$2.1 billion lost to ‘crypto' exploits in 2025: CertiK

Coin Geek

2 days ago

Homepage > News > Business > $2.1 billion lost to 'crypto' exploits in 2025: CertiK
Getting your Trinity Audio player ready...
In the first five months of 2025, over $2.1 billion worth of digital assets have been lost to cyber criminals, says blockchain security audit firm CertiK.
The New York-based firm revealed the figure two weeks ago, and in a recent podcast appearance, founder Ronghui Gu added that the majority of the funds had been lost to wallet compromises, private key mismanagement, and operational failures.
#CertiKInsight 🚨
Thus far in 2025, on-chain incidents have led to ~$2.1B in losses.
The majority of losses have come from wallet compromises and phishing, with an increase in data leaks its important to remain vigilant. pic.twitter.com/Cjm6QFHWqX — CertiK Alert (@CertiKAlert) May 23, 2025
'This is a shift in attack patterns. It also shows the evolution of the current infrastructure because attackers always target the weakest points. Previously, the weakest points were smart contracts and the blockchain code itself. Now, attackers feel like the weakest points come from human behavior, rather than the infrastructure,' Gu stated.
The Bybit hack earlier this year remains the largest. Attackers supposedly accessed the exchange's cold wallet and made off with $1.5 billion worth of ETH, in what security researchers from Elliptic described as 'almost certainly the single largest known theft of any kind in all time.'
Coinbase (NASDAQ: COIN), America's largest exchange, also faced an attack in which criminals accessed the personal data of some of its users. The exchange told the Securities and Exchange Commission (SEC) that the attack could cost it up to $400 million.
At $2.1 billion in five months, this year's stolen assets are on course to dwarf last year's total of $2.2 billion. Chainalysis said the figure would have been much higher, but North Korean-linked hacking groups slowed down activity after July. These groups reportedly accounted for $1.3 billion in stolen 'crypto' last year, more than half the total figure.
The record was set in 2022 when cybercriminals stole $3.7 billion worth of digital assets in 231 attacks. However, the record number of attacks was 303 in 2024.
According to Gu, attackers are increasingly relying on social engineering, a tactic in which they manipulate victims to reveal confidential wallet information or grant them access to their accounts. This is mainly done through phishing, where they send fraudulent links that, once clicked, redirect the victims to illicit websites controlled by the attackers.
This is what happened to a recent victim who lost a staggering $330 million to cybercriminals in an attack that now ranks as the largest on an individual and the fifth-largest overall.
Blockchain sleuths revealed a month ago that the victim was an elderly American citizen who was tricked into giving the attackers access to her 3,520 BTC, which the victim had held since 2017.
The funds were quickly laundered through multiple accounts on nearly two dozen centralized exchanges, including Binance. A large portion was first converted to Monero, a privacy-focused digital asset that makes it nearly impossible to trace the stash.
Cisco: 96% of businesses not prepared for cybersecurity threats
While 'crypto' attacks are on course for their biggest year, a report from Cisco says that only 4% of global firms have achieved the maturity required to withstand today's cyberattacks.
The tech giant's Cybersecurity Readiness Index revealed that maturity had increased slightly from last year's 3% but still remains worryingly low as artificial intelligence (AI) and hyperconnectivity increase the complexities for security professionals.
AI, in particular, has exacerbated the threat that enterprises face. Last year, 86% of global organizations faced AI-related security incidents, but only 49% were confident in their employees' ability to handle these threats.
'As AI transforms the enterprise, we are dealing with an entirely new class of risks at unprecedented scale – putting even more pressure on our infrastructure and those who defend it,' commented Jeetu Patel, Cisco's Chief Product Officer.
'This year's report continues to reveal alarming gaps in security readiness and a lack of urgency to address them. Organizations must rethink their strategies now or risk becoming irrelevant in the AI era.'
But while AI is amplifying the threat, it has also become a critical tool for security professionals. Cisco found that 89% of organizations use AI to detect and understand the threats they face, while 7 in 10 use it for response and recovery.
The talent shortage has also become a massive challenge. According to the report, 86% identified the lack of skilled professionals as a major challenge; more than half the respondents have over 10 positions in cybersecurity to fill.
Watch | Certihash Sentinel Node: Improving cybersecurity with blockchain