Crypto hacks drained $2.78 billion in 2025 – Finbold report

Crypto hacks resulted in $2.78 billion in stolen funds in 2025, according to Finbold’s 2025 Cryptocurrency Market Report, based on incident data tracked by blockchain security firm SlowMist.

While the headline figure places 2025 among the costliest years for crypto security breaches, a closer look at the data reveals that losses were heavily concentrated in the early part of the year, with a clear slowdown emerging as the year progressed.

Bybit breach shaped the entire risk profile of 2025

The defining event of the year was the Bybit hack, which alone accounted for $1.5 billion in losses. That single incident represented more than half of all known crypto funds stolen in 2025 and dramatically skewed the annual total.

The breach stemmed from a wallet compromise, underscoring that custody and key management remain among the most critical points of failure in the digital asset ecosystem. Even as smart contract security has improved across many protocols, centralized wallet infrastructure continues to pose systemic risk when safeguards fail.

Beyond Bybit, losses were distributed across a smaller number of high-impact incidents. Attacks on Cetus Protocol, Balancer V2, LIBRA, and Nobitex together made up the bulk of the remaining losses, with causes ranging from contract vulnerabilities and logic flaws to rug pulls and security lapses.

Hack activity was front-loaded, not persistent

Quarterly data shows that 2025’s hack losses were overwhelmingly front-loaded, with momentum fading steadily through the year.

In Q1, crypto hacks resulted in approximately $1.78 billion in losses, driven primarily by the Bybit incident. That figure alone accounted for nearly two-thirds of the total amount stolen in 2025.

Losses dropped sharply in Q2, falling to roughly $465 million, before declining further in Q3 to just over $300 million. By Q4, total hack-related losses fell below $230 million, marking the lowest quarterly figure of the year.

This progressive decline suggests that 2025 was not defined by sustained exploit activity, but rather by a small number of early, high-impact breaches followed by a prolonged period of relative stabilization.

Wallet compromises outweighed smart contract exploits

Despite continued attention on smart contract auditing and protocol-level defenses, wallet-related breaches proved to be the most financially destructive attack vector in 2025.

The dominance of the Bybit incident highlights how failures in custody infrastructure can still result in outsized losses, even as decentralized protocols increasingly adopt stronger security frameworks. Contract vulnerabilities and logic flaws remained present throughout the year, but their cumulative impact was notably smaller compared with wallet compromises.

Q4 slowdown hints at improving security discipline

The most notable development in the data is the sharp slowdown in losses during the second half of the year, culminating in a subdued fourth quarter.

While the crypto sector remained exposed to risk, the absence of large-scale breaches in Q4 suggests a combination of improved security practices, more cautious capital deployment, and fewer exploitable concentrations of value as markets matured.

Finbold’s analysis indicates that 2025 was less a year of escalating cybercrime and more a period of adjustment, where early shocks gave way to tighter controls and reduced exploit frequency. Although the industry still faces meaningful security challenges, the year-end trend points toward gradual progress rather than deterioration.