A record year for hackers: attack schemes and key vulnerabilities

This year has already become the worst on record for cryptocurrency security: hackers have never stolen as much as they did in 2025. What caused this sharp spike in cybercriminal activity, and how does it affect everyday users?

Cybercrime records

According to a report by the analytics firm Hacken, criminals stole nearly $3.1 billion in the first half of 2025 through various types of attacks. This isn't just a record — it's an unprecedented number. By comparison, in all of 2024, only $2.85 billion was stolen. In 2022, thefts over the same period amounted to around $1.2 billion — meaning the volume has more than doubled in just three years.

Among all attack types, exploiting access control vulnerabilities proved most effective, including both direct hacks and social engineering. These attacks alone brought in $1.83 billion — or 58% of the total haul.

Another nearly $600 million (19%) came from phishing attacks, $300 million from rug pulls, and $273 million from exploiting smart contract vulnerabilities.

It's also worth noting that Hacken uses a very conservative methodology, and the reported figures likely represent a lower-bound estimate of losses from scams and thefts. For example, Chainalysis reported far higher numbers for 2024 — $9.9 billion. So-called "soft" rug pulls and pump & dump schemes aren't included in Hacken's statistics at all.

Biggest cryptocurrency thefts of 2025

The most significant crypto theft in the first half of 2025 was the Bybit exchange hack on February 21. The attackers stole $1.46 billion worth of Ethereum. They accomplished this by spoofing the transaction signing interface in one of the exchange's wallets. All participants in the multisignature procedure saw a legitimate address, but the funds were being sent to a completely different wallet.

The second-largest theft was from an American crypto user on April 28. Using social engineering, the attackers gained access to the wallet and withdrew 3,250 BTC (about $330 million at the time). The bitcoins were later exchanged for Monero, causing the XMR price to spike temporarily by 50%.

Rounding out the top three is the attack on decentralized exchange Cetus, which resulted in $223 million in losses. Hackers exploited a vulnerability in the automated market maker's liquidity parameter verification algorithm.

Why the surge in crypto hacker success?

Hacken analysts note that criminals have increasingly relied on social engineering and phishing, as well as exploiting weaknesses in crypto platform business processes. In simple terms, they now count more on human error than technical flaws. In several cases, attackers even used insiders — current or former employees of crypto companies — making these attacks harder to detect.

Furthermore, there has been a tenfold increase in attacks using artificial intelligence compared to 2023. AI tools have been used to craft personalized phishing emails, bypass CAPTCHA protections, and analyze smart contract vulnerabilities in real-time. Nearly all such attacks targeted poorly protected crypto platform APIs.

Finally, there's more money in crypto now than ever before. Thanks to the crypto market surge in the first half of 2025, the industry saw an influx of capital. Total market capitalization peaked at over $3.8 trillion in May 2025, setting a new all-time high. In other words, hackers simply had more potential loot.

How to protect your crypto

The first six months of 2025 reminded everyone just how vulnerable crypto exchanges are. The Cetus breach proved that decentralization doesn't guarantee security. Therefore, storing significant amounts in exchange wallets is highly risky — don't entrust trading platforms with anything other than the assets you're actively using.

Beyond that, the alarming first-half statistics underscore the importance of following basic crypto security and storage practices, which we've discussed in detail earlier: 5 advanced ways to enhance crypto wallet security.