Crypto hackers focused on large crypto entities and personal crypto wallets this year, resulting in $3.4 billion in crypto losses in 2025 — the highest figure since 2022.
Just three hacks in 2025, led by the $1.4 billion hack of crypto exchange Bybit, accounted for 69% of all losses from January through to early December, a Chainalysis report released on Thursday found, with the largest attacks a thousand times larger than the typical incident.
Andrew Fierman, the head of national security intelligence at Chainalysis, told Cointelegraph that while massive attacks drove this year’s uptick in losses, it’s unclear if 2026 will unfold in the same way.
“It’s difficult to predict if it will get worse in 2026, as hacks are very outlier-driven — one or two big hacks can set records for a given year. But what I can say is that this trend of big game hunting seems to be continuing, and there’s no reason to believe hacks will decline next year,” he said.
Wallet and private key compromises are a popular target
Meanwhile, Fierman said that on the opposite end of the spectrum, personal wallets have also become a popular target for hackers.
They represented 7.3% of the total stolen value in 2022 and 44% in 2024. This year it’s around 20%, but ignoring the Bybit hack, the total would have been closer to 37%.
However, the overall amount stolen from individual hacks declined from $1.5 billion in 2024 to $713 million this year, despite the number of incidents nearly tripling compared to 2022.
“These amounts are smaller because individual personal wallets tend to hold less funds than large exchange wallets, which pool many users’ funds together,” Fierman added.
DeFi protocols adopted more effective security measures
DeFi total locked value is around $119 billion, according to the analytics platform DefiLlama, more than double from 2023 lows when it dropped to below $40 billion.
However, Chainalysis said the recovery in DeFi markets hasn’t led to a spike in hacks, which presents “a clear divergence from historical trends.”
Previously, areas of the industry flush with funds tended to suffer more hacks. However, in this case, Chainalysis points to DeFi protocols implementing more effective security measures and attackers shifting their focus to wallets and centralized services as possible causes.
“The sustained lower level of DeFi hacks, even as billions of dollars have returned to these protocols, represents a meaningful change,” the Chainalysis team said.
North Korea is becoming more sophisticated
North Korean hacker crews were responsible for $2.02 billion in stolen cryptocurrency in 2025, an additional $681 million over the total in 2024, through tactics such as embedding IT workers inside projects.
Analysis found that North Korean hackers executed fewer but far more damaging attacks in 2025, which Chainalysis attributes to an increase in sophistication and patience as they focus more on achieving larger scores.
Related: Solana under ‘industrial scale’ DDoS attack: Co-founder says it’s ‘bullish’
“The regime is consistently training and developing new tactics by which their operators execute their strategies, whether infiltrating Web3 companies as IT workers or finding exploitable access points through third-party vendors,” Fierman said.
“While with every hack the industry learns more about DPRK tactics, and strengthens security measures to mitigate future risk, the DPRK is also evolving, in an ongoing attempt to find new attack vectors to continue yielding returns for the regime through their ill-gotten gains.”
Magazine: Do Kwon sentenced to 15 years, Bitcoin’s ‘choppy dance’: Hodler’s Digest, Dec. 7 – 13
