, the crypto world is already witnessing a new wave of hacks and scams that reflect emerging vulnerabilities in blockchain protocols, smart contracts, and decentralized finance platforms.
With cybercriminals adapting to advanced security measures, every breach serves as an important reminder of the need for ongoing innovation in cybersecurity.
In 2025, the stakes are higher than ever as both established and emerging entities navigate these risks.
In this article, learn about the latest security breaches and exploits, ensuring that you remain well-informed in an ever-changing digital landscape.
The decentralized finance (DeFi) sector remains one of the most vulnerable areas in the crypto ecosystem, with hackers continually exploiting its open architecture and complex smart contract systems.
In previous years, DeFi platforms witnessed a series of high-profile hacks and scams that highlighted weaknesses in protocol design, private key management, and governance models. From flash loan attacks to phishing schemes targeting liquidity providers, the landscape of DeFi crime is evolving rapidly. .
2025 has seen a surge in major crypto hacks, with over $2.3B lost across platforms like Bybit, Coinbase, and Cetus. The table below summarizes these significant incidents:
| Target | Date | Estimated Loss |
| Abracadabra | Oct 1 | $1.8M |
| HyperVault (Hyperliquid ecosystem) | Sep 24 | $3.6M |
| Shibarium Bridge | Sep 9 | $2.4M |
| Individual Bitcoiner (783 BTC phishing scam) | Aug 19 | $91M |
| BtcTurk exchange hot-wallet exploit | Aug 14 | 48-50M |
| GMX V1 | July 9 | $40-$42M |
| Resupply | June 26 | $9.5M |
| Nobitex | June 18 | $90M |
| ALEX Protocol | June 6 | $8.3M |
| Force Bridge | May31-June1 | $3.6M |
| Cetus (Sui) | May | $220M |
| Coinbase | May 11 | $400M |
| zkSync | April | $5M |
| UPCX | April | $70M |
| Zoth | March | $8.4M |
| Wemix | March 17 | $6.1M |
| ByBit | Feb 21 | $1.46B |
| AdsPower | Jan 21–24 | $4.7M |
| Phemex | Jan 23 | $85M |
| Moby | Jan 10 | $2.5M |
On Oct. 1, 2025, the Abracadabra DeFi protocol, known for its Magic Internet Money (MIM) stablecoin, suffered a flash-loan exploit that drained roughly $1.8 million. Attackers manipulated collateral values to over-borrow MIM and exit with profit. The exploit targeted an overlooked rounding vulnerability in the lending contract.
Within hours, developers halted the affected pools, froze the exploit address, and began patching the bug. The project coordinated with exchanges and on-chain analysts to track stolen funds.
Roughly one-third of the loss was later blacklisted or recovered through front-end restrictions, while the team implemented upgraded oracle and liquidation protections.
On Sept. 24, 2025, the HyperVault yield-farming protocol within the Hyperliquid ecosystem executed what analysts described as a rug-pull, removing around $3.6 million in user deposits. The project’s developers drained liquidity pools and deleted their social channels.
SlowMist and on-chain data confirmed the funds were converted to stablecoins and routed through Tornado Cash. No code exploit occurred, the team itself orchestrated the theft.
Hyperliquid’s core team distanced itself from the project, warning users to verify integrations. Law-enforcement reports were filed in Singapore and Korea, but as of October 2025, no recovery was confirmed and investor compensation remains unlikely.
On Sept. 9, 2025, a Shibarium bridge component was exploited, resulting in losses of roughly $2.4 million in SHIB, ETH, and BONE tokens. Attackers used a flash-loan and validator-signature manipulation method to withdraw bridged assets without proper collateralization.
Developers paused bridge operations within hours and coordinated with the Shiba Inu ecosystem team to trace stolen funds. Some tokens were blacklisted on partner exchanges.
A post-mortem revealed poor validation logic and outdated multisig authorization parameters. Patches were deployed and new audits commissioned. Roughly $300,000 worth of stolen tokens were later frozen on centralized exchanges.
On Aug. 19, 2025, an individual Bitcoin investor lost 783 BTC ($91 million) to a social-engineering and phishing attack. The scammers impersonated customer support staff from a major hardware wallet company, convincing the victim to share recovery phrases over an encrypted chat. Funds were immediately transferred to multiple addresses and laundered through Wasabi Wallet mixers.
On-chain analysts like ZachXBT traced partial flows but found minimal recovery potential due to privacy mixing. Law enforcement and exchanges were notified, but no arrests were made. The case became a cautionary example of human-targeted compromises, prompting renewed education campaigns on wallet-seed security.
Turkish crypto exchange BtcTurk detected unauthorized outflows on Aug. 14, 2025, amounting to roughly $48–50 million in multi-chain assets (ETH, AVAX, ARB, MATIC, and more). The breach was traced to compromised private keys controlling the exchange’s hot wallets.
Trading and withdrawals were suspended while cold-wallet reserves remained safe. Security firm investigations suggested credential theft rather than a contract exploit. BtcTurk quickly replenished user balances from insurance and corporate funds, resumed operations within five days, and strengthened its wallet-segregation model.
No public disclosure identified the attackers, but forensic data was shared with Interpol and blockchain-intelligence agencies.
On July 9, GMX V1, a decentralized perpetual trading protocol, was hit by a major exploit involving a re-entrancy vulnerability within its GLP (liquidity provider) pools deployed on Arbitrum and Avalanche.
The attacker repeatedly entered and exited mint and burn functions in a single transaction, manipulating pricing mechanisms and draining approximately $40–42 million in crypto assets. GMX responded by pausing V1 minting and disabling its legacy contracts. A 10% whitehat bounty, worth roughly $4 million, was publicly offered to incentivize the return of stolen funds.
Importantly, GMX V2 remained unaffected, and the protocol has since urged users to fully migrate away from V1 while investigating the full scope of the breach.
On June 26, Resupply, a DeFi lending platform focused on tokenized donations, was exploited for roughly $9.5 million. The attacker manipulated the valuation logic of a newly deployed vault that accepted crvUSD collateral.
By donating and inflating collateral values, they were able to mint ReUSD at highly favorable rates and immediately extract the overvalued assets. This vulnerability stemmed from an unprotected exchange-rate function and reliance on poor oracle data.
Resupply paused affected contracts, alerted users, and is now working with whitehat auditors to deploy a patched version of the ERC-4626 vault.
Iran’s largest cryptocurrency exchange, Nobitex, was the target of a politically motivated cyberattack on June 18, 2025. Hacktivist group “Predatory Sparrow” claimed responsibility, stating the attack was retaliation against the Iranian regime.
Using stolen private keys and administrative credentials, the attackers drained nearly $90 million from Nobitex’s hot wallets across Ethereum, TRON, and Bitcoin. Some funds were sent to burn addresses containing anti-government messages.
Nobitex confirmed the breach shortly after a partial service outage and subsequent internet disruptions across Iran. In response, the exchange has transitioned to cold storage for critical assets and is cooperating with local authorities and blockchain analytics firms to trace any recoverable funds.
On June 6, 2025, ALEX Protocol, built on the Stacks blockchain, lost approximately $8.3 million in an exploit that targeted its vault permissions system. The attacker created a malicious token with smart contract properties that mimicked legitimate assets and used it to bypass internal access controls.
This flaw in the protocol’s vault verification logic allowed unauthorized withdrawals from ALEX’s DeFi vaults. Upon detection, ALEX halted the vaults, collaborated with security firms, and launched an internal investigation.
Between May 31 and June 1, 2025, Force Bridge, a cross-chain asset transfer bridge connecting Ethereum and Binance Smart Chain, suffered a $3.6 million exploit. The breach stemmed from a compromised private key that gave the attacker unauthorized control over the bridge’s validator functions, enabling them to drain funds from the bridge contract.
The attacker quickly obfuscated the trail using Tornado Cash, making traceability difficult. In response, Force Bridge halted operations and announced an emergency audit.
Cetus, a decentralized exchange on the Sui blockchain, experienced a massive exploit when attackers used fake token contracts to manipulate pool balances and drain assets.
By spoofing token metadata and tricking smart contracts, they bypassed security checks and withdrew roughly $220 million. The Cetus team paused protocol operations, coordinated with the Sui Foundation, and began forensic investigations with blockchain security partners. On May 25, Cetus announced a fund recovery and reimbursement plan.
In May, Coinbase was hit by a social engineering attack in which overseas support contractors were bribed by attackers. These insiders provided unauthorized access to user account data, affecting under 1% of users.
The exploit allowed attackers to initiate transfers and breach sensitive information, with estimated damages approaching $400 million. Coinbase confirmed the incident and terminated relationships with the implicated support firm.
ZKsync, an Ethereum layer-2 scaling solution, suffered a security breach in April 2025 involving an exploited admin wallet. The attacker minted 111 million unclaimed ZK tokens worth $5 million from airdrop contracts, increasing the circulating supply by 0.45%.
In April 2025, UPCX, a crypto payment platform, was hacked for 18.4 million UPC tokens worth $70 million. The attacker exploited a compromised private key to perform a malicious smart contract upgrade and drained funds using an admin function. UPCX froze activity and secured remaining tokens.
The incident highlights the rising threat of private key theft in DeFi and the need for better key management practices, like cold storage and multi-signature wallets, as traditional smart contract audits can’t prevent such off-chain exploits.
Zoth, a real-world asset (RWA) restaking layer, was hacked for $8.4 million after its proxy contract was tampered with. A suspicious address exploited the “USD0PPSubVaultUpgradeable” contract, allowing the attacker to withdraw $8.45 million in USD0++.
The stolen funds were then swapped for DAI and converted into 4,223 ETH, now worth around $8.29 million. Blockchain security analyst Cyvers and X user @0xtroll were among the first to identify the breach.
In February 2025, blockchain gaming platform WEMIX was hacked, resulting in the theft of 8.65 million WEMIX tokens worth $6.1 million. Hackers used stolen authentication keys from WEMIX’s NFT platform, NILE, to infiltrate the system and execute 13 successful withdrawals. CEO Kim Seok-Hwan delayed the public disclosure to prevent market panic and further risks.
A criminal complaint was filed immediately, and WEMIX began migrating to a more secure infrastructure. Digital Asset Exchange Alliance (DAXA) has labeled WEMIX a cautionary asset and suspended deposits.
On February 21, 2025, hackers stole approximately $1.46 billion in cryptoassets from Bybit, a Dubai-based exchange. Investigators believe malware tricked the platform into approving unauthorized transactions, sending funds to the attacker.

Elliptic continues working with Bybit, crypto service providers, and investigators to track the funds and prevent North Korea from profiting.
In January 2025, specifically between January 21st and 24th, AdsPower, a company specializing in anti-detect browser technology, suffered a cyberattack resulting in the theft of $4.7 million in cryptocurrency.
The attackers compromised AdsPower’s distribution system, replacing a legitimate browser plugin used for managing crypto wallets with a malicious version.
For those three days, users who downloaded or updated the plugin unknowingly installed malware. This malware allowed the attackers to steal mnemonic phrases and private keys, giving them full access to users’ crypto wallets.
Five wallets were ultimately compromised. This attack highlights the danger of off-chain vulnerabilities, even when software is downloaded from seemingly legitimate sources. It reinforces the importance of robust private key security practices such as cold storage and multi-signature wallets for protecting substantial crypto holdings.
On Jan. 23, 2025, the Phemex cryptocurrency exchange was the victim of a significant security breach. Attackers exploited a vulnerability in Phemex’s hot wallet system, resulting in the theft of over $85 million in cryptocurrency.
Phemex immediately responded by suspending deposits and withdrawals, and initiated an investigation with third-party security experts and law enforcement.
While initially estimated to be lower, the scale of the theft was progressively revised upwards by security firms and analysts. Phemex CEO Federico Variola described the attack as “sophisticated” but refrained from naming any specific threat actors.
Although the investigation is ongoing, large-scale crypto thefts are often attributed to North Korean hacking groups. Phemex has since implemented a more secure system and is gradually restoring withdrawal functionality for various cryptocurrencies and networks. They have also cautioned users to avoid using old deposit addresses.
The DeFi space experienced its first major hack of 2025 when attackers exploited Moby (on 8 Jan), an options platform on the Arbitrum network, stealing $2.5 million in USDC, WETH, and WBTC. The breach was caused by a leaked private key, allowing hackers to activate an emergency withdrawal function.
However, in a dramatic twist, whitehat hacker Tony Ke from Solayer Labs/Fuzzland recovered $1.5 million in USDC by exploiting a flaw left in the attacker’s replacement contract. This helped decrease total losses by 60%.
Moby assured users that it would reimburse affected traders and liquidity providers, while $1 million of stolen funds in WETH and WBTC remains unrecovered.
This incident underscores the ongoing risks within DeFi and highlights the critical role of whitehat hackers in mitigating damage.
The Chainalysis 2025 Crypto Crime Report highlights critical trends shaping the evolving landscape of illicit activity in the digital asset space. As cybercriminals adopt increasingly sophisticated methods, the insights below reveal the strategies, challenges, and opportunities for combating crypto crime. These findings emphasize the importance of vigilance and advanced blockchain intelligence in safeguarding the cryptocurrency ecosystem.
In 2024, the cryptocurrency landscape continued to face significant security challenges despite advancements in blockchain technologies.
The table below summarizes the major hacks and scams of 2024, highlighting the targets, dates, and estimated losses. These incidents underscore the persistent vulnerabilities within the space and the critical need for robust security measures.
| Target | Date | Estimated loss |
|---|---|---|
| MetaWin | November 03, 2024 | $4 Million |
| M2 Exchange | October 31, 2024 | $13.7 Million |
| US government-linked crypto wallet | October 25, 2024 | $20 Million |
| Radiant Capital | October 16, 2024
January 03, 2024 |
$58 Million (approx)
$4.5 Million |
| The Morpho PAXG/USDC Market | October 13, 2024 | $230 K |
| Crypto Whale on a Blast Network | October 11, 2024 | $35 Million tokens |
| Onyx Protocol` | September 26, 2024 | $3.8 Million |
| BingX | September 20, 2024 | $43 Million |
| Indodax | September 11, 2024 | $22 Million |
| WazirX | July 18th, 2024 | $234.9 Million |
| LIFI | July 16th, 2024 | $10 Million |
| Bittensor Blockchain | July 3rd, 2024 | $ 8 Million TAO Tokens |
| Kraken | June 19, 2024 | $3 Million |
| Uwu Lend | June 10, 2024, June 13, 2024 | $19.3 Million, $3.5 Million |
| Based Doge (BOGE) | May 27, 2024 | $16,926 (91.4 M BOGE) |
| NORMIE | May 26, 2024 | $881,686 |
| Pump.fun | May 17,2024 | $1.9 Million |
| BlockTower Capital | May 15, 2024 | Undisclosed |
| Gnus.AI Discord Hack | May 5, 2024 | $1.27 Million |
| Prism Finance | March 28, 2024 | $10 Million |
| Mozaic Finance | March 15, 2024 | $2.5 Million |
| BitForex | February 23, 2024 | $57 Million |
| PlayDapp | February 09, 2024 and February 12, 2024 | $290 Million |
| Abracadabra Finance | January 30, 2024 | $6.5 Million |
| Concentric.fi | January 22, 2024 | 1.8 Million |
| Socket.Tech | January 16, 2024 | $3.3 Million |
| Gamma Strategies | January 08,2024 | $3.4 Million |
| CoinsPaid | January 08, 2024 | $7.5 Million |
| Orbit Chain | January 02, 2024 | $80 Million |
Reflecting on the year 2023, it was marked by several high-profile security breaches in the cryptocurrency space.
The following table presents an overview of the major incidents from 2023. These events not only had substantial financial consequences but also served as important lessons for enhancing cybersecurity within the industry.
| Victims | Date | Estimated loss |
| Mixim Breach | September 23, 2023 | $200 Million |
| Euler Finance | March 13, 2023 | $197 Million |
| Multichain | July 6, 2023 | $126 Million |
| BonqDAO | February 01, 2023 | $120 Million |
| HECO Bridge and HTX hack | November 23, 2023 | $115 Million |
| Atomic Wallet | June 03, 2023 | $100 Million |
| CoinEx Hack | September 12, 2023 | $70 Million |
| Curve Finance | July 30, 2023 | $60 Million |
| Kyber Network | November 22, 2023 | $54.7 Million |
| Stake.com Hack | September 04, 2023 | $41 Million |
| CoinsPaid Phishing Scam | July 22, 2023 | $37 Million |
| Krosnos Research | November 19, 2023 | $26 Million |
| Bitrue Exchange | April 14, 2023 | $23 Million |
| Angle Protocol | March 13, 2023 | $17.6 Million |
| Platypus Finance | October 12, 2023 | $9.2 Million |
| Safemoon | March 28, 2023 | $9 Million |
| dYdX Hack | November 17, 2023 | $9 Million |
| LendHub | January 12, 2023 | $6 Million |
| Deus Finance | May 05, 2023 | $6 Million+ |
| LastPass Hack | October 25, 2023 | $4.4 Million |
| Trust Wallet | February 08, 2023 | $4 Million |
| Stars Arena | October 09, 2023 | $3 Million |
| Telcoin | December 26, 2023 | $1.3 Million |
| Coins.ph | October 23, 2023 | $445K |
| Balancer | September 19, 2023 | $238K |
| Kucoin’s Twitter Scandal | April 24, 2023 | $23K USDT |
| MyAlgo | February 27, 2023 | Customer Information |
The ever-evolving nature of cryptocurrency technology continues to push boundaries, but it also invites sophisticated threats. Hacks and scams targeting centralized exchanges, DeFi protocols, and individual users highlight vulnerabilities that require constant vigilance.
As seen in 2025 so far, cybercriminals are becoming more innovative, exploiting smart contracts, private keys, and user errors. At the same time, whitehat hackers and blockchain intelligence providers play a crucial role in recovering stolen funds and mitigating damage.
Protecting the crypto ecosystem demands proactive security measures, collaboration across sectors, and ongoing user education. Whether you are a platform operator, trader, or casual investor, staying informed and adopting robust security practices is vital.
This article will continue to be updated as new incidents unfold. Stay tuned for the latest developments and insights into how the cryptocurrency industry is tackling these challenges and working toward a more secure future.
Legacy contracts often lack upgraded protections. As seen in the GMX V1 hack, outdated systems with active liquidity pools are easy targets. DeFi teams must fully decommission old versions, not just discourage usage. Yes. The Nobitex attack in June 2025 was explicitly political—hackers cited retaliation motives and even embedded anti-regime messages in burn transactions. Crypto infrastructure is now a tool in digital conflict. By creating tokens that bypass permission checks or inflate collateral values, attackers can drain funds. These aren’t simple bugs, they reflect logic-level flaws in vault architecture or oracle trust models. Absolutely. The $400M Coinbase support exploit involved bribed overseas contractors. Human error and insider risk continue to bypass even the most secure technical systems. Cross-chain bridges rely on complex validator networks and often use single points of failure like hot wallets or admin keys. Despite past incidents, many bridges still lack multi-signature security or robust monitoring. The Force Bridge exploit in June 2025 proved that compromised keys remain a critical threat vector for cross-chain protocols. Hackers are using more advanced laundering methods, including instant token swaps, cross-chain bridges, and privacy mixers like Tornado Cash. In the ByBit and Nobitex cases, attackers moved assets across dozens of wallets and chains within minutes, using anonymity-focused exchanges and wrapped tokens to obscure the origin and ownership of funds.