Cryptocurrency Hack Losses Decline in May 2025: Causes, Large-Scale Attacks, and Impact of North Korea Cyber Threats on Global Security and Industry Trust

Analytical Review: Cryptocurrency Hack Losses to Decline in May 2025

In May 2025, there was a significant decrease in losses from cryptocurrency hacks — by 40% compared to April, amounting to $244 million, according to PeckShield, a company specializing in blockchain security. Despite the decrease in the total amount of funds stolen, the industry continues to face serious cyber threats. In this article, we take a closer look at the key events of May, the reasons for the incidents, and the efforts of the crypto industry to combat hacker attacks.

Key facts and details for May 2025

1. Overall reduction in losses and number of hacks

There were about 20 major cryptocurrency hacks recorded in May.
Total losses amounted to $244.1 million, which is 39.29% less than in April.
The decline is due to the fact that the largest incident of the month accounted for about 90% of the total amount of funds stolen.

The data is confirmed by an official announcement from PeckShield published on May 31 on the X platform.

2. The biggest hack of the month is the attack on the decentralized exchange Cetus

The hack occurred on May 22 on DEX Cetus.
User losses amounted to $223 million within 24 hours.
According to Dedaub, hackers exploited a vulnerability in the most significant bit (MSB) check, which allowed them to manipulate liquidity parameters and open large positions instantly.

3. Freezing of stolen funds

Cetus and Sui Network jointly froze $157 million in stolen funds.
This represents about 71% of the total amount stolen in May.
This prompt response made it possible to significantly limit the damage and prevent further money laundering.

4. The second biggest hack is the attack on the DeFi platform Cork Protocol

The attacker stole cryptocurrency worth about $12 million.
According to Cyvers, the exploit was used to steal approximately 3,761 Wrapped Staked Ether (wstETH), which were then converted into Ethereum (ETH).

5. Other Notable Hacks of the Month

Hack Allegedly Linked to North Korea Worth $5.2 Million
$2.2M MBU Token Exploit
Exploit in MapleStory Universe for $1.2 million.

Context and dynamics of losses in 2025

In February 2025, record losses were recorded – $1.51 billion, which became the maximum figure for the current year.
Hackers stole more than $1.63 billion in the first quarter of 2025.
The main reason for the sharp increase in losses at the beginning of the year was the attack on the Bybit exchange, which accounted for more than 92% of all losses during this period.
January saw losses of over $87 million, while February saw a sharp jump to $1.53 billion.

The Crypto Industry’s Efforts to Fight Hackers

The crypto industry is actively increasing security measures to prevent attacks.
For example, the BitMEX exchange security team carried out countermeasures against the Lazarus Group, a hacker group linked to North Korea.
The investigation revealed IP addresses, databases and tracking algorithms used by the group.
Such actions demonstrate growing coordination and professionalism in the fight against cybercriminals.

What Caused Crypto Hack Losses to Drop by 40 Percent in May?

May 2025 saw a significant decrease in losses from cryptocurrency hacks, indicating a gradual improvement in the blockchain security situation. However, large-scale attacks such as the Cetus incident are a reminder of the high vulnerability of decentralized platforms and the need for continuous improvement of defense mechanisms.

The successful freezing of a significant portion of the stolen funds and active efforts to counter hacker groups are positive signs for the entire industry. However, given the dynamics of losses at the beginning of the year and the complexity of attacks, the crypto community will have to continue efforts to improve security and develop innovative solutions to protect users and platforms.

The 40% drop in cryptocurrency hack losses in May 2025 is due to several key factors:

Active freezing of stolen funds . According to PeckShield, the largest hack of the decentralized exchange Cetus in May resulted in the loss of $223 million, but Cetus and Sui Network were able to freeze about $157 million, which was about 71% of the total amount of stolen funds. This significantly limited the attackers’ ability to launder and further use the stolen assets, reducing the overall damage 1 .
Strengthening security measures and coordination in the crypto industry . Companies and platforms continue to implement modern security protocols, real-time transaction monitoring, and anomaly detection systems, which allows for the early detection and prevention of attacks. There is also a more effective exchange of information on vulnerabilities and threats between market participants, which increases the overall resilience of the ecosystem 1 .
Increased law enforcement attention and countermeasures against hacker groups . For example, the BitMEX security team identified and partially neutralized the Lazarus Group, a hacker organization linked to North Korea. Such actions reduce the activity and effectiveness of cybercriminals 1 .
Decrease in large-scale attacks compared to previous months . In February 2025, losses reached $1.51 billion, and in April – significantly higher than in May. In May, the number and scale of large hacks decreased, which directly affected the decrease in overall losses 1 .

Thus, the reduction in losses in May was due to a combination of successful technical and organizational measures, prompt freezing of stolen funds and increased cooperation in the crypto industry and law enforcement agencies 1 .

How Hackers Exploited MSB Verification Vulnerability to Manipulate Liquidity

Hackers exploited a vulnerability in the Most Significant Bits (MSB) check to manipulate liquidity parameters on the Cetus decentralized exchange as follows:

The vulnerability was due to improper validation or handling of MSB when setting liquidity parameter values. This allowed attackers to submit specially crafted data that the system interpreted incorrectly.
As a result, hackers could significantly distort the values of liquidity parameters – for example, artificially increase or decrease them by orders of magnitude, which made it possible to open disproportionately large positions with the click of a button.
This manipulation resulted in the exchange’s algorithms incorrectly calculating available funds and positions, allowing hackers to withdraw huge amounts of cryptocurrency bypassing normal restrictions.
Essentially, the exploit used a logical error in the processing of bit values, which made it possible to control distorted liquidity parameters and exploit them to steal funds.

These details are based on analysis by Dedaub, a blockchain security firm that identified technical aspects of the May 2025 Cetus attack [from the source data].

Why Cetus’ Biggest Hack of the Month Was So Massive and How It Managed to Freeze Most of the Funds

The largest hack of May 2025 on the decentralized exchange Cetus was large-scale for several reasons:

Vulnerability in the pricing mechanism and business logic of smart contracts . Hackers exploited an error in the verification of liquidity parameters, which allowed them to drain tokens from the main liquidity pools of the Cetus protocol. This vulnerability made it possible to manipulate prices and withdraw huge amounts of money – in the end, about $223 million was stolen 1 5 .
High trading volume and liquidity . In April and May 2025, Cetus saw trading volumes exceeding $5 billion, indicating a significant concentration of assets in liquidity pools. This created an attractive target for attackers and ensured the scale of the attack 1 .
Fast response and freezing of funds . After the attack, the Cetus team and partners were able to quickly freeze about $162 million in stolen funds — approximately 71% of the stolen funds. This was made possible by close interaction with blockchain networks and protocols, as well as technical capabilities for blocking transactions and freezing assets 1 .
Liquidity recovery and support . To restore liquidity pools, Cetus replenished reserves with $7 million, and also received a $30 million loan from the Sui Foundation and returned some of the assets seized from hackers. This allowed us to partially compensate for the damage and stabilize the protocol 1 .
Relaunch and Security Tightening : The Cetus team has announced a relaunch with open source code and a bounty program for white hat hackers, which aims to prevent similar incidents in the future 1 .

Thus, the scale of the hack is explained by a vulnerability in the protocol and high liquidity, and a significant portion of the funds were frozen due to a quick technical response and cooperation within the crypto ecosystem.

What measures is the crypto industry taking to strengthen protection against such attacks in the future?

The crypto industry is taking a range of measures to strengthen its defenses against attacks like the Cetus hack, in order to minimize risks and improve the security of users and platforms. Key areas and specific measures include:

Implementation of multi-factor authentication (2FA/MFA) . This is an additional level of protection that requires not only a password, but also a second confirmation (for example, a code from a mobile device), which significantly reduces the risk of unauthorized access to accounts and wallets 1 3 .
Using cold storage for cryptocurrency . Hardware and paper wallets store keys offline, which protects assets from online hacks and exploits 1 .
Using multi-signature wallets . Transactions require the consent of several keys, making it difficult to steal funds even if one of the keys is compromised 2 5 .
Regular software updates and smart contract audits . This helps identify and fix vulnerabilities before they can be exploited. A comprehensive audit includes not only the code but also the infrastructure, which increases the overall level of security 2 5 .
Monitoring and rapid response to anomalies . Modern security systems use transaction analysis tools and artificial intelligence to quickly detect suspicious activity and prevent attacks 5 .
User and employee training . Regular training on recognizing phishing, social engineering, and other fraudulent methods helps reduce the human factor in vulnerability 5 .
Implementation of anti-phishing mechanisms and IP whitelists . This allows us to distinguish genuine messages and restrict access to accounts only from trusted devices and networks 2 .
Diversification of asset storage . Distributing cryptocurrency across multiple wallets and platforms reduces potential losses if one of them is hacked 2 .
Cooperation with law enforcement and other market participants . Sharing information on cyber threats, joint investigations and countermeasures against hacker groups, as was the case with Lazarus Group, increases the effectiveness of protection 5 6 .
Development and implementation of innovative technologies . Using AI to monitor threats, improve cross-chain protocols and secure bridges between blockchains helps strengthen the security of the entire ecosystem 5 .

Thus, the crypto industry is building a multi-layered defense system that combines technical innovations, organizational measures, and educational programs to effectively counter modern cyber threats and reduce the risk of large-scale hacks.

How North Korea-Linked Attacks Affect Global Cryptocurrency Platform Security

North Korea (DPRK)-related attacks have a major impact on the global security of cryptocurrency platforms for several reasons:

State-backed and scale of attacks . North Korean hackers, particularly the Lazarus group, are backed by the regime, which gives them the resources, technology, and motivation to carry out large-scale and sophisticated cyberattacks on crypto exchanges and DeFi platforms around the world. They have stolen around $3 billion worth of cryptocurrency in recent years, with a significant portion of that stolen in 2022–2023 1 5 7 .
Leveraging advanced techniques and vulnerabilities : Hackers from the DPRK use sophisticated exploits, malware, social engineering, phishing attacks, and fake job posting schemes, which allow them to penetrate the infrastructure of crypto projects and steal funds with high efficiency 5 6 .
Laundering stolen funds through DeFi and mixers . North Korean groups actively use decentralized financial protocols and crypto mixers to hide traces of thefts, making it difficult to track and recover stolen assets. This makes the crypto industry vulnerable and contributes to the increase in successful attacks 5 .
Financing nuclear and military programs . The proceeds are used to circumvent international sanctions and finance the DPRK’s military programs, making these attacks not just criminal, but part of a geopolitical strategy and a threat to global security 1 5 .
Impact on market trust and stability : Numerous attacks reduce investor and user confidence in cryptocurrency platforms, cause financial losses, and require the industry to continually strengthen security and regulation.

As such, North Korea-linked attacks pose a serious and systemic threat to the global crypto ecosystem, requiring coordinated efforts from industry and law enforcement to counter and mitigate risks.

How North Korea’s Cyberattacks Affect Trust in Cryptocurrency Platforms Globally

North Korea (DPRK)-related attacks significantly undermine trust in cryptocurrency platforms globally for the following reasons:

High frequency and scale of attacks . North Korean hackers, in particular the Lazarus group, have stolen about $1.5 billion worth of cryptocurrency in recent years and continue to actively attack exchanges and DeFi projects. Such regular and large-scale thefts raise concerns among users and investors about the safety of their funds 1 2 4.
State support for hackers and their professionalism . North Korean hacker groups have high technical skills, use complex exploits and malware, which makes their attacks especially dangerous and successful. This reinforces the perception of crypto platforms as vulnerable and insufficiently protected 1 2 .
Laundering stolen funds through decentralized services . North Korean hackers actively use DeFi protocols and mixers to hide traces of thefts, which complicates the recovery of funds and investigations. This reduces trust in the transparency and security of the crypto ecosystem as a whole 1 5 .
Impact on the reputation of crypto exchanges and projects . Frequent hacks and losses of funds lead to negative news and a deterioration in the reputation of platforms, which makes users more cautious or leave the market altogether. This slows down the development of the industry and reduces investment attractiveness 1 3 .
Increased security and regulation requirements . Threats from North Korea and other cybercriminals are increasing pressure on crypto platforms to implement strict security measures and cooperate with law enforcement. This reflects the risks involved and influences the perception of the industry as unstable 1 6 .

As such, North Korean cyberattacks undermine trust in cryptocurrency platforms, creating an atmosphere of risk and uncertainty that requires the industry to continually improve security and transparency to retain users and investors.