Crypto Heist Stats: 2025’s Half Was Worse Than All of 2024, and It Will Get Worse

Numbers don’t lie, and in this case, they lay out a pretty dark scenario. According to a recently published report by Chainalysis, a whopping 2,17 billion USD were stolen from crypto services just in the first half of 2025. Hacken points to an overall loss of 3,1 billion USD across the Web3 industry.

If hacks like DPRK’s keep happening, the value of stolen crypto can reach 4 billion USD by the end of this year. This article explores the latest in crypto scams and thefts from the first half of 2025.

We looked at Chainalysis’s 2025 mid-year crypto crime report, and perhaps the most worrying aspect of its findings is that it’s not just crypto services and companies that have to be cautious. It’s also personal wallet owners as they “make up a growing share of total ecosystem value stolen over time”.

Crypto Services: Where the Real Money (Still) Is
When successful, stealing from a crypto service is still the most profitable choice for cybercriminals, because that’s still where the biggest volumes reside. We just need to look at the biggest crypto heist in history, which happened not long ago, in February 2025. North Korea’s Lazarus Group was able to steal 1,5 billion USD from Dubai-based company, Bybit. 300 million of those were never recovered. CSIS says an estimate of at least $160 million of the funds stolen were laundered within the first 48 hours of the attack. Experts say the criminals used advanced techniques, and although this experience forced cybersecurity specialists to find new ways to avoid sophisticated attacks, hackers will always be looking for new strategies too.

Back in May, Coinbase also suffered a hack that culminated in a loss of up to 400 million USD. The method involved data theft and ransom demands. Cetus, the biggest DEX on Sui, also suffered an attack when criminals leveraged a flaw to steal 223 million USD.

It’s a cyber warfare world
Guns and armies aren’t the only tools for warfare nowadays. In this article, published in March 2025, we mention how cyber warfare is becoming a powerful tool to pit regimes and countries against each other. Just recently, in June, pro-Israel hackers stole around 90 million USD from Nobitex, Iran’s biggest crypto exchange. According to CNN, the hack seems to have been aimed at weakening the Iranian regime after an Israeli military attack on Tehran. The perpetrator, a pro-Israel group called Predatory Sparrow, is also linked to other crimes, such as the destruction of Iran’s state-owned Bank Sepah’s data. Although both countries have been exchanging cyber attacks for a few years, it’s now clear that it has entered the crypto sphere.

The US and China are also known for dabbling in cyber warfare, and just this month, Microsoft found itself in the middle of it. According to Cryptopolitan, China accused the Americans of using “a flaw in Microsoft’s messaging service to steal military intelligence and hit its defense industry.”

Then, there is, of course, the already mentioned North Korean Lazarus Group, which has been wreaking havoc across the internet through a series of well-orchestrated attacks, lately focusing on the crypto industry.

Phishing and Social Engineering Schemes for the Win
According to Hacken’s Web3 Security report, of the 3,1 billion USD lost in the industry, 600 million were obtained via phishing and social engineering schemes, which are the hottest hacking trend right now. These strategies combined are used to deceive victims into believing they are operating on legitimate Web3 websites and apps, when they are, in fact, powered by perpetrators to steal sensitive information such as passwords. “So far this year, we’ve seen over $3.1 billion in losses from smart-contract bugs, access-control oversights, rug pulls, and scams due to phishing and social engineering”, says the report.

Access control exploits make up for more than 1,8 billion USD of 2025’s H1 total losses. Phishing scams were responsible for 594,1 million, and rug pulls for 300 million of it.

Personal Wallets: A New Frontier for Hackers
With crypto service companies tightening their security, it’s only natural that hackers find another source of income — the personal wallets of crypto users who’ve been gathering generous amounts of assets.

Another logical reason is the fact that there are way more crypto holders now than 5 or even 2 years ago. Digital money has become more popular, even amongst older generations. Platforms are offering simpler UXs that are easier to navigate, and having crypto in a wallet is now (almost) as easy as having money in a bank app. Triple A’s data points to a 33% increase in the number of crypto holders from 2023 (420 million) to 2024 (562 million). This means 7% of the global population owns crypto in some way. Most of these people are in the UAE, Singapore, and Turkey.

The value of different crypto assets (especially Bitcoin and ETH) has been on the rise as well, which means the money that’s in each wallet is also increasing, which makes personal wallets an even more attractive target.

According to Chainalysis, individual users are the source of 23,35% of stolen funds until July 2025. Although hacks seem to keep hitting bitcoin holders the hardest, people who own other assets in different ecosystems, such as Solana and ETH, have to be careful as well: “while bitcoin holders are less likely to fall victim to targeted theft than individuals holding assets on chains, bitcoin holders experience more catastrophic losses in terms of value taken.”

Violence in the mix
Violent crimes against persons (VCAP) related to crypto have been on the rise everywhere since 2022, with serious cases culminating in death. These crimes are called wrench attacks, and kidnapping is the preferred method, along with burglary and robbery. The numbers released by Coinmonks are striking: “In the past three and a half years, 113 cases have been publicly reported, resulting in over $166 million in losses, the deaths of six victims, and the unspeakable torture of many others.” This article by Crisis24, on the rise of violence and kidnappings in the age of digital wealth, is also an interesting read.

While crypto hacks tend to remain within cyberspace, there’s been a rise of very real, physical violence associated with it. In March of last year in the Philippines, the CEO of Elison Steel, Anson Que, and his driver were abducted and murdered in the midst of an elaborate scheme. With the help of junket operators, the perpetrators were able to convert the ransom payments into crypto using wallets meant for casino gaming and digital assets so as to make it less traceable.

In January 2025, Ledger’s co-founder, David Balland, was also a victim of a violent attack, with crypto playing center stage. After maiming Balland, the criminals sent a video to co-founder Eric Larcheveque requesting ransom money, CNBC reported. After Larcheveque sent part of the money, the investigators were able to trace the attackers’ location.

The father of a crypto company owner and millionaire was abducted in Paris last May, and the purpose was the same: to ask for a ransom. The man was also maimed, and the family had been threatened before. There has been a rise in VCAP in France, with several wealthy people being abducted and victimized throughout 2024 and the first half of 2025.

How Is the Money Being Laundered?
There are striking differences regarding the methods and tools used to launder money stolen from crypto services and from personal wallets.

The first usually goes through bridges for chain hoping — so it’s harder to follow the money — and mixers. When it comes to laundering money from individual users, the preferred tools are token smart contracts and sanctioned DEX entities such as Garantex.

How Can Users and Companies Protect Themselves?
The best way for Web3 companies to protect themselves from external threats seems to be prevention in the form of code and security audits, robust security systems, and “technical wallet infrastructure improvements, particularly the implementation of multisignature hot wallet addresses”. Chainalysis believes this adds an extra layer of protection, even if individual keys are compromised.

For individual users, the safest option is probably the use of cold wallets (in this article, we explain the differences between types of wallets). However, using a privacy-preserving service that keeps the user’s crypto amount and transfers privately, like Incognitee, is also a great way to keep out of harm’s way. Why? Because one of the most attractive things for hackers today is crypto-wealthy investors. If their digital money is kept on-chain, it is very likely that cybercriminals can find a way to get into their wallets.

When using privacy-preserving services that allow you to both store and transfer money privately, you are staying away from hackers by adding an extra layer of security, making disclosure of amounts harder.

• • •

About Integritee

Integritee is the most scalable, privacy-enabling network with a Parachain on Kusama and Polkadot. Our SDK solution combines the security and trust of Polkadot, the scalability of second-layer Sidechains, and the confidentiality of Trusted Execution Environments (TEE), special-purpose hardware based on Intel Software Guard Extensions (SGX) technology, inside which computations run securely, confidentially, and verifiably.

Community & Social Media:
Join Integritee on Discord | Telegram | Twitter | Medium | Youtube | LinkedIn | Website

Products:
L2 Sidechains | Trusted Off-chain Workers | Teeracle | Attesteer | Securitee | Incognitee

Integritee Network:
Governance | Explorer | Mainnet | Github

TEER on Exchanges:
Kraken | Gate | Basilisk