Cryptocurrency-related hacks resulted in losses exceeding $2 billion in the first quarter of 2025, with access control vulnerabilities accounting for the majority of the damages, according to a recent cybersecurity report.
A report by crypto cybersecurity firm Hacken, shared with Cointelegraph, revealed that approximately $1.63 billion of the total losses stemmed from access control exploits. Anmol Jain, Vice President of Investigations at AMLBot, identified the $1.4 billion attack on the Bybit exchange as a major contributor to the surge in losses.
A separate analysis by security firm PeckShield, which excluded scams from its estimates, placed total hacking-related losses at around $1.6 billion for the quarter.
Reports from late February suggested that the North Korean group responsible for the Bybit breach controls over 11,000 cryptocurrency wallets used for laundering stolen assets. The involvement of state-affiliated hackers highlights an increasing level of sophistication in cybercriminal operations.
The impact of such breaches is stark—considering that total losses for the entirety of 2024 stood at $2.25 billion, Q1 2025’s figures suggest an alarming rise in large-scale attacks. Hacken’s report emphasized that securing digital assets requires a comprehensive approach, stating:
“Ensuring asset security goes beyond safeguarding on-chain code. The entire infrastructure—from front-end interfaces to internal operations—must be fortified, as a single weak point can compromise the entire system.”
The report highlighted that both centralized and decentralized platforms have suffered due to operational lapses, security gaps, and social engineering attacks. Rather than introducing new exploit techniques, attackers have continued to leverage known vulnerabilities with increasing success.
While smart contract weaknesses remain a concern, Hacken noted that most financial damage now results from issues related to people, processes, and permission structures. Notably, this marks the third consecutive quarter in which a multisignature wallet-related exploit ranked as the top attack vector.
The Bybit incident involved hackers compromising the Safe{Wallet} front-end. Similar multisignature-related breaches include the Radiant Capital hack in Q4 2024 and the WazirX hack in Q3 2024, indicating a recurring security risk for platforms relying on such implementations.
Beyond direct hacks, scams also inflicted substantial financial losses, with phishing schemes accounting for $96.37 million and rug pulls causing another $300 million in damages. Hacken’s data suggests that crypto fraud is becoming increasingly professionalized, with cybercriminal groups adopting corporate-like structures.
“The most alarming trend is the emergence of organized scam networks that function like legitimate startups, complete with training programs for scammers, internal performance quotas, and multi-layered laundering operations using services like Huione Pay.”
Reports from mid-January described Huione as “the largest online illicit marketplace ever to operate.” The platform has seen a 51% increase in monthly transaction inflows within just six months, following the launch of a USD-pegged stablecoin and financial tools tailored for illicit activities.
Jain further noted that many large-scale scams originate from cybercrime hubs in Southeast Asia, particularly in Cambodia, Myanmar, and Laos, with some operations extending into Thailand. These networks often exploit trafficked individuals from countries including India, Nepal, Vietnam, and the Philippines to execute fraudulent schemes.
As the scale and sophistication of cyber threats continue to grow, cybersecurity experts stress the need for enhanced security measures and global cooperation to counteract the rising wave of digital asset theft.