Crypto theft is on the rise, with the first quarter of 2025 reportedly breaking the record for the highest amount of digital assets stolen in history, according to CertiK.
The blockchain security firm released its Hack3d: Q1 2025 Report on April 2, 2025.
The report revealed that hackers stole over $1.67bn in digital assets across 197 security incidents in the first quarter of 2025, marking a staggering 303% increase from the previous quarter.
This surge was primarily fueled by the Bybit hack, the most significant crypto theft in history, which CertiK described as “a critical inflection point in Web3 security.”
This was followed by breaches involving Phemex at $71,714,297.40, 0xInfini at $49,514,632.79 and MIM Spell at $12,906,772.04.
Ronghui Gu, CertiK Co-Founder, commented: “The Bybit breach is a wake-up call for the entire industry. Security is not simply a competitive edge – it is a shared responsibility.”
Across the industry, the average loss per incident was $9,549,339 and the median loss per incident was $66,303. The total value of funds returned was $6,390,698, resulting in adjusted total losses of $1,662,600,186 for the quarter, indicating that less than 0.4% of the stolen funds were returned to customers.
Read more: FBI Confirms North Korea’s Lazarus Group as Bybit Crypto Hackers
Ethereum, Top Target for Hackers
In terms of cryptocurrencies and blockchains affected by crypto-theft, Ethereum experienced the highest number of security incidents over the reported period, with a total of 98 hacks, scams and exploits leading to $1,540,843,886 in losses.
This was followed by Binance Smart Chain (BSC) with $6,233,662 lost across 52 incidents, Arbitrum with $4,534,494 lost across eight incidents, and Tron with $3,188,021 lost in a single incident.
Wallet Compromise, Most Lucrative Attack Vector
The CertiK report revealed that wallet compromise was the most devastating attack vector, enabling hackers to steal $1.45bn across just three cyber incidents.
Attacks leveraging phishing campaigns and exploiting code vulnerabilities in cryptocurrency and blockchain projects were the most common during the reported period, with 81 incidents involving phishing and 68 involving code vulnerabilities.
“Hackers are using increasingly sophisticated techniques, and it is now more important than ever for blockchain businesses and projects to proactively invest in robust security measures,” Gu added.
“A comprehensive, multi-layered approach is essential. Robust code audits, formal verification, real-time monitoring, incident response plans, vulnerability assessments, and employee awareness training should be treated as the norm, not the exception.”
Photo credit: Peace-loving/Shutterstock