The Crypto Theft 2025 report highlights a troubling year for the cryptocurrency ecosystem. Over $3.4 billion worth of cryptocurrency was stolen between January and early December 2025, marking a significant increase from previous years. The February compromise of Bybit alone accounted for $1.5 billion, making it the largest breach of the year. Despite efforts to bolster security, trends indicate that crypto theft is continuing to evolve, with new patterns emerging across different platforms.
Chainalysis analysis reveals a notable shift in theft patterns. These include a persistent threat from North Korea (DPRK), increasingly severe attacks on centralized services, a rise in personal wallet compromises, and a divergence in decentralized finance (DeFi) hack trends. The growing volume of personal wallet thefts is particularly concerning, with these compromises rising from 7.3% of total stolen funds in 2022 to 37% in 2025, excluding the massive Bybit attack. Meanwhile, centralized services are facing larger losses due to private key compromises, a fundamental security challenge that remains hard to overcome.
The Growing Impact of Major Hacks
The majority of stolen funds are driven by outliers, with a few high-profile hacks accounting for a disproportionate share of losses. In 2025, the gap between the largest thefts and the median of all incidents crossed the 1,000x threshold for the first time. The top three hacks of 2025 alone accounted for 69% of all service losses, highlighting how individual incidents can skew the year’s totals. This growing discrepancy underscores the increasing risks posed by large-scale breaches, which are escalating faster than the growth of median losses tied to asset price increases.
North Korea’s Dominance in Crypto Theft
North Korea remains the most significant nation-state actor in cryptocurrency theft. In 2025, DPRK hackers stole at least $2.02 billion, a 51% increase from the previous year. These attacks now account for a record 76% of all service compromises. Despite a reduction in the frequency of DPRK attacks, the value of stolen funds reached new heights, marking the most severe year for North Korean crypto theft.
DPRK’s increasing success can be attributed to their evolving tactics. One major strategy involves embedding IT workers inside crypto services to gain privileged access and execute high-impact compromises. This method has allowed North Korean hackers to infiltrate exchanges, custodians, and web3 firms. Moreover, the DPRK has increasingly used social engineering techniques to target sensitive systems and gain access to high-value infrastructure. By impersonating recruiters for web3 and AI firms, they have orchestrated fake hiring processes that ultimately lead to credential theft and system breaches.
The Future of Crypto Theft: Growing Challenges Ahead
As cryptocurrency adoption grows, so do the challenges in securing digital assets. While some areas of crypto security may be improving, attackers are adapting and exploiting new vulnerabilities. The rise of personal wallet compromises, in particular, is alarming, as this method of theft becomes increasingly common. Moreover, the growing sophistication of state-sponsored actors like North Korea presents an ongoing challenge for the industry.
Looking ahead, it’s clear that the fight against crypto theft will require new approaches to security and vigilance. As crypto theft volumes remain high, understanding the evolving tactics of cybercriminals and the impact of global geopolitical factors will be key to shaping the future of cryptocurrency security.
READ: Human Oversight Key as AI Advances: HSBC’s Approach to Tech Innovation
