Crypto Hack and Fraud Costs in the First Six Months of 2025: A Detailed Look

BY KEYHUNTER 06.07.2025

Crypto Hack and Fraud Costs in the First Six Months of 2025: A Detailed Look

In the first half of 2025, the cryptocurrency industry faced massive financial losses due to cyberattacks, exploits, and fraudulent schemes. According to a report by blockchain security analytics company CertiK, the total losses amounted to a record $2.47 billion. At the same time, despite the impressive amounts, the second quarter saw a noticeable decrease in the number of attacks and related losses.

Overall picture of losses: figures and dynamics

  • Total losses for the first 6 months of 2025 : $2.47 billion, which is 3% more than for the same period in 2024 ($2.4 billion).
  • Losses in the second quarter : $800 million, down 52% from the first quarter.
  • Number of incidents in Q2 : 144 cases, a decrease of 59 attacks compared to the previous quarter.
  • Adjusted net loss : With over $187 million in refunds to customers, the net loss is approximately $2.2 billion.

These data indicate that, despite the overall increase in financial losses, there was a positive trend towards a decrease in the number of attacks and a reduction in damage in the second quarter.

Main causes of major losses: two major incidents

CertiK analysts note that the bulk of financial losses are associated with just two major hacks:

  1. Bybit Crypto Exchange Hack (February 21, 2025)
    Attackers exploited a vulnerability in Bybit’s cold wallet infrastructure and stole $1.5 billion in Ether (ETH). This incident was the largest in the first half of the year and significantly affected the overall loss statistics.
  2. Cetus Protocol decentralized exchange hack (May 22, 2025)
    The protocol, which runs on the Sui blockchain, lost $225 million in a successful attack.

Together, the two incidents amounted to about $1.78 billion in losses, accounting for the vast majority of all losses for the half-year.

Without these two attacks, total losses for the year would have been only $690 million, CertiK experts say, indicating a less alarming security trend.

Crypto Hack and Fraud Costs in the First Six Months of 2025: A Detailed Look

Trends in Attack Types: Phishing and Wallet Hacks

  • Phishing
    In 2025, phishing attacks became the most common type of fraud in the crypto sphere. There were 132 cases recorded with a total loss of about $410 million.
    Phishing schemes are becoming increasingly sophisticated, which requires increased attention and security measures from users.
  • Wallet Hacks
    The most significant financial losses were caused by crypto wallet hacks, with 34 incidents costing over $1.7 billion in damages. This highlights the vulnerability of personal and institutional wallets, especially if security measures are inadequate.

Safety Recommendations from CertiK

In light of the rise in phishing and other attacks, CertiK experts strongly recommend that cryptocurrency users:

  • Do not click on suspicious links and carefully check the domain names of sites.
  • Use two-factor authentication (2FA) for all accounts.
  • Consider storing private keys in hardware wallets, which provide a high level of security.
  • Follow basic digital hygiene rules and be alert to any suspicious activity.

Why the Major Losses Are Linked to Just Two Major Attacks in 2025

The main losses in the crypto sphere in the first half of 2025 are associated with two major attacks – on the Bybit crypto exchange and the Cetus protocol – for several reasons:

  • Scale and vulnerability of infrastructure . The Bybit hack was caused by a vulnerability in the cold wallet infrastructure, which allowed the attackers to steal a record $1.5 billion in Ether. Similarly, the attack on Cetus Protocol resulted in the loss of $225 million. Such large incidents are associated with technical weaknesses in key security components of the platforms that store and manage significant amounts of funds 8 .
  • Concentration of significant assets on certain platforms . Large crypto exchanges and protocols accumulate huge amounts of cryptocurrency, making them attractive targets for hackers. The losses in these two cases accounted for the vast majority of all losses – $1.78 billion out of $2.47 billion, or about 72% of all losses for the first half of the year 8 .
  • The random nature of major attacks . CertiK notes that without these two incidents, the total losses would have been significantly lower – about $690 million, which shows that large losses in the cryptosphere are often due to isolated large-scale hacks, rather than a systemic deterioration in security as a whole 8 .
  • Complexity and sophistication of attacks . Modern cyberattacks on blockchain projects are becoming increasingly complex, allowing attackers to exploit vulnerabilities in smart contracts and infrastructure, leading to major losses if the attack is successful 6 .

Thus, the main losses are associated with two major attacks due to the concentration of large funds on hacked platforms and the presence of critical vulnerabilities that allowed the attackers to steal significant amounts. At the same time, the remaining incidents, although numerous, are of a smaller financial scale, which makes the impact of these two attacks dominant in the loss statistics of 2025.

What security measures can reduce the risk of phishing attacks on cryptocurrencies

To reduce the risk of phishing attacks on cryptocurrencies, it is necessary to apply comprehensive security measures:

1. Use two-factor/multi-factor authentication (2FA/MFA)
Two-factor authentication adds an extra layer of security by requiring a second verification step in addition to your password, significantly reducing the risk of unauthorized access 7 . 2FA methods can include in-app code generation (e.g. Google Authenticator), SMS one-time passwords, or hardware tokens 7 .

2. Be careful when interacting with messages and links
Do not trust people who try to contact you for account information 6 . It is important not to click on unknown or suspicious links, especially if they come in SMS messages 6 . You should always check the domain names of the sites you are visiting 5 . If you find a phishing email, it is recommended to delete it immediately 9 .

3. Using Anti-Phishing Codes
Many crypto exchanges offer an anti-phishing code feature that users can set up in their account 6 . This code will be included in all genuine messages from the exchange, allowing you to distinguish legitimate emails from phishing attempts 6 . You should not share your anti-phishing code with anyone 6 .

4. Regular software updates
It is important to keep your wallet software, operating systems, and browsers (e.g. Google Chrome or Mozilla Firefox) up to date 6 . Updates often contain fixes for vulnerabilities that can be used by attackers for phishing attacks or other types of fraud 5 .

5. Using strong passwords and password managers
Creating and using unique, complex passwords that include lowercase and uppercase letters, numbers and special characters is critical 5 . It is recommended that you use password managers to store this data securely 5 .

6. Avoid public Wi-Fi networks
It is not recommended to conduct cryptocurrency transactions on public Wi-Fi networks, as they can easily be intercepted by hackers 5 . To ensure the security of the connection in such cases, you should use a virtual private network (VPN) 3 .

7. Install a firewall and antivirus software
To keep your home network and devices secure, you should install and maintain up-to-date antivirus software and a firewall 6 . It is also important to change the default router password and enable network encryption 5 .

8. Diversify your asset storage
You should not store all your crypto assets in one wallet or on one exchange 5 . Spreading your funds across multiple storage locations will minimize potential losses if one of the platforms is hacked 5 .

9. Using multi-signature wallets
Multi-signature wallets require more than one key to authorize a transaction, which greatly increases the security of assets and makes unauthorized access more difficult 5 .

10. Education and Awareness
It is important to stay informed about the latest cryptocurrency scams and stay up to date with new threats 4 . Knowing social engineering techniques and safe online behavior principles helps you avoid the traps set by phishers 4 .

How Q2 Attack Decline Affects Crypto Security Landscape

The decline in attacks in Q2 2025 has a positive impact on the overall security picture of the cryptosphere in several key areas:

  • Reduced financial losses and fewer incidents . In Q2, there were 144 incidents with total losses of $800 million, down 52% from the previous quarter, and the number of breaches decreased by 59. This indicates a decrease in the activity of attackers and a decrease in the scale of attacks, which has a positive impact on the overall level of security in the industry 1 .
  • Improved user perception and trust . Fewer attacks and reduced losses help to strengthen investor and user trust in crypto platforms. This is important for the further development of the digital asset market and the attraction of new participants.
  • Effectiveness of security measures and monitoring . The reduction in attacks may reflect the successful implementation of new security protocols, real-time transaction monitoring systems, and anomaly detection systems that can identify and prevent attacks at an early stage 5 .
  • Increased accountability and collaboration in the industry . The decrease in hacks is also due to increased collaboration between crypto companies, law enforcement agencies, and analytics firms, which facilitates faster sharing of information about threats and vulnerabilities.

However, experts note that despite the decrease in the number of attacks, major incidents such as the Bybit and Cetus Protocol hacks have a significant impact on overall losses. This indicates the need for continuous improvement of security measures and increasing the resilience of the infrastructure to large-scale attacks.

Thus, the decrease in the number of attacks in the second quarter of 2025 is a positive signal for the cryptosphere, but does not eliminate the need to continue active work to strengthen protection and prevent major incidents 5 .

Why Wallet Hacks Make Up the Biggest Financial Loss in 2025

The main reason why wallet hacks account for the majority of financial losses in the crypto space in 2025 is due to the high concentration of funds and vulnerabilities that attackers successfully exploit:

  • Compromise of private keys and access to wallets
    Most thefts occur due to the theft or compromise of private keys, which provide full control over crypto assets. If attackers gain access to the keys, they can instantly withdraw funds without the possibility of return 8 .
  • The High Cost of Wallet Attacks
    In 2025, 34 wallet hacking incidents resulted in losses of over $1.7 billion, the largest financial loss of any attack 4 . Wallets often contain significant amounts of money, so a successful hack can result in large losses.
  • Increasing sophistication of attacks and the use of phishing
    Phishing schemes are becoming increasingly sophisticated, allowing attackers to trick users into giving up their credentials and private keys. In the first six months of 2025, 132 phishing attacks were recorded, with damages of approximately $410 million 5 . This contributes to the compromise of wallets.
  • Strategic nature of attacks
    According to analysts at TRM Labs, hacks have become strategic in nature and are often motivated by geopolitics, which increases the resources and professionalism of attackers, especially when hacking large wallets and services 2 .
  • Insufficient user protection
    Many users do not use hardware wallets or two-factor authentication, which increases the risk of a successful hack. The lack of basic security measures makes wallets vulnerable to theft.
  • Concentration of assets on large platforms and wallets
    Large amounts of cryptocurrency are concentrated in a few wallets and services, which makes them an attractive target for hackers. Hacking such wallets leads to significant losses.

Thus, wallet hacks account for the majority of financial losses in 2025 due to a combination of technical vulnerabilities, high asset concentration, sophisticated attack methods, and insufficient protection from users and services 5 .

What lessons can be learned from the largest incidents in the protection of crypto exchanges and protocols

Major incidents such as the attacks on Bybit and Cetus Protocol, as well as previous hacks of Coincheck, KuCoin and other platforms, provide valuable lessons for improving the security of crypto exchanges and protocols 8 .

Key lessons:

  • The Need for Strong Security Protocols and Investment in Technology Cryptocurrency exchanges must develop and implement stronger security protocols, including multi-factor authentication (MFA) and encryption of user data 5 . It is important to invest in modern security technologies and hire highly qualified cybersecurity experts 5 .
  • Regular audits and testing of systems for vulnerabilities Regular security audits and testing of systems for vulnerabilities (pen tests) should be carried out, especially for updatable smart contracts ( upgradeable proxy), to prevent unauthorized change of the “master copy” 5 .
  • Transaction transparency and limited upgrade rights Signers should be able to verify the exact code that will be run, not just the “pretty description” of the transaction 5 . A more rigorous model for contract modification should also be used, providing a “time window” for anomalies to be detected by other signers and auditors 5 .
  • Separation of roles and powers Not all signatories should have equal weight when upgrading a wallet. It is possible to appoint specialized signatories responsible only for technical updates, which undergo a separate verification procedure 5 .
  • Creating and Protecting Reserve Funds An important step is to create separate, well-protected reserves that will prevent the complete loss of user funds in the event of a successful attack 5 .
  • Strengthening operational security This involves reviewing the company’s overall security strategy, ensuring that all defense tactics work together, regularly updating strategies to counter the latest threats, and being able to assess the technology environment from an attacker’s perspective 4 .
  • Transaction Monitoring and Blockchain Analytics DeFi protocols need to step up their efforts to prevent hackers from exploiting their infrastructure 1 . Blockchain analytics, transaction monitoring, wallet verification, and risk management software can all play an important role without compromising decentralization 1 . Bybit’s example showed the difficulty of freezing funds spread across hundreds of wallets, highlighting the importance of improvements in this area 1 .
  • End-user security and employee training Many cyber-attacks begin with phishing emails, so securing devices and training employees to recognize threats (such as phishing) is of utmost importance 5 . Regularly updating devices, using anti-virus software, and conducting cyber hygiene training are key elements of end-user protection 4 .

These lessons highlight the importance of a comprehensive approach to security that covers technical, organizational and human aspects to create a safer environment for trading and investing in cryptocurrencies 5 .

Several key lessons can be learned from the major hacks of crypto exchanges Coincheck (2018) and KuCoin (2020) that have had a significant impact on the development of security standards in the crypto industry:

Lessons from the Coincheck Hack

  • Separation of Hot and Cold Wallets
    Coincheck stored the majority of funds in an unsecured hot wallet, allowing hackers to steal approximately $535 million worth of tokens. This incident highlights the critical need for strict asset segregation: the majority of funds should be stored in cold wallets that are not connected to the internet to minimize the risk of theft.
  • Introducing strict security standards and mandatory user verification
    Following the Coincheck hack, security procedures and customer identification requirements have been strengthened to help prevent fraud and improve control over operations.

Lessons from the KuCoin Hack

  • The vulnerability of hot wallets and the need to protect them
    The KuCoin hack occurred due to the compromise of hot wallets that were connected to the Internet and were not sufficiently protected. Hackers gained access to private keys through phishing attacks and were able to bypass the multi-signature system.
  • Quick response and cooperation
    KuCoin quickly froze deposits and withdrawals, launched an investigation, and worked closely with other crypto companies and law enforcement agencies. Thanks to this, the exchange was able to recover about 84% of the stolen assets, and cover the remaining losses with its own capital and insurance fund.
  • Implementation of Security and Training Programs
    Following the incident, KuCoin established the Safeguard Program to share experiences and improve the preparedness of other companies for similar attacks. Internal security controls were also strengthened, and intrusion detection systems and key management were updated.

General conclusions and recommendations

  • Multi-level protection and multi-signature
    Using multi-signature wallets and multi-level access control systems reduces the risks of unauthorized withdrawal of funds.
  • Comprehensive security audit
    The audit should cover not only smart contracts, but also the entire infrastructure, including off-chain processes and technological operations.
  • Educate employees and users
    Regular training in phishing and social engineering detection methods increases resilience to attacks.
  • Monitoring and rapid response
    Implementation of transaction and anomaly monitoring systems allows for the rapid detection of suspicious activity and the prevention of major losses.
  • Diversifying Asset Storage
    Splitting your funds between cold and hot wallets, as well as between different platforms, reduces overall risk.

These lessons from the Coincheck and KuCoin hacks have become the foundation for raising security standards in the crypto industry and continue to shape modern approaches to protecting digital assets 5 .

Conclusion

The first half of 2025 showed that the cryptocurrency space remains an attractive target for attackers, resulting in significant financial losses. However, the decrease in the number of attacks and damage in the second quarter gives hope for an improvement. The major incidents with Bybit and Cetus Protocol highlighted the importance of continuous improvement of security measures, both at the level of crypto exchange and protocol infrastructure, and among end users.

Being mindful of security, using modern security tools, and raising awareness are key factors that will help reduce risks and make the crypto space safer for all participants.

  1. https://www.hx.technology/ru/blog-ru/bybit-hack-other-major-cryptocurrency-incidents-ru
  2. https://coinmarketcap.com/academy/ru/article/largest-crypto-heists-in-history-have-exchanges-learned-anything-from-their-mistakes
  3. https://www.block-chain24.com/faq/kak-kriptobirzhi-spravlyayutsya-s-krizisami-likvidnosti-posle-krupnyh-vzlomov
  4. https://dzengi.com/ru/kak-hakery-poluchayut-desyatki-milliardov-dollarov-krupnejshie-vzlomy-kriptobirzh-v-istorii
  5. https://www.binance.com/ru/square/post/952859
  6. https://www.kaspersky.ru/blog/top-5-cryptocurrency-heists/34151/
  7. https://walletz.ru/istiria_kraz_kriptovalut/
  8. https://gerchik.com/journal/kriptovalyuty/kryptoprestuplenia/
  9. https://www.securities.io/ru/Kucoin-%D0%BF%D0%BE%D1%81%D1%82%D1%80%D0%B0%D0%B4%D0%B0%D0%BB-%D0%BE%D1%82-%D0%BA%D1%80%D0%B0%D0%B6%D0%B8-150-%D0%BC%D0%B8%D0%BB%D0%BB%D0%B8%D0%BE%D0%BD%D0%BE%D0%B2-%D0%B4%D0%BE%D0%BB%D0%BB%D0%B0%D1%80%D0%BE%D0%B2,-% D1%87%D1%82%D0%BE-%D1%81%D1%82%D0%B0%D0%BB%D0%BE-%D0%BF%D0%BE%D1%81%D0%BB%D0%B5%D0%B4%D0%BD%D0%B8%D0%BC-%D0%B2-%D0%B4%D0%BB %D0%B8%D0%BD%D0%BD%D0%BE%D0%B9-%D1%87%D0%B5%D1%80%D0%B5%D0%B4 %D0%B5-%D0%BD%D0%B0%D1%80%D1%83%D1%88%D0%B5%D0%BD%D0%B8%D0%B9/
  10. https://www.bitget.com/ru/news/detail/12560604595593
  1. https://www.block-chain24.com/articles/cryptocurrency-hackers-alarm-signal-for-defi
  2. https://www.kaspersky.ru/resource-center/preemptive-safety/strengthen-cryptocurrency-security
  3. https://www.hx.technology/ru/blog-ru/top-blockchain-incidents-involving-hacking-attacks-ru
  4. https://www.kaspersky.ru/resource-center/preemptive-safety/cybersecurity-training
  5. https://ixbt.pro/articles/2025/03/06/it-ekspert-o-poteriannyx-146-mlrd-bybit-kak-texniceski-stalo-vozmoznym-krupneisee-v-istorii-kripto.html
  6. https://itsecurity.ru/catalog/bt41/
  7. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
  8. https://sbersova.ru/sections/invest/rynok-kriptovalyut-vozmozhnosti-i-riski
  9. https://habr.com/ru/companies/gaz-is/articles/899840/
  10. https://cisoclub.ru/certik-kriptovaljutnye-krazhi-v-pervoj-polovine-2025-goda-uzhe-oboshlis-dorozhe-chem-vse-poteri-za-ves-2024-god/
  1. https://www.rbc.ru/crypto/news/685ea64c9a7947de65e03d13
  2. https://www.moneytimes.ru/news/crypto-hacking-trends/70942/
  3. https://www.block-chain24.com/news/novosti-bezopasnosti/certik-poteri-kriptovalyuty-ot-vzlomov-dostigli-25-mlrd-v-pervoy-polovine
  4. https://www.coindesk.com/ru/business/2025/07/01/crypto-investors-lost-usd2-5b-to-hack-and-scams-in-the-first-half-of-2025
  5. https://ru.cointelegraph.com/news/otal-hacks-down-q2-after-record-losses-2025-h1
  6. https://ru.beincrypto.com/poteri-vzlom-mart/
  7. https://fintech-retail.com/2025/03/10/kiberbez-24-25/
  8. https://bitok.org/ru/blog/2025-crypto-hacks-exploits-report
  9. https://fpa.ru/info/moshennicheskie-shemy-s-kriptovaljutoj/
  10. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9F%D0%BE%D1%82%D0%B5%D1%80%D0%B8_%D0%BE%D1%82_%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%BF%D1%80%D0%B5%D1%81%D1%82%D1%83%D0%BF%D0%BD%D0%BE%D1%81%D1%82%D0%B8
  1. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9A%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D1%8B_%D0%B2_%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8
  2. https://legalforum.info/programme/
  3. https://www.nbrb.by/bv/articles/10543.pdf
  4. https://cyberleninka.ru/article/n/kriminogennaya-rol-kriptovalyuty
  5. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
  6. https://www.itsec.ru/articles/strahovanie-riskov-v-kriptosfere-zashchita-cifrovyh-aktivov-i-obespechenie-bezopasnosti
  1. https://cryptocloud.plus/blog/kak-zashchitit-kriptovalyutu-ot-krazhi
  2. https://vc.ru/crypto/1047810-bezopasnost-v-mire-kriptovalyut-osnovnye-mery-zashity-kriptovalyuty
  3. https://www.kaspersky.ru/resource-center/preemptive-safety/strengthen-cryptocurrency-security
  4. https://coinspaidmedia.com/ru/academy/basic-crypto-security-practices/
  5. https://ibmm.ru/news/kriptoindustriya/bezopasnost-v-kriptovalyute/
  6. https://support.coinex.com/hc/ru/articles/900001866266-%D0%9A%D0%B0%D0%BA-%D0%BF%D1%80%D0%B5%D0%B4%D0%BE%D1%82%D0%B2%D1%80%D0%B0%D1%82%D0%B8%D1%82%D1%8C-%D1%84%D0%B8%D1%88%D0%B8%D0%BD%D0%B3%D0%BE%D0%B2%D1%8B%D0%B5-%D0%B0%D1%82%D0%B0%D0%BA%D0%B8
  7. https://www.hx.technology/ru/blog-ru/how-to-protect-your-cryptocurrency-ru
  8. https://headframe.io/blog/kak-snizit-riski-bezopasnosti/
  9. https://www.kaspersky.ru/resource-center/preemptive-safety/phishing-prevention-tips
  10. https://www.morpher.com/ru/blog/how-to-secure-your-cryptocurrency
  1. https://roscongress.org/materials/klyuchevye-sobytiya-2025-geoekonomika-prgnozy-osnovnye-riski/
  2. https://ptsecurity.com/ru-ru/research/analytics/kiberugrozy-finansovoi-otrasli—prognoz-na-2025-2026-g/
  3. https://arppsoft.ru/boards/mob/news/members/17913/
  4. https://www.comnews.ru/content/239955/2025-07-02/2025-w27/1008/bolee-62-rossiyskikh-it-kompaniy-zaplanirovali-rost-ib-byudzheta-2025-g
  5. https://realnoevremya.ru/news/341093-samaya-ubytochnaya-krupnaya-otrasl-v-rossii-v-2025-godu-ugolnaya
  6. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-iv-kvartal-2024-goda-i-kvartal-2025-goda/
  7. https://rnrc.ru/press-center/public/2025/public-20250623.php
  8. https://cisoclub.ru/certik-kriptovaljutnye-krazhi-v-pervoj-polovine-2025-goda-uzhe-oboshlis-dorozhe-chem-vse-poteri-za-ves-2024-god/
  9. https://www.kommersant.ru/doc/7712499
  10. https://www.kaspersky.ru/blog/ransomware-trends-2025-and-5-new-reasons-not-to-pay/39500/