Crypto April 2025: Record Losses and Attack Vectors Analyzed

April 2025 was the most high-profile month in cryptocurrency history in recent memory, with investor losses due to hacks, scams, and exploits rising more than 1,100% to $364 million, according to leading blockchain security firm CertiK. The unusually large jump can be attributed to a single but catastrophic incident that became the fifth-largest theft in crypto history — the theft of $330.7 million worth of bitcoins from a senior citizen in the United States. 1 2 3

Overall scale and dynamics of losses

$364 million – losses in April 2025, which is 1163% more than the March amount ($28.8 million). 1 2 4
Without the largest theft, April’s losses would have been $34 million, still 21% higher than March’s. 1 2
Phishing attacks, fueled by the theft of bitcoins, were the leading causes of financial losses, accounting for about $337 million. 4

Statistics by month

Month	Losses ($ million)
October 2024	115,8
November 2024	63,8
December 2024	28,6
March 2025	28,8
April 2025	364

A detailed analysis of the largest hack

Phishing attack on US senior citizen

On the night of April 28-30, 2025, 3,520 BTC worth $330.7 million were stolen from an elderly US citizen, a disaster that instantly became the fifth-largest cryptocurrency theft in history. 2 3
Complex social engineering techniques were used to hack the system: the hacker managed to obtain the private key and access the wallet without any technical vulnerabilities in the system. 2 3
After the theft, the attackers laundered the funds as quickly as possible through exchange and mixer chains (Peel Chain, Monero/XMR, Ethereum), using more than 300 wallets and 20 exchanges around the world to hide traces and fragment the funds. A significant portion of the funds was withdrawn into the confidential cryptocurrency Monero, which virtually minimized the chances of asset recovery. 3
Unlike other major incidents, experts did not find the signature of well-known groups like North Korea’s Lazarus Group in this case: the money laundering tactics were unique and highly automated. 2 3
The victim was a long-term hodler who had been holding over 3,000 BTC since 2017 without any notable transactions, making him a potential target due to his large balance and sole management of the funds. 3

Map of the main threats and attack mechanisms

Leading types and directions of attacks

Phishing and social engineering – creating psychological pressure and manipulation, forcing victims to take actions with their own funds. 2 4
Access control breaches – exploiting weaknesses in permissions and access keys of smart contracts, such as compromising the control key in DeFi projects. 2
Price oracle manipulations are specific exploits that allow attackers to artificially change the price of tokens over time ranges. 2
Hot wallet and centralized exchange hacks – while these were minimal in April, they remained a threat throughout the year, as illustrated by the February attack on Bybit. 2 3

Refunds: Successes and Limitations

Despite the unprecedented damage, April 2025 was also marked by successful examples of the return of stolen cryptocurrencies thanks to the efforts of white hat hackers and negotiations with exploiters: 2 4

Decentralized exchange KiloEx – after the theft of $7.5 million in four days, the exploiter returned all funds in full (April 15), which was made possible by prompt dialogue and technical measures. 2 5
ZKsync Association – After an attack on the airdrop smart contract, the project managed to return $5 million, having reached a similar agreement with the hacker. 2 5
DeFi protocol Loopscale has recovered about half of the amount after an exploit that resulted in the withdrawal of $5.7 million in USDC and 1,200 SOL tokens. 2 5
In total, over $18 million was returned for various incidents in April, which partially reduced the total damage for the month. 2 4 5

Loss dynamics in recent months and historical context

February 2025 was a record month, with the largest-ever Bybit hack worth $1.4 billion carried out by Lazarus Group. It was this incident that caused the peak of losses in the crypto industry ($1.53 billion in a month). 2 3
There had been a steady decline in the volume of stolen funds since late 2024, but April reversed the trend with a surge caused by human error and successful attacks on private wallets, rather than automatic protection systems. 2 4

Vulnerability Features and Recommendations

The massive attack and the growing losses demonstrate that even owners of cold, private wallets are not protected from advanced phishing and social engineering. 2
Particularly vulnerable are older and non-tech-savvy users who own large assets. 2
Experts recommend:
- reusing cold wallets for storage only,
- regular checks of permissions and access,
- mandatory distribution of assets across several wallets,
- attentiveness to any external communications and social manipulations. 2 3

April 2025 marked a turning point in crypto asset security

2025 was a turning point, reminding the entire market of the need for multi-layered protection not only at the technical level, but also at the psychological level of the user. The increase in attacks based not on software but on human vulnerabilities requires a rethinking of security standards, the development of educational initiatives and the implementation of strict measures to automatically block suspicious transactions. 2 4 3 5

A selection of current articles about the largest losses and hacks in cryptocurrency (2025)

1. The Biggest Losses and Dynamics of Crypto Fraud in 2025

2025 Crypto Crime Mid-Year Update – Chainalysis
This review provides an overall analysis of the market situation by mid-2025: more than $2.17 billion has been stolen from cryptocurrency services, which has already exceeded the figures for the entire last year. The focus is on the $1.5 billion ByBit hack, which was the largest attack in history, and the shift in hacker focus from technical to human vulnerabilities. 1
Crypto Hack Losses in First Half of 2025 Exceed 2024 Total – CertiK
An up-to-date report on the loss of over $2.47 billion as a result of hacks and frauds in the first half of the year alone. A significant portion of this amount came from two attacks – ByBit and the Cetus protocol. It also details the role of refunds and the role of individual regions in global statistics. 2

2. Reports of massive hacks of DeFi and CeFi platforms

DeFi News: Crypto Hacks Surge Past 3.1B in 2025 as Access-Control Flaws Persist – CoinMarketCap Academy
Analytics show that hack losses will exceed $3.1 billion by mid-2025, with access control vulnerabilities being the main cause. Particular attention is paid to new types of attacks related to artificial intelligence and API protocols, indicating that threats to DeFi platforms are becoming more sophisticated. 3
Crypto Hacks Surpass $3.1B in 2025 as Access Flaws Persist: Hacked – Cointelegraph
Another detailed market report highlighting the importance of human factors and organizational vulnerabilities. The report notes that around 59% of all losses are due to access system errors, while only 8% are due to smart contract bugs. Examples of the largest hacks are given, as well as recommendations for strengthening security. 4

3. Analysis of the biggest incidents of the year

Crypto Sector Lost $3.1 Billion to Hacks in Q1 2025, Says Hacken – Mitrade
It is emphasized that the main problem of the industry is still “old” codes and projects with outdated architecture, which become easy prey for modern exploits. Quotes from cyber experts are provided, as well as statistics on the distribution of attacks between CeFi and DeFi. 5
Crypto Losses Soar As Hacks And Money Laundering Schemes Become Increasingly Sophisticated – Crowdfund Insider
An analysis of the dynamics of the growth of financial losses (from $1.74 billion since the beginning of the year) and the features of modern money laundering schemes. An emphasis on the role of DeFi hacks and the specifics of attacks on various blockchains, such as Ethereum, BNB Chain and Base. 6

4. Retrospective and incident database

Top Crypto Hacks and Exploits in 2025 (So Far) – CCN.com
A comprehensive database listing the biggest exploits and hacks, their dates, amounts, and attack types. The article serves as a timeline to track the evolution of threats, hacker methods, and whitehat fundraising efforts. 7
Top Cryptocurrency Hacks of 2025: What Shook the Blockchain World – Analytics Insight
Analysis of the resonant events of 2025, including descriptions of attack technologies, oracle manipulations, bridge bugs and validator vulnerabilities. Also provides recommendations on how to improve the safety of funds for users. 8

5. Periodic reports of leading companies

2025 Crypto Crime Report – TRM Labs
Provides a detailed overview of all types of fraud and criminal schemes in cryptocurrency for the year. Includes analysis of new trends and adaptation of cybercriminal strategies. 9
The Chainalysis 2025 Crypto Crime Report
An annual report with original insights, statistics and analysis from the Chainalysis team: hack dynamics, regional trends, proposals for tightening security. 10

Table of main articles

Publication title	Summary	Link
2025 Crypto Crime Mid-Year Update	Theft Analysis and Year-End Amount, ByBit Attack Details	1
Crypto Hack Losses in First Half of 2025	Details of the biggest losses Q1–Q2 2025	2
DeFi News: Crypto Hacks Surge Past 3.1B in 2025	The Focus on DeFi and Access Control Mistakes	3
Crypto Hacks Surpass $3.1B in 2025	DeFi and CeFi Hacks, Human Error	4
Crypto Sector Lost $3.1 Billion to Hacks Q1 2025	Problems with old codes and access errors	5
Crypto Losses Soar As Hacks And Money Laundering Schemes	Modern Laundering Schemes and DeFi Attacks	6
Top Crypto Hacks and Exploits in 2025	Exploit Timeline 2025	7
Top Cryptocurrency Hacks of 2025	Analysis of the largest attacks and vulnerabilities	8
2025 Crypto Crime Report	Annual Crypto Crime Report	9
The Chainalysis 2025 Crypto Crime Report	Insights, statistics and forecasts from Chainalysis	10

These materials will help you track trends, analyze the causes of losses, and prevent similar risks in the future.

What New Trends in Crypto Hacking Are Coming in 2025?

In 2025, the following key areas are observed among the new trends in cryptohacker activity and related threats:

Rise in Social Engineering and Phishing Attacks : Hackers are increasingly using advanced psychological warfare to trick people into giving up private keys, especially from older and less tech-savvy users. This trend was evident in the biggest thefts of 2025, where social engineering was instrumental in the successful hacks. 1
Complex laundering schemes through a large number of wallets and exchanges, including the use of privacy cryptocurrencies such as Monero . Hackers seek to hide the traces of stolen assets, which complicates recovery and investigation. 1
Vulnerabilities in DeFi Protocol and Smart Contract Access Controls – Flaws in access control implementation remain the leading cause of mass exploits leading to major thefts in the DeFi sector. 2 3
The integration of artificial intelligence (AI) and blockchain technologies creates new opportunities for both defense and attack. There is an increase in the activity of AI bots and automated tools that hackers use to find vulnerabilities and carry out attacks at high speed and scale. 1 2
The use of new technical methods such as price oracle manipulation, Layer 2 exploits and asset tokenization are becoming more sophisticated, increasing the security requirements for projects and users. 3 4
Increasing role of human factor in vulnerabilities: Despite technological progress, many incidents occur due to user errors, lack of security education and social engineering of users and company employees. 1 2 3
Increased attacks on centralized and decentralized exchangers with the return of part of the stolen funds through negotiations with white hackers and exploiters , which forms new schemes of cooperation and partial restoration of damage. 1

Thus, 2025 is characterized by the sophistication of hacker methods, the focus on human factor and access exploits, as well as the active implementation of new AI and blockchain technologies in both attacks and protective measures.

These trends require strengthening comprehensive protection, increasing user cyber literacy, and developing automated attack detection and prevention systems.

Sources: , , , . 1 2 3 4

In the first half of 2025, the volume of losses from thefts and hacks of cryptocurrency services reached record levels, exceeding $2.17-2.47 billion, which has already exceeded the total figures for the whole of 2024.

Key facts and details on the topic:

According to Chainalysis, more than $2.17 billion was stolen from cryptocurrency platforms and wallets in the first six months of 2025, exceeding the entire previous year’s total. 1 7
According to a report by CertiK, the same period saw losses total over $2.47 billion, significantly impacted by two major attacks – the ByBit exchange hack worth around $1.5 billion (the largest theft in cryptocurrency history) and the attack on the Cetus protocol. 2
The ByBit hack occurred in February 2025 and was attributed to the North Korean hacking group Lazarus, suggesting ongoing geopolitical motivations in crypto attacks. 1 2 3
Beyond technical hacks, the report points to a shift in focus towards attacks that exploit human vulnerabilities, with social engineering and phishing becoming the main methods for gaining access to users’ wallets.
Hackers are increasingly targeting personal crypto wallets, which accounted for about 23% of the total amount of stolen funds, with the largest number of victims recorded in the US, Germany and Russia. 1 3
Statistics for the first half of 2025 clearly show an acceleration in the rate of cryptocurrency thefts – 17% more than the same period in 2022, and with a trend towards a final amount of over $4 billion in 2025 if current trends continue. 1 3
In addition to ByBit and Cetus, the reports highlight other significant incidents, including attacks on centralized and decentralized platforms, hacks of DeFi protocols, and major thefts of private keys.
An important element of the analysis is also the process of partial refunds, which is becoming a more visible practice thanks to white hat hackers and negotiations with exploiters.

Thus, the first half of 2025 was marked by unprecedented losses for the cryptocurrency industry, caused by both large-scale technical hacks and increased attacks on the human factor. This highlights the need for a comprehensive approach to cybersecurity, taking into account both the technological and social aspects of protecting digital assets.

If necessary, I can prepare a detailed article on this topic, including specific incidents, statistics and expert recommendations.

The cryptocurrency industry has seen unprecedented levels of attacks on decentralized (DeFi) and centralized (CeFi) financial platforms in the first half of 2025. Hack losses have exceeded $3.1 billion, with vulnerabilities in access control systems and the growing sophistication of attacks using artificial intelligence and API protocols being the main cause.

The Big Picture of Massive DeFi and CeFi Hacks

DeFi and CeFi platform hack losses exceeded $3.1 billion in the first months of 2025, significantly exceeding the losses for all of 2024. Most of the damage ($1.83 billion) was attributed to operational security flaws in both categories of platforms. 3 4
Despite the decline in access control attacks in DeFi by mid-year (e.g. access control flaws fell to $14 million, the lowest since 2024), governance vulnerabilities remain the dominant issue leading to significant losses.

Main causes and types of attacks

According to Hacken, about 59% of all losses are due to errors in access control systems , which reinforces the conclusion about the dominant role of human and organizational factors in cyberattacks. Only 8% of losses are caused by bugs in smart contract code, although they also pose a threat.
New trends include hackers using artificial intelligence tools and exploits through API protocols , which increases the complexity of detecting attacks and allows them to scale.
Key attack scenarios include compromised private keys, permissions configuration errors, tampering, and bypassing protocol-level security mechanisms.

Major incidents and examples

In February 2025, hackers stole about $1.4 billion from the centralized exchange ByBit, the largest attack in the history of the cryptocurrency market. A complex operation with a malicious multi-signature update exploded, demonstrating the attackers’ ability to exploit operational vulnerabilities. 2
The second quarter of 2025 was marked by an attack on the DeFi protocol Cetus, where $223 million was stolen in 15 minutes. The hack was carried out through flash loans that exploited an overflow error in the calculation of the liquidity pool. Hacken estimates that if the platform had implemented an automatic monitoring and pause system, up to 90% of the stolen funds could have been saved. 3 4
Other major incidents included a $3.6 million hack of the cross-chain bridge Force Bridge, as well as attacks on the ALEX Protocol (around $8.3 million in losses) and Ionic Money, which used social engineering to steal $8.6 million. 1

Features of vulnerabilities

Contrary to popular belief, most attacks are not related to technical code failures, but are caused by access control errors and human factors: vulnerabilities in key and permission management procedures, low staff qualifications and the lack of a comprehensive approach to security.
Centralized platforms remain the primary target of cybercriminals, despite the fact that DeFi projects are more often attacked – the consequences for CeFi could be catastrophic due to the concentration of funds and private keys. 6

Recommendations and conclusions

Experts emphasize the need for a comprehensive approach to security, including technical audits, strengthened access controls, automated monitoring of suspicious activity and staff training.
The implementation of dynamic monitoring systems TVL (total value locked) with automatic pause of operations in case of anomalies could significantly reduce the risks of major losses, which was especially proven by the example of the Cetus attack. 4
The development of AI technology in cyber threats requires increased attention to countermeasures and adaptation of defense systems to new attack methods.

Thus, 2025 demonstrates the growing complexity and scale of threats to cryptocurrency platforms DeFi and CeFi, where the main vulnerabilities remain access control errors, human error, and rapid technological changes. Joint efforts in technical security, risk management, and educational programs are needed to protect the ecosystem.

In 2025, the cryptocurrency industry faces unprecedented levels of financial losses due to large-scale hacks and increasingly sophisticated fraud schemes. According to leading experts and reports, the first quarter of 2025 alone saw losses of a record $3.1 billion, with these losses being attributed to both technical vulnerabilities and new money laundering methods.

Key facts and details on the biggest incidents of 2025

According to Hacken, the cryptocurrency industry lost over $3.1 billion in the first quarter of 2025 due to hacks, with vulnerabilities in access control systems playing a key role. This figure significantly exceeds the results of previous years, indicating an increase in the scale of threats. 8
The main reason for ongoing attacks remains outdated and poorly protected software solutions – “old” codes and projects with outdated architecture become easy prey for modern exploits. Experts emphasize that vulnerabilities are often hidden in old protocols and design flaws in smart contracts. 5
In 2025, there is a particular focus on the division of attacks between centralized financial platforms (CeFi) and decentralized ones (DeFi). A significant portion of hacks occur on DeFi projects, where exploits are common due to access control errors and protocol manipulation. However, attacks on CeFi remain critical due to the concentration of assets and access keys. 5
A report by Crowdfund Insider found a significant increase in complex schemes to launder stolen funds. Today’s criminals are adopting more sophisticated methods, including the multi-layered use of mixers, cross-chain bridges, and privacy-enhanced cryptocurrencies. This makes it more difficult to recover funds and conduct investigations. 5

The largest hacker incidents and their features

The most resonant event was the theft of about $1.46-1.5 billion from the ByBit crypto exchange in February 2025 — the largest in the history of cryptocurrency. The attack was associated with the loss of control over a cold wallet, which was accessed by hackers from North Korea, presumably the Lazarus group. This incident accounted for about 69% of all losses in the first half of the year and demonstrated a high level of organizational and technical training of the criminals. 1 2 3 4 5
Other notable hacks affected both DeFi protocols (using smart contract and flash loan vulnerabilities) and centralized services. Projects on the Ethereum, BNB Chain, and Base blockchains were among those affected, reflecting the widespread nature of the attacks across ecosystems. 5
An important feature of the current situation is the high proportion of attacks related to the theft of private keys and seed phrases, which provides attackers with a quick and unhindered withdrawal of funds – more than 80% of the total amount stolen is associated with this factor. 5

Trends in the development of fraudulent schemes

Analysts are recording an increase in the role of social engineering and exploitation of the human factor, sophisticated phishing techniques and the use of automated tools based on artificial intelligence.
Modern money laundering schemes have become much more complex, with multi-layered routing of funds through dozens of wallets and the use of private cryptocurrencies (such as Monero), blockchain mixers and anonymizing services. This threatens the effectiveness of classic investigative methods. 5
There has also been an increase in strategic cyberattacks motivated by geopolitical interests, highlighting the urgency of security concerns amid international competition for digital assets. 2 5

Results and recommendations

Crypto sector losses in 2025 demonstrate not only a quantitative increase in thefts, but also a qualitative increase in the complexity of threats: outdated systems, human factors and new laundering methods create complex challenges.
Experts emphasize the need to modernize the architecture of blockchain projects, regularly audit the code, strengthen access control, and implement automatic systems for monitoring suspicious activity.
Educational initiatives aimed at increasing the cyber literacy of users and company employees, as well as developing international cooperation in the field of cybersecurity, are becoming key factors in the fight against it.
Recovering stolen funds remains a difficult task, but cooperation with “white hat” hackers and the development of legal mechanisms can partially mitigate the damage.

Thus, an analysis of the largest incidents and trends in 2025 highlights the critical importance of a comprehensive and multi-layered approach to protecting crypto assets in the face of the increasing complexity and politicization of cyber threats.

In 2025, the cryptocurrency industry faces a series of incidents involving digital asset thefts and hacks that are unprecedented in scale and technological sophistication. Analytics and databases of the largest exploits and attacks in the first six months of the year demonstrate the evolution of threats, hacker methods, and the efforts of projects to recover funds through whitehat initiatives.

Major incidents and their chronology

The hack of the ByBit exchange in February 2025 became the largest theft in the history of cryptocurrencies – hackers withdrew about $ 1.5 billion from the platform’s cold wallets. This incident accounted for about 70% of all losses in the first half of the year and actually sets the tone for all crime statistics in the crypto market. It is believed that the North Korean hacker group Lazarus, known for complex and targeted operations, is behind the attack. 1 2 3 6
In addition to ByBit, hundreds of other hacks and exploits have been recorded with total losses exceeding $2 billion in the first six months of 2025, which is 10% higher than the same period in 2022 and comparable to the results for the whole of 2024. 1 8
Other high-profile incidents include the hack of the Coinbase crypto exchange in May 2025, when social engineering affected about 70,000 users, with damages estimated at hundreds of millions of dollars. The attackers gained access to customers’ personal data, which allowed them to convince victims to transfer funds to the scammers. 5
The year also saw numerous DeFi protocol hacks, validator vulnerabilities, cross-chain bridge bugs, and oracle manipulations. These types of attacks are used to bypass security mechanisms and steal significant amounts of digital assets. 7

Hacker Methods and Threat Evolution

The main attack vectors remain vulnerabilities in key management and access control, as well as social engineering methods, aimed primarily at unprotected users and company employees. The growth in attacks using artificial intelligence and automated tools significantly increases the speed and effectiveness of penetrations. 7 9
To launder the stolen funds, hackers use complex schemes with multiple transactions through dozens and hundreds of wallets, as well as anonymous cryptocurrencies, such as Monero. This significantly complicates investigations and the return of stolen assets. 1 4
Oracle manipulation, smart contract bugs, and flash loan exploits remain common technical attack methods that lead to large losses on DeFi platforms. 7

Return attempts and whitehat initiatives

Some projects manage to partially offset losses through the participation of white hat hackers, information fees, and negotiations with exploiters. In particular, large exchanges and protocols implement bug bounty programs and create funds to pay rewards to informants. 1 5
Despite this, the effectiveness of refunds remains severely limited due to the high degree of anonymity of cryptosystems and the difficulty of tracking transactions.

Security Recommendations for Users

Distribute assets across multiple wallets and avoid storing large amounts on centralized platforms.
Use cold and multi-signature wallets, while making sure to use two-factor authentication and regular permission audits.
Raising awareness of social engineering and phishing techniques, and being wary of calls and messages asking for transfers.
Pay attention to security updates and use projects with a proven history and good security reviews.

Conclusion

A retrospective of the largest hacks and attacks in 2025 shows a significant increase in both the scale of financial losses and the complexity of threats. The main challenges are related to vulnerabilities in access control, human factors, and the use of new technologies by attackers. Effective protection requires a comprehensive approach combining technological measures, user education, and strategic international cooperation to combat cybercrime in the crypto sector.

Sources:
R
RBC — Hackers stole $2 billion from crypto services in 2025
Ek Expert — Hackers stole $2.17 billion in cryptocurrency in 2025
B
BCS Express — Cryptocrime in 2025: record amounts, hunt for wallets
Coinbase hack 2025 — data leaks and fraud 5
Sh Shard.ru — Cyber threats to crypto business. Trends 2024–2025
Analytics Insight — Attack technologies, oracle manipulation, bridge bugs 7
TR TRM Labs — Cryptocurrency hack report 2025
Hacken — Losses from hacks of cryptocurrency systems exceeded $3.1 billion in 2025 9

In 2025, the cryptocurrency industry continues to face significant security and cybercrime challenges. Two key periodic reports — from TRM Labs and Chainalysis — provide a comprehensive analysis of the current state of fraud, hacks, and criminal schemes in the crypto ecosystem, including emerging trends and how cybercriminals are adapting.

A detailed review of TRM Labs’ 2025 Crypto Crime Report

In the first half of 2025, the amount of crypto assets stolen exceeded $2.1 billion, according to TRM Labs, as a result of almost 75 separate hacks and exploits. This figure is 10% higher than the 2022 record and almost equal to the total losses of all of 2024. 5
The bulk of the damage — more than 80% — is associated with attacks on the infrastructure of crypto services. Key methods include the theft of private keys and seed phrases, as well as the compromise of user interfaces and access points, often using social engineering or insider assistance.
Protocol and smart contract exploits, including flash loans and reentrancy attacks, account for around 12% of stolen funds, highlighting the importance of proper design and regular audits of DeFi platforms. 5
TRM Labs highlights the trend of increasingly strategic attacks, increasingly motivated by geopolitical and economic interests, which requires not only technical but also geopolitically oriented security measures.
Throughout 2025, TRM Labs expanded its investigative toolset to include support for new blockchains (Sonic, Unichain, Aptos, TON), as well as improved methods for tracking and analyzing suspicious activity, which increases the effectiveness of fraud detection and aids in cross-chain collaboration. 6

Key Takeaways from The Chainalysis 2025 Crypto Crime Report

Chainalysis notes that 2025 will see a further increase in overall crypto-crime, including theft, scams, ransomware, and terrorist financing through digital assets. 7
Statistics show a shift in the focus of attackers from large centralized exchanges and platforms to attacks on users’ personal wallets , which account for more than 23% of all thefts. This is due to the increased protection of large services and the simultaneous vulnerability of individual users to social engineering and phishing. 3
The geography of victims is expanding: experts note an increase in incidents in Eastern Europe, the Middle East, South and Central Asia, along with the traditional leaders – the United States, Germany, Russia and Canada. 3
The report highlights that the transparency of blockchains enables the creation of powerful tools for investigating and combating criminal activity, opening up new opportunities for law enforcement and security companies.
Chainalysis predicts that the volume of criminal activity detected will increase given improved analytics and the discovery of previously hidden cases, as well as increased institutional interest in cryptocurrency. 7 8

Synthesis and recommendations

In 2025, protecting the ecosystem requires a comprehensive approach that combines technical auditing and access control measures, as well as active user education to reduce human-factor risks.
The geopoliticization of cyber threats in the crypto space makes it necessary to cooperate at the international level to identify and neutralize threats.
The development of analytical platforms and the expansion of blockchain coverage increase the chances of prevention and rapid response to incidents.
It is recommended to use multi-factor authentication, distribute assets across multiple wallets, update software regularly, and be careful with communications, especially those involving private keys and transfers.

In summary, the TRM Labs and Chainalysis 2025 reports provide a comprehensive, data-driven understanding of crypto-cybercrime trends, highlighting the increasing scale of attacks, increasing sophistication of methods, and the importance of integrated security measures and international cooperation.

Sources:

TRM Labs — 2025 Crypto Crime Report, июнь 2025 1 5 6
Chainalysis — The Chainalysis 2025 Crypto Crime Report and Midterm Updates, July 2025 3 4 7 8
RBC, IT Security analytics, public reviews and news on crypto-cybercrime in 2025 2

Which regions are most vulnerable to crypto hacks, according to reports

According to recent reports, the most vulnerable regions for crypto hacks are countries with a developed cryptocurrency market and a high level of digital asset usage, namely:

The United States is home to a large number of cryptocurrency users, which attracts hackers to break into personal wallets and exchanges.
Germany and Russia , countries with active crypto communities, were also among the regions affected by cyberattacks.
Eastern Europe, Middle East, South and Central Asia – reports indicate an increase in cyber fraud and hacking incidents in these regions.

The increase in attacks in these regions is associated with the high popularity of cryptocurrencies, the not always sufficient level of cybersecurity among users and organizations, as well as the more frequent use of vulnerable services and platforms.

At the same time, it is users’ personal crypto wallets that are particularly vulnerable, accounting for more than 23% of the total number of thefts, which demonstrates the importance of improving digital literacy and user security.

Thus, the vulnerability of regions is determined not only by the technical aspects of the platforms, but also by socio-economic conditions, the level of education and involvement of users in the crypto ecosystem.

These findings are supported by analytics from leading companies TRM Labs and Chainalysis from their 2025 reports.

What new fraud methods and crime schemes will be discovered in 2025

In 2025, new, more sophisticated fraud methods and criminal schemes have emerged, often using advanced technology and human error. 1 2 6 7

Key trends and new methods:

Using Artificial Intelligence (AI) and Deepfakes Fraudsters are actively using AI to create believable audio and video fakes (deepfakes) of the voices and images of familiar people. This allows them to convince victims to transfer money or provide sensitive data, imitating, for example, a call from a relative asking for help. 2 7
Sophisticated money laundering schemes Criminals use multi-layered schemes involving dozens and hundreds of wallets, as well as anonymous cryptocurrencies (such as Monero) and cross-chain bridges. This makes it much more difficult to trace funds and conduct investigations. 2
QR code trap Fraudsters send SMS messages about winnings or a parcel with a QR code, which, when scanned, installs malware on the victim’s phone that steals data or money. 7
Fraud under the guise of renewing a contract with a mobile operator Fraudsters call or write, claiming that they need to renew a contract with a mobile operator. Under the pretext of confirming passport data through “Gosuslugi”, they ask to dictate a code from an SMS, gaining access to the account and applying for loans. 1
Fake “Central Bank” apps Fraudsters call with a message about an attempt to steal money and offer to install a “Central Bank app”, which is actually malicious. Then they ask to bring a bank card to the phone and enter an SMS code for “protection”, creating a virtual copy of the card and withdrawing money. 1
Stealing payment data through “profitable part-time work” Fraudsters often steal payment data by promising profitable part-time work on marketplaces. 5
“Identity verification” through facial filming A scheme has emerged where attackers ask victims to “verify their identity” by filming their faces from different angles. This data can be used to create deepfakes or bypass identification systems. 3
Real Estate Fraud Using AI Fraudsters are actively using neural networks to create fake photos of real estate properties and listings from non-existent agents. In 2025, deepfake videos appeared where an agency “representative” gives a video tour of a non-existent property. 6
Exploitation of outdated codes and architectures The main problem remains “old” codes and projects with outdated architecture, which become easy prey for modern exploits. 4
The Increasing Role of Human Factors and Social Engineering Many incidents occur due to user errors, lack of security education, and social engineering. Reports indicate that about 59% of all losses are due to access system errors, rather than smart contract bugs. 2

https://www.kaspersky.ru/resource-center/threats/crypto-exchange-hacks

Sources: Kommersant, RBC, Expert, BCS Express, Mitrade (Hacken), Crowdfund Insider, TRM Labs, Chainalysis. 1 2 3 4 5 6 7

Sources: Halborn, Crypto.ru; Hacken, Cointelegraph; Yellow.com. 1 2 3 4