Hackers Stole $3.4 Billion in 2025 with Ethereum, Tron, and Solana Targeted

Blockchain intelligence firm Chainalysis has released a new report detailing cryptocurrency theft trends for 2025. The data shows that hackers stole over $3.4 billion in digital assets from January through early December. This figure represents a slight increase from the previous year and highlights the persistent risks in the crypto ecosystem.

One major incident dominated the year's losses. The February hack of the Bybit exchange resulted in the theft of approximately $1.5 billion, primarily in Ethereum. This single event accounted for a significant portion of the annual total and underscored how large-scale breaches can skew overall figures.

DeFi Security Improvements and Personal Wallet Risks

DeFi protocols experienced relatively suppressed hack losses in 2025, even as total value locked in the sector rebounded. Chainalysis reported that this trend diverges from past cycles, where rising TVL often correlated with increased successful attacks. The firm attributes the lower losses to advancements in security practices across the DeFi space.

The Venus Protocol incident in September provided a clear example of these improvements. Security monitoring from platform Hexagate detected suspicious activity about 18 hours before a potential exploit could fully unfold. The team paused operations quickly and recovered funds within hours.

After the event, Venus governance approved measures to freeze around $3 million in the attacker's assets. This action led to the perpetrator ending up at a net loss. Chainalysis highlighted how proactive monitoring, rapid response, and effective governance tools have made DeFi more resilient compared to earlier years when hacks often resulted in permanent losses.

Personal wallet compromises also rose sharply in 2025. These incidents affected at least 80,000 unique victims across 158,000 cases. The total value stolen from individuals dropped to $713 million from higher amounts in prior years, indicating attackers spread efforts across more targets with smaller individual hauls.

Networks like Ethereum and Tron saw higher victim rates per wallet compared to others such as Solana. Centralized services continued to face private key breaches, which drove a large share of losses early in the year.

North Korea Remains Primary Threat Actor

State-backed hackers such as the Lazarus Group from the Democratic People's Republic of Korea emerged as the leading threat once again. Chainalysis tracked at least $2.02 billion in thefts attributed to DPRK actors in 2025. This amount marks a new record and brings their cumulative known haul to $6.75 billion.

The Bybit hack played a key role in this total, with investigators linking it to North Korean groups. DPRK tactics often involve embedding fraudulent IT workers within crypto firms to gain internal access. The report notes fewer confirmed incidents but higher average impacts per attack.

Laundering patterns for these funds differ from typical cybercriminals. DPRK actors frequently route stolen assets through Chinese-language services, bridges, and mixers like the Cambodian compound called Haowang (Huione). Movements typically follow structured phases over about 45 days, starting with rapid obfuscation via DeFi tools.

Later stages involve no-KYC exchanges and bridges before final off-ramping. Chainalysis emphasized that DPRK operations follow unique motivations tied to state priorities and sanctions evasion. The firm warned that preventing another large-scale incident like Bybit will be a key challenge for the industry in the coming year.

Overall, the 2025 data paints a picture of evolving threats balanced by some security gains. Centralized platforms and individual users face ongoing vulnerabilities, while DeFi shows signs of maturation. Industry participants continue to adapt monitoring and response strategies to address these risks.