Crypto Losses Hit $2.9B in 2025 as Hacks Grow Larger, Fewer

According to blockchain security firm SlowMist’s 2025 Blockchain Security & AML Annual Report, the total value stolen from crypto hacks surged to approximately $2.935 billion this year. This represents a staggering 46% increase from the $2.013 billion lost in 2024. The alarming velocity of this trend was signaled earlier in the year by Chainalysis, whose mid-year report noted a significantly steeper trajectory of thefts by the end of June than in any previous year.

However, this dramatic rise in financial damage occurred alongside a sharp decline in the number of security incidents. The report shows only 200 cases in 2025, a 51% year-over-year decrease from the 410 hacks reported in 2024. This inverse relationship—fewer incidents but vastly greater losses—signals a definitive and troubling industry shift. Malicious actors are now executing fewer, more targeted, and significantly larger-scale heists, concentrating their efforts for maximum financial impact.

A deep dive into the sectoral distribution of attacks reveals a clear dichotomy. Decentralized finance (DeFi) remained the most frequently targeted sector, accounting for 126 of the 200 total security incidents, or approximately 63%. Yet, the financial toll on DeFi actually decreased year-over-year, with losses totaling around $649 million—a 62% drop from 2024’s $1.029 billion. The number of DeFi incidents also fell by 37% from 339 the previous year.

In stark contrast, centralized exchange (CEX) platforms, while suffering far fewer incidents, absorbed catastrophic losses. The 22 reported CEX hacks accounted for a colossal $1.809 billion in stolen funds. This figure was overwhelmingly driven by a single event: the February attack on Bybit, which resulted in approximately $1.46 billion being stolen. This incident alone stands as the most serious and largest security event of 2025, single-handedly skewing the annual loss figures and underscoring the concentrated risk in centralized custodial services.

The nature of the threat itself continued to evolve in 2025. As noted by SlowMist, while phishing remained active, attack methods grew more sophisticated and deceptive. Malicious actors have moved beyond relying on a single vector. Traditional phishing has expanded into complex strategies involving permission hijacking, malicious code execution, and supply-chain poisoning. Modern attacks increasingly combine social engineering, browser exploitation, novel protocol mechanics, and hybrid lure strategies to create stealthy and destructive attack chains that are far more difficult to detect and prevent.

Concurrently, the global regulatory and law enforcement response displayed what the report describes as a “clear trend of escalation.” Agencies directly intervened in key areas including crypto-related money laundering, fraud, sanctions evasion, and illicit financing. This heightened enforcement yielded tangible results: there were 18 incidents in 2025 where lost funds were either recovered or frozen. Across these cases, which involved a total of $1.95 billion in stolen funds, nearly $387 million was successfully clawed back or immobilized, demonstrating a growing capability to track and intercept illicit crypto flows.

SlowMist’s conclusion points toward the future imperative for the industry. The firm asserts that the development of the Web3 industry will no longer rely solely on technical innovation. Instead, longer-term resilience in the next cycle will belong to organizations that can build stronger internal security controls, more transparent fund governance models, and more comprehensive Know-Your-Transaction (KYT) and Anti-Money Laundering (AML) review capabilities. The data from 2025 makes it unequivocal: as attacks grow in scale and sophistication, the industry’s survival depends on matching that evolution with robust security and compliance frameworks.