The Biggest Crypto Hacks in 2025 So Far

2025 has already proven to be a year of high-stakes in the crypto space. With over $1.63 billion in digital assets lost to malicious attacks in just the first quarter, crypto hacks 2025 have already outpaced last year’s totals, showing a staggering 131% increase compared to Q1 2024. The blend of sophisticated state-sponsored operations, insider threats, and DeFi vulnerabilities reveals just how fragile the industry’s security still is, despite advancements.

In this deep dive, we analyze the largest crypto hacks of 2025 so far, exploring the key players behind them, their methods, and the motivations that fuel these high-profile breaches.

The Bybit Crypto Hack 2025 – Over $1.5 Billion Lost in a Single Blow

What Happened?

The standout headline for crypto hacks 2025 so far is undoubtedly the massive breach at Bybit, a major crypto exchange headquartered in Dubai. In February, hackers managed to siphon off more than $1.5 billion in Ethereum, primarily from Bybit’s cold wallets, an area long considered safe from cyberattacks.

Read Also: Bybit Security Breach: $335 Million Laundered as $900 Million in Stolen Funds Remain Unmoved

The hackers exploited a weakness in Bybit’s multisig wallet system. Alarmingly, the vulnerability was connected to Safe{Wallet}, a third-party infrastructure provider whose compromised services allowed attackers to bypass authorization protocols and move funds with minimal detection.

Who Was Behind It?

Multiple security firms including Arkham Intelligence, Elliptic, and the FBI pointed to Lazarus Group, a North Korean state-sponsored cybercriminal syndicate. Their history of targeting exchanges and DeFi protocols to fund state agendas makes them prime suspects.

Why It Mattered

Bybit’s loss accounted for over 92% of all crypto-related thefts in Q1 2025. The impact wasn’t just financial—this event severely shook investor confidence and forced Bybit to seek emergency capital injections from major players like Galaxy Digital and Wintermute.

February 2025 Crypto Hacks

Although the Bybit breach stole the spotlight, it wasn’t the only attack that rocked the crypto world in February 2025. Combined, other hacks during the month racked up $126 million in additional losses.

Infini Protocol – $50 Million Insider Attack

A former developer turned rogue leveraged privileged access to steal from Infini, a DeFi platform. Exploiting a breached private key tied to protocol vaults, the attacker executed a precise withdrawal that left the protocol and users reeling.

zkLend – $9.5 Million Lost to Smart Contract Error

zkLend suffered from a critical rounding error in its smart contracts. A flaw that might seem trivial at first enabled attackers to manipulate transactions and drain funds in a matter of hours. This event highlighted how seemingly minor bugs can have catastrophic consequences.

Ionic Money – $8.5 Million Drained via Fake Collateral

In one of the more creative crypto hacks of 2025, attackers deceived Ionic Money by submitting a counterfeit LBTC token as collateral. They then borrowed real assets and disappeared, leaving the protocol with a hole in its treasury and a serious lesson in asset verification.

March 2025 Shows That Crypto Hacks Slow Down, But New Threats Emerge

March brought a relative lull in crypto theft, losses dropped 97% compared to February. Only $33 million in crypto was reported stolen, and encouragingly, some of it was recovered. But while the frequency declined, vulnerabilities still surfaced.

Zoth Protocol – Real-World Assets Meet Real-World Risks

One of the more unusual and concerning hacks in March 2025 involved Zoth, a rising player in the restaking and tokenization of real-world assets (RWA) space. On March 21, Zoth became the target of an $8.4 million exploit that once again exposed the growing risks associated with RWA DeFi protocols.

The Exploit

Security platform Cyvers was first to flag suspicious activity when a large, unanticipated withdrawal was made from Zoth’s core wallets. The attacker was able to move $8.4 million in digital assets, which were quickly swapped into a stablecoin and sent to an external address.

Initial investigations suggest the attack was likely caused by misconfigured wallet permissions or a backdoor in one of Zoth’s integrations, though Zoth has yet to issue a comprehensive post-mortem. The assets were moved with surgical precision, indicating the attacker had prior knowledge of Zoth’s wallet structures and internal operations.

Implications for the RWA Sector

Zoth’s hack wasn’t just a technical mishap, it was a wake-up call for the entire RWA DeFi sector, which has seen explosive growth in 2025 as protocols tokenize everything from U.S. Treasuries to real estate.

Unlike traditional DeFi assets that exist purely on-chain, RWAs come with legal agreements, centralized custody layers, and often less-tested smart contracts. This blend of TradFi and DeFi increases the attack surface, and Zoth’s breach is proof of that vulnerability.

Abracadabra.Money – $13 Million ETH Drain

March’s largest individual hack hit DeFi protocol Abracadabra.Money. A smart contract vulnerability allowed an attacker to withdraw 6,260 ETH (approximately $13 million) on March 25. The DEX issued a 10% white-hat bounty offer, about $500,000, which led the attacker to return $4.5 million.

1inch Hacker Returns $4.5 Million

On March 7, a hacker who had drained $5 million from the DEX 1inch surprisingly returned 90% of the funds. While the attack initially shocked the DeFi community, the return offered a rare glimmer of hope, and perhaps a signal that even black-hat hackers may respond to incentive-based negotiations.

Trends in Crypto Hacks 2025

Explosive Growth in Attack Volume

According to blockchain security firm PeckShield, over 60 separate hacks occurred in Q1 alone. This sharp rise illustrates both the scale of the threat and the persistence of exploitable weaknesses across the ecosystem.

State-Sponsored Cybercrime on the Rise

The Bybit exploit demonstrated how powerful and coordinated nation-state actors like North Korea’s Lazarus Group have become in targeting cryptocurrency as an alternative revenue stream. With geopolitical tensions rising globally, expect similar state-backed operations to continue.

Insider Threats and Social Engineering

2025 is also showing a concerning trend of insiders turning malicious, as seen in the Infini and Ionic cases. The human element, through rogue developers or manipulated employees, is proving to be just as dangerous as code vulnerabilities.

Smart Contract Audits Still Falling Short

Too many DeFi protocols still ship unaudited or lightly tested code. zkLend and Abracadabra.Money both suffered from flaws that a thorough review could have caught. Developers must treat audits not as optional checkboxes, but as critical infrastructure.

Mitigating Crypto Hacks in 2025 and Beyond

To stem the tide of crypto hacks in 2025, protocols and exchanges must act with urgency:

• Audit smart contracts frequently using independent, reputable firms.
• Segment permissions and monitor developer access to prevent insider abuse.
• Adopt aggressive bug bounty programs to encourage white-hat intervention before exploits occur.
• Invest in anomaly detection systems, which can flag suspicious transactions in real time.
• Collaborate across the industry, sharing threat intelligence to stop attacks before they escalate.

Final Thoughts

Crypto hacks that already happened in 2025 reveal an uncomfortable truth: the decentralized finance and crypto ecosystem is still dangerously exposed. From nation-state operatives to rogue insiders and smart contract loopholes, every weak link is a potential multimillion-dollar disaster.

But there’s a silver lining. Community awareness is growing. Recovery and bounty systems are improving. And each hack, though painful, teaches the space how to harden defenses.

As we move deeper into 2025, vigilance, innovation, and collaboration will be key to turning the tide and securing the future of digital finance.