The year 2025 has been marked by a significant shift in the cryptocurrency landscape, with a notable decrease in the frequency of security incidents, but a substantial increase in the severity of the damage. According to data from blockchain security company SlowMist, the total number of security incidents across the ecosystem decreased by half, from 410 in 2024 to 200 in 2025. However, the total losses rose to approximately $2.935 billion, a significant increase from $2.013 billion in 2024.
The average loss per event has more than doubled, rising from about $5 million to nearly $15 million, indicating that attackers are now targeting high-liquidity and high-value centralized bottlenecks. The escalation of value loss is directly related to the changing profile of attackers, with organized crime syndicates and nation-state actors, particularly groups with ties to the Democratic People’s Republic of Korea (DPRK), replacing lone wolf hackers.
State Actors and the Industrial Supply Chain
These actors have shifted their tactics from opportunistic, individual attacks to organized, multi-stage operations targeting centralized services and based on structured money laundering processes. The breakdown of losses by sector confirms this trend, with centralized exchanges responsible for the majority of capital destruction. Just 22 incidents involving centralized platforms caused losses of around $1.809 billion, while DeFi protocols suffered 126 incidents resulting in losses of around $649 million.
Crypto loss by sector (Source: SlowMist) illustrates the severity of the threat, with high-level operators supported by an underground supply chain that operates with the efficiency of a commercial software ecosystem. Models called Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have lowered the barrier to entry, allowing less experienced criminals to rent sophisticated infrastructure.
The Hub for Social Engineering and AI
As protocol security tightened, attackers shifted their focus from code to the human behind the keyboard. The year 2025 has shown that a private key leak, intercepted signature, or manipulated software update is just as devastating as a complex on-chain arbitrage exploit. The statistics reflect this parity: 56 smart contract exploits and 50 account compromises were recorded during the year, with the gap between technical risk and identity risk effectively closed.
To break through these human defense mechanisms, criminals used artificial intelligence as a weapon, with a noticeable increase in synthetic text, voices, images, and videos providing attackers a low-cost, scalable way to impersonate account managers, project creators, recruiters, and journalists. Additionally, deepfake calls and voice clones have made traditional verification habits obsolete and increased the success rate of social engineering campaigns.
Causes of Crypto Security Breaches in 2025
Causes of Crypto Security Breaches in 2025 (Source: SlowMist) highlight the importance of addressing these emerging threats. Phishing campaigns evolved beyond simple malicious links to multi-stage operations, while Ponzi schemes were adapted, shedding the mere “revenue farming” aesthetic of the past in favor of the façade of institutional financing.
Enforcement and the Regulatory Hammer
The scale of the year’s losses forced a decisive shift in regulatory behavior, with regulators moving from theoretical debates over jurisdiction to direct interventions in the chain. Their focus expanded beyond the companies themselves to the infrastructure that facilitates crime, including malware networks, dark web markets, and money laundering centers.
Stablecoin issuers proved to be a crucial part of this enforcement strategy, effectively acting as proxies in efforts to freeze stolen capital. Tether has frozen USDT on 576 Ethereum addresses, while Circle has frozen USDC on 214 addresses throughout the year. These measures produced tangible results, with approximately $387 million of the $1.957 billion in stolen funds frozen or recovered in 18 major incidents.
The Solvency Test and the Future Landscape
The divergence between the Bybit hack and the FTX collapse offers the most important lesson of 2025. In 2022, the loss of customer funds revealed an empty balance sheet and fraud, leading to immediate bankruptcy. Bybit’s ability to absorb a $1.46 billion slump in 2025 suggests that top-tier platforms have accumulated enough capital to treat massive security failures as a survivable operating expense.
However, this resilience comes with a caveat, as the concentration of risk has never been higher. Attackers are now targeting centralized chokepoints, and state actors are devoting enormous resources to breaching them. For builders and companies, the era of “acting quickly and breaking things” is finally over. Security and compliance are now hurdles to market access.
For more information, visit https://cryptoslate.com/crypto-hacks-dropped-by-half-in-2025-but-the-data-reveals-a-much-deadlier-financial-threat/
