Cryptocurrency losses from crypto exploits and fraud in March 2025 fell sharply to $28.8 million on the back of major incidents and successful refunds

Reduction in Losses from Crypto Exploits and Fraud in March 2025: Analysis and Details

In March 2025, losses from cryptocurrency exploits, hacks, and scams were down significantly from the February spike, when losses reached a record $1.5 billion. According to data from blockchain security company CertiK, published on April 1 on the X platform (formerly Twitter), fraudsters lost $28.8 million in March — a significant drop from the previous month.

Key facts and statistics details

Losses reduced to $28.8 million

According to CertiK, the total losses in March 2025 from all types of crypto exploits, wallet hacks, and scams amounted to $28.8 million, including recovered funds. This is significantly less than the February surge, when the Bybit hack caused losses of over $1.5 billion.

Cryptocurrency losses from crypto exploits and fraud in March 2025 fell sharply to $8.8 million on the back of major incidents and successful refunds

Code vulnerabilities and wallet hacks

Smart contract vulnerabilities accounted for the bulk of the losses in March, with over $14 million stolen through exploiting bugs in the software code. Wallet hacks netted the scammers over $8 million. These figures highlight the growing importance of code security and protecting users’ private keys in the crypto ecosystem.

Key Incidents of March 2025

Abracadabra.money exploit – $13 million lost

The biggest incident of March occurred on March 25, when decentralized lending protocol Abracadabra.money suffered a $13 million exploit. According to CertiK, the attacker managed to manipulate the loan liquidation process. He borrowed funds multiple times using a smart contract bug: the liquidation process did not update the records in RouterOrder, which allowed the “same collateral” to receive multiple loans and not repay them.

CertiK’s March 27 report states:

“The attacker was able to borrow funds, liquidate the position, and then borrow funds again without paying them back.”

To encourage the return of the stolen funds, the Abracadabra team offered a bonus of 20% of the amount (double the usual 10%), but at this time there is no confirmation that the funds have been returned.

The second largest exploit is the RWA Zoth restaking protocol

The second major loss involved an exploit of Zoth’s RWA asset restaking protocol. An attacker gained access to the protocol’s deployer wallet and withdrew over $8.4 million in various crypto assets. The incident highlighted a vulnerability in the protocol’s smart contract deployment key management system.

Successful Refund of Funds after 1inch Hack

March also saw some positive results, with decentralized exchange aggregator 1inch managing to recover a significant portion of the stolen funds after a $5 million exploit on March 5. According to CertiK, after negotiations with the attacker, an agreement was reached with a reward for the bug found, which allowed the bulk of the stolen tokens to be returned.

Additional information on fraud and theft

The Case of Losing 400 BTC on Coinbase

While CertiK’s official data reflects losses of around $28.8 million, these figures do not include a high-profile incident – according to crypto security researcher ZachXBT, one anonymous Coinbase user lost 400 BTC (worth around $34 million at the March exchange rate). The reasons and details of the incident remain unknown, but the incident has a significant impact on the overall volume of losses in the crypto space.

Phishing attacks and exchange scams

ZachXBT also noted that more than $46 million may have been stolen in March through phishing scams imitating well-known crypto exchanges. These scams most often used fake messages created using “sender IDs” that exactly matched official ones.

On March 21, the Australian Federal Police reported warning 130 people who might have fallen victim to such scams. X (formerly Twitter) users posted similar warnings on March 14, specifically noting emails purporting to come from Coinbase and Gemini. In these emails, the scammers urged victims to create a new crypto wallet using pre-generated recovery phrases that were controlled by the scammers.

Conclusion

Losses from crypto fraud and hacks fell significantly in March 2025 compared to the record-breaking February, to $28.8 million;
The main damage was caused through vulnerabilities in smart contracts (about $14 million) and wallet hacks ($8 million);
The largest incident was the $13 million Abracadabra.money exploit, which was related to errors in the liquidation mechanism;
A positive development is the return of most of the $5 million stolen after the 1inch hack;
The number of phishing attacks imitating well-known crypto exchanges is growing, resulting in the loss of tens of millions of dollars;
The importance of user protection measures, smart contracts, and educational work in the cryptosphere remains critically high.

These data, obtained from CertiK and other reliable sources, provide an objective mirror of the current security dynamics in the crypto industry. Despite the large-scale losses of the past month, the decrease in hack volumes and successful recovery of funds indicate a gradual improvement in the level of protection and security of digital assets. However, the continuing threat from sophisticated exploits and phishing requires constant attention from both developers and users.

Sources of information: CertiK (X, April 1, 2025), ZachXBT, Australian Federal Police statements, X user reports.

Let’s look at a selection of similar articles on the topic of losses from crypto exploits, fraud and hacks in 2025 with a detailed analysis of events and statistics:

“Hackers stole $2 billion from crypto services in 2025. Who is behind the attacks” (RBC)
In the first half of 2025, more than $2.1 billion was stolen as a result of 75 hacks and exploits, which is 10% more than the 2022 record. The article covers in detail the changing nature of attacks, their connection with geopolitics and the strategic interests of the attackers 1 .
“April 2025 Cryptocurrency Losses Soar 1,100% Amid $331M Bitcoin Theft” (Yellow)
A report on the dramatic rise in cryptocurrency losses in April 2025 to $364 million, caused by a massive phishing incident that resulted in the theft of 3,520 BTC. The methods and consequences of the attack are examined 2 .
“Hacken: Cryptocurrency Hack Losses Exceed $3.1 Billion in H1 2025” (Block-Chain24)
An analysis of the biggest losses in the crypto industry, including the $1.5 billion Bybit hack, the problems of access control and smart contract vulnerabilities, and the shift in attacker tactics from technical bugs to human error 3 .
“Hacken Report: Web3 Vulnerabilities and AI Threat Evolution in 2025” (crypto.ru)
A study of cyber threat trends in the crypto industry in 2025, with a focus on access control exploits, social engineering, and the impact of artificial intelligence on increasing the sophistication of attacks 4 .
“Crypto Hackers Steal Record $2 Billion in 2025” (psm7.com)
Details the types of attacks and their consequences, including private key exploits and attacks on the front-end of crypto protocols, responsibility for the majority of losses, and partial recovery of funds 5 .
“Crypto Security Under Siege: A Look at the Biggest Digital Heists of 2025” (investinfo.pro)
An overview of large-scale cryptocurrency thefts and exploits in 2025, broken down by platform type and attack, including reported loss figures for the first quarter of the year 6 .
“CertiK: Cryptocurrency losses from hacks reached $2.5 billion in the first half of 2025” (block-chain24)
Statistics and analysis of losses for half a year, with an emphasis on the types of attacks and effective measures to combat them 7 .

These articles offer a deep and comprehensive look at the state of cryptocurrency security in 2025, types of threats, scale of losses and asset recovery practices, which is close in content and topic to the information you provided.

Final conclusion on the security of the crypto industry and the dynamics of cyber attacks in 2025

The first half of 2025 has become a dark period for the crypto industry in terms of security: losses from hacker attacks, exploits, hacks and fraudulent schemes have exceeded a record $3 billion, significantly exceeding the figures of previous years. This alarming trend is due to both the quantitative growth of incidents and qualitative changes in the tactics of attackers, which requires a comprehensive and systematic approach to ensuring cybersecurity.

The main reasons and features of the growth of threats

First, the change in attack tactics — from simple technical vulnerabilities in software to complex multi-stage attacks — significantly increases the complexity of protection. Increasingly, hacks are based on compromising access control through stolen or compromised credentials, as well as on the use of social engineering, including large-scale phishing campaigns with the forgery of official crypto exchanges and complex fraudulent schemes. At the same time, the role of artificial intelligence, which attackers use to create plausible fraudulent content, has grown significantly, which complicates the recognition of threats.

Secondly, vulnerabilities in smart contracts and blockchain infrastructure remain key entry points for exploits worth tens and hundreds of millions of dollars. Often, these vulnerabilities are related to errors in position liquidation logic, private key management, and contract deployment. Examples include high-profile hacks of protocols such as Bybit, Abracadabra.money, Cetus Protocol, and others, which demonstrate high risks for the DeFi and Web3 ecosystem.

Thirdly, the internal protection of services and platforms is often insufficient – errors in access control, lack of regular auditing of user rights and tracking of anomalies provide attackers with convenient channels for penetration and further spread of attacks across the infrastructure.

The Importance of Strengthening Access Control and Comprehensive Security

The results of the analyses and incidents of 2025 highlight the need for strict and multi-layered access control in the crypto industry. Implementing the principle of least privilege, multi-factor authentication, resource segmentation, user activity monitoring, and regular auditing are not just recommendations, but mandatory measures to minimize the consequences of compromises.

Strengthening access controls not only prevents the initial stages of attacks, but also significantly slows or stops the further spread of malicious actions within systems, reducing the scale of potential losses and facilitating incident response.

Problems of Phishing and Social Engineering

Phishing schemes and imitation of legitimate services are becoming more sophisticated and widespread. In March-April 2025, hundreds of cryptocurrency exchange users were subjected to highly targeted fraudulent attacks, which resulted in the loss of tens of millions of dollars. Such incidents demonstrate that, despite all technical protection, user safety and awareness remain critical factors. Educational campaigns, strengthening verification mechanisms, and automatic filtering of phishing threats are mandatory measures to reduce the vulnerability of the human factor.

Positive trends and prospects

Despite the growing threats and scale of losses, there are also positive developments. Successful examples of refunds after hacks (like the 1inch case) demonstrate the effectiveness of bug bounty programs and the ability to negotiate with attackers. Companies are investing in security audits, implementing modern security protocols, and developing infrastructure to insure digital assets.

In addition, the development of analytics and technology for tracking cryptocurrency flows helps to partially compensate for the problem of anonymity and reduce the opportunities for laundering stolen funds.

2025 has become a lesson for the entire crypto ecosystem about the fragility and vulnerability of digital finance, showing that cybersecurity is a constant challenge that requires adaptation to new threats, an integrated approach, and broad coordination between developers, services, users, and regulators.

Efforts to strengthen access control, protect smart contracts, counter phishing and social engineering attacks, and develop mechanisms for returning stolen assets are the foundation for stabilizing and further increasing trust in the crypto industry.

Understanding and embracing these challenges at all infrastructure and community levels will help minimize financial risks, improve user security, and create a more resilient digital ecosystem for the future.

How Changing Attack Tactics Affect Crypto Industry Vulnerabilities

Changing attacker tactics significantly impact the vulnerabilities of the crypto industry, making it more difficult to protect and increasing the risk of losses. Key aspects of this impact include:

Increased sophistication and sophistication of attacks: Attackers are increasingly using new technologies such as deepfakes, targeted campaigns, and sophisticated campaigns targeting specific groups or individuals, increasing the scale and impact of attacks 1 . This means that older methods of protection, such as simple two-factor authentication, are no longer sufficient.
Shift in focus from technical bugs to social engineering: Hacks now often involve social engineering techniques such as phishing with spoofed sender IDs, sending messages that mimic legitimate crypto exchanges, and even using advanced artificial intelligence to create convincing fake calls and videos 1 5 8 . This creates significant vulnerabilities among users, even if the platform is technically secure.
Insider threats and infiltration: Hackers are attempting to infiltrate crypto exchanges and services at the employee level, opening up new channels for attacks from the inside and complicating security control tasks 2 .
More complex laundering and cover-up schemes: Attackers are using crypto mixers, cross-chain bridges, anonymous altcoins and other tools to obfuscate transaction chains, making it more difficult to track stolen assets and reducing the chances of their recovery 5 9 .
Rise in the use of artificial intelligence: AI helps fraudsters automate the creation of fake content (e.g. fake messages, calls), which increases the effectiveness of phishing and targeted attacks 5 .
Infrastructure and Blockchain Vulnerabilities: Attacks on the blockchain infrastructure itself, such as 51% attacks, Sybil attacks, and routing attacks, are becoming more common as attackers look for opportunities to control network nodes or intermediate data channels 4 .

Thus, the changing tactics of attackers make the crypto industry’s vulnerabilities more diverse: along with technical breaches, risks through human factors, targeted social attacks, and complex cover-up schemes are increasing. Effective protection requires comprehensive measures, including technical improvements, increased user awareness, and stronger authentication and monitoring processes 1 2 5 .

Why Access Control Attacks Are Becoming a Priority for Cybercriminals

Access control attacks are becoming a priority for cybercriminals for several key reasons:

Credential compromise is the main attack vector. Stolen logins and passwords are the “golden key” to penetrating systems. According to statistics, credential compromise is involved in approximately 22% of all successful hacks, and in attacks on web applications, this figure reaches 88%. This is due to the fact that such data is often easily obtained through phishing, infostealers, Trojans and mass leaks, after which millions of accounts are sold on the shadow markets 1 .
Attackers gain access as legitimate users (credential-based attacks). Using stolen credentials, hackers enter systems as legitimate employees or partners, which allows them to move around the infrastructure undetected, expand access rights, and extract maximum benefits.
The rise of digital identity and the increasing number of connected users and robots. Access management becomes more complex as accounts multiply and may belong not only to humans but also to automated systems. This increases the attack surface and requires more advanced approaches to access control and identity 5 .
Frequent errors and gaps in access management within companies. Many organizations do not update the access status of employees and contractors in a timely manner (for example, accounts of terminated employees remain active), do not implement regular password changes for privileged accounts, which creates an easy entry point for attackers 5 .
Attacks on access control become the first and critical stage for further attacks. Once an account is taken over, criminals can easily continue to expand access, gain control over business processes and critical systems.
Increasing importance of Identity Security and comprehensive access management systems (e.g., implementing the principle of least privilege and monitoring login anomalies). Modern solutions are aimed at creating multi-level protection, but the activity of cybercriminals forces us to constantly improve these mechanisms and increase the priority of access management in the cybersecurity architecture 1 5 .

Access management is therefore a central battleground in the fight against modern cyber-attacks, as it is through hacking or misusing credentials that attackers have the opportunity to cause the most damage while remaining undetected.

How Strengthening Access Controls Helps Prevent Attacks from Spreading

Strengthening access control significantly helps prevent the spread of attacks in the crypto industry and other information systems by limiting user rights, multi-level authentication, and resource segmentation. Here are the key mechanisms that provide such protection:

The principle of least privilege and strict access control. Users and services are granted only the minimum rights they need to operate. This limits the ability of an attacker with one account to expand access to other critical resources and systems, slowing or stopping the further spread of an attack 3 4 7 .
Multi-factor authentication (MFA) – Requiring identity verification using multiple independent factors (password, mobile app, biometrics, etc.) reduces the risk of successful credential compromise and prevents unauthorized access even if the password is compromised 3 5 8 .
Network and resource segmentation. Dividing the infrastructure into separate segments with access restrictions between them creates barriers to attack migration within the organization. If one segment is infected, it is more difficult for the attacker to gain access to others, thereby limiting the scale of damage 1 4 .
Monitoring and audit mechanisms. Continuous monitoring of user activity, log analysis and detection of behavioral anomalies help to quickly detect suspicious activity and take timely measures to prevent the spread of incidents 3 8 .
Centralized access management and regular auditing of accounts. This allows timely blocking or correction of user rights, preventing the accumulation of excessive privileges and closing the possibility of abuse 3 8 .
Filtering and monitoring traffic using firewalls and IDS/IPS systems. Limiting connections to critical systems only from trusted nodes and analyzing traffic helps block malicious activity and prevent attacks from spreading across the network 2 6 .

Thus, enhanced access control creates a multi-layered system of barriers that prevents attackers from quickly spreading throughout the system after the initial penetration. This is critical for protecting cryptocurrency platforms and services, where a leak of keys or the compromise of a single user can lead to huge financial losses.

Hello!

Below is a comprehensive, well-written and informative final conclusion based on the essence of all the data from the previous correspondence:

Final conclusion on the security of the crypto industry and the dynamics of cyber attacks in 2025

The main reasons and features of the growth of threats

The Importance of Strengthening Access Control and Comprehensive Security

Problems of Phishing and Social Engineering

Positive trends and prospects

Conclusion

Sources:
1 ddos-guard.ru (2023)
2 zscomp.ru (2024)
3 b-152.ru (2024)
4 esapro.ru (2025)
5 skyeng.ru (2024)
6 zscomp.ru (2023)
7 nic.ru
8 global-it.ru (2025)

Sources:
1 Cybersecurity in 2025: New Threats and How to Protect Yourself from Them, PTNL Moscow, 2025
5 Every Second Attack Starts with an Account: How Companies Lose Control over Access, CISОclub, 2025

Sources:
1 it-world.ru, 2024
2 anti-malware.ru, 2025
4 movchans.com, 2024
5 2bitcoins.ru, 2024
8 tadviser.ru, 2025
9 block-chain24.com, 2025