- More than $1.5bn of crypto was lost to scams and theft in Q1 2025, report says
- Most of the funds were lost in the ByBit hack
- Wallet compromise is the most common way people lose their crypto
When it comes to scams and theft, crypto hasn’t had a great year so far. Just in the first quarter of the year, hackers stole more than $1.67 billion across 197 security incidents. This is according to a new report published by blockchain cybersecurity pros CertiK.
The Q1 2025 Hack3d Report says the figure represents a 303.38% increase in value compared to the previous quarter. Across the industry, the average loss per incident was $9,549,339, CertiK further said, while the median loss per incident was $66,303.
The total value of funds returned was $6,390,698, leading to adjusted total losses of $1,662,600,186 for the quarter. Sadly enough, just 0.4% of stolen funds were returned to customers, but that’s basically how blockchain works, since most transactions are irreversible.
Wake-up call
Without a wider context, these figures could be a bit misleading, though. Almost all of the money stolen fell on just one incident – the ByBit hack in late February 2025.
ByBit, a major cryptocurrency exchange, lost $1.5 billion in Ethereum, in an attack that was attributed to North Korea’s state-sponsored Lazarus Group. The hackers infiltrated Safe{Wallet}’s infrastructure, injecting malicious JavaScript that deceived ByBit’s security team into approving unauthorized transactions.
Lazarus is one of the world’s most infamous threat actors, deploying enormous state resources to steal cryptocurrencies, which are then used to fund the government’s state apparatus and its weapons program.
“Hackers are using increasingly sophisticated techniques, and it is now more important than ever for blockchain businesses and projects to proactively invest in robust security measures,” said CertiK Co-Founder Ronghui Gu. The Bybit breach is a wake-up call for the entire industry. Security is not simply a competitive edge – it is a shared responsibility.”
The most costly attack vector is wallet compromise, followed by private key compromise, code vulnerability, and phishing.
You might also like
https://cdn.mos.cms.futurecdn.net/nsvXLHiVRRsmD2mqF3oLYo-1200-80.jpg
Source link
