Crypto Losses Hit $2.9 Billion in 2025 as Fewer but Larger Attacks Reshape Blockchain Security

Source: DefiPlanet Original Title: Crypto Losses Hit $2.9 Billion in 2025 as Fewer but Larger Attacks Reshape Blockchain Security Original Link:

Quick Breakdown

• Crypto security losses climbed to $2.9 billion in 2025 despite a drop in the total number of incidents.
• Centralized exchanges suffered the largest losses, driven by a $1.46 billion hack.
• DeFi remained the most targeted sector, while North Korea-linked hackers stayed highly active.

The global crypto security landscape grew more complex in 2025 as professionalized hacking groups, rising financial stakes, and tighter regulation reshaped risks across blockchain ecosystems, according to a new industry report by blockchain security firm SlowMist.

Despite a decline in the total number of incidents, financial losses surged, underscoring the growing scale and sophistication of attacks targeting digital assets.

Crypto losses rise despite fewer attacks

SlowMist recorded 200 major blockchain security incidents in 2025, resulting in estimated losses of $2.94 billion. While incidents fell sharply from 410 in 2024, total losses jumped by about 46% year over year, reflecting larger, more concentrated exploits. Ethereum remained the most targeted network, accounting for roughly $183 million in losses, followed by Solana and Arbitrum.

Decentralized finance remained the most frequently attacked sector, accounting for 126 incidents that resulted in around $649 million in losses. However, centralized exchanges emerged as the biggest financial risk. Just 22 incidents involving centralized platforms resulted in losses exceeding $1.8 billion, mainly driven by a single breach.

North Korea-linked hackers and regulatory shift

The most severe incident of 2025 was the February hack of a major crypto exchange, which resulted in the theft of approximately $1.46 billion. On-chain investigations later linked the attack to a North Korea-aligned hacking group, marking one of the largest crypto thefts on record. The breach highlighted growing threats from advanced persistent threat groups leveraging social engineering, frontend compromises, and multisig wallet manipulation.

Beyond direct attacks, SlowMist reported a sharp rise in ransomware-as-a-service and malware-as-a-service operations, significantly lowering the technical threshold for cybercriminals to launch sophisticated attacks. The firm also observed that underground laundering networks are increasingly turning to privacy tools, crypto mixers, and cross-border scam infrastructures, with activity mainly concentrated in Southeast Asia. In a separate finding, SlowMist identified a critical vulnerability in a widely used JavaScript elliptic-curve encryption library. The flaw poses a serious security threat to crypto wallets and identity authentication systems.