Major Exploits of 2025

Introduction

Crypto losses reached $3.4B in 2025, closely matching 2024's totals. However, the nature of theft shifted dramatically. North Korean hackers led the charge, with losses concentrated in fewer but larger attacks.

The trend is clear: exploits now target supply chains and human weaknesses rather than just smart contract vulnerabilities. Traditional security like audits and multisig wallets are proving insufficient.

Bybit Hack

February's Bybit breach ranks among 2025's worst, with $1.4-1.5B stolen. The FBI traced it to North Korea's TraderTraitor group within days.

Unlike typical hacks, this targeted Bybit's infrastructure partner. Hackers compromised a Safe wallet admin, injecting malicious code into the interface. During a routine transfer, the code swapped wallet addresses, draining 401,000 ETH.

Attack Pattern

The laundering strategy differed from typical operations. Attackers moved funds in smaller chunks (60% under $500K) using Chinese services on 45-day cycles.

Most hackers move larger amounts ($1-10M). Private key compromises caused 88% of Q1 losses. North Korean operatives infiltrate companies as IT contractors, gaining insider access for both immediate theft and long-term intelligence gathering.

Trust Wallet & Cetus

Trust Wallet's December browser extension hack affected $7M in user funds, which the company fully reimbursed. Version 2.68 users needed immediate updates.

Cetus Protocol lost $220-223M in May through an integer overflow vulnerability. Attackers used flash loans to manipulate liquidity calculations, creating fake tokens that appeared massively over-collateralized. They drained 46 pools in 15 minutes before Sui validators froze $162M.

Balancer V2 

November's Balancer V2 exploit drained $128M across multiple chains. Two flaws enabled the attack: weak access controls let attackers spoof transactions, while a rounding bug created precision errors. Hackers chained 65 micro-swaps, compounding errors to manipulate prices by 10%.

Ethereum lost $99M alone, with Arbitrum, Base, Polygon, Optimism, and Berachain also hit. Over 20 Balancer forks inherited the bug.

Social engineering on the rise

North Korean tactics evolved beyond simple phishing. Attackers now impersonate executives and investors, plant fake IT workers inside crypto firms, and hijack verified accounts.

AI tools accelerate these campaigns by scanning code repositories for vulnerabilities and replicating exploits across chains within hours. Fake Coinbase support operations alone stole over $100M. Infrastructure exploits averaged $30M each.

October Crash, Part 1 

October 10 marked crypto's largest liquidation event: $19.3B vanished in 14 hours, with $3.21B gone in the first 60 seconds. 1.6M traders were liquidated. Two simultaneous shocks hit (Trump's 100% China tariff announcement and MSCI's consultation on excluding digital asset treasuries), giving markets no time to process.

Order book depth collapsed 85%, with BTC spreads exploding from 0.02 to 26.43 basis points (1,321x increase).

October Crash, Part 2

The crisis centered on Binance, where USDe collateral liquidity evaporated. While other exchanges traded normally, Binance prices crashed, triggering market-wide liquidations. Oracle manipulation turned a $60M sell-off into a $9.6B cascade.

Recursive USDe leverage allowed 10x stacked positions on manipulatable prices. The deleveraging wiped $65B in open interest. Binance's API and UI failures prevented traders from adding collateral or buying dips.

Market Failures & Notable Mentions

Binance's stablecoin issues looked widespread but were platform-specific. The exchange compensated users $283M while competitors operated normally.

Other major 2025 breaches included Phemex ($73M), UPCX ($70M), and Bitget ($100M). Bitget's incident involved traders gaming a faulty automated trading bot.

Lessons Learned

Smart contract audits improved, but attackers adapted. Bybit fell to supply chain compromise, not code flaws. The October crash exposed exchange infrastructure gaps. Both Cetus and Balancer had passed multiple audits yet were still exploited.

Effective security requires real-time transaction monitoring, supply chain validation, assuming any insider could be compromised, and resilient market infrastructure that withstands stress, not just choosing one defensive layer.