Crypto-related theft reached an unprecedented scale in 2025, with total losses exceeding $4.04 billion, according to PeckShield’s annual security report. The findings highlight a troubling shift in the digital asset landscape, where attackers are launching fewer incidents but causing far greater financial damage.
Compared with previous years, the increase is stark. Losses rose 34.2% from the $3.01 billion stolen in 2024 and were roughly 55% higher than the $2.61 billion recorded in 2023. Despite a decline in the number of security incidents overall, the total value stolen surged, signaling a move toward highly targeted, high-impact attacks.
PeckShield described 2025 as a “record-breaking year for crypto-related theft,” driven largely by weaknesses in centralized infrastructure and a growing reliance on sophisticated social engineering tactics.
Exploits Remain the Primary Threat
Exploits continued to dominate the threat landscape, accounting for 66% of total losses in 2025. These attacks—often involving smart contract vulnerabilities, compromised private keys, or infrastructure breaches—resulted in approximately $2.67 billion in stolen assets. That figure represents a 24.2% increase year over year, underscoring how damaging technical failures remain for the industry.
While the number of exploit incidents declined, attackers appeared more strategic, focusing on platforms where a single breach could yield massive payouts.
Scams ranked as the second-largest source of losses, with $1.37 billion stolen in 2025. This marked a 64.2% increase compared to the previous year, reflecting the growing effectiveness of deceptive schemes.
The report also emphasized the expanding role of social engineering, including phishing and impersonation attacks. These tactics accounted for 12% of total losses and rely on manipulating users rather than exploiting flaws in blockchain code. As platforms improve their technical defenses, attackers are increasingly turning to human psychology as the weakest link.
Asset Recovery Falls Behind
Recovery efforts failed to keep pace with rising theft. Only about $334.9 million in stolen crypto was recovered or frozen in 2025, a notable decline from the $488.5 million recovered in 2024. PeckShield attributed the drop to more advanced laundering techniques, which make tracing and freezing stolen funds increasingly difficult.
Largest Crypto Heists of 2025
PeckShield’s report detailed the ten biggest crypto thefts of the year, with losses ranging from tens of millions to well over $1 billion. Among the most significant incidents were:
Bybit: The largest crypto theft ever recorded, with North Korea’s Lazarus Group stealing over $1.4 billion from the exchange.
Libra Token: A major rug pull that left investors facing losses of around $251 million.
Cetus Protocol: A decentralized exchange on the Sui blockchain that lost more than $200 million in a single exploit.
Nobitex: Iran’s largest crypto exchange reportedly suffered losses of approximately $81.7 million after an attack linked to Gonjeshke Darande (Predatory Sparrow).
Uneven Losses Throughout the Year
Crypto theft in 2025 was not evenly distributed across the calendar. February was the worst month, with $1.77 billion in losses, largely due to the Bybit hack. In contrast, October saw the lowest losses of the year at approximately $21.6 million, although theft activity rose again in November.
A Troubling Start to 2026
Early signs suggest these trends may continue. Just 13 days into 2026, the crypto industry has already been hit by two major incidents: the Truebit exploit and a social engineering attack targeting users of the investment platform Betterment.
Together, these developments reinforce a clear message from PeckShield’s report: as the crypto ecosystem matures, security threats are becoming more sophisticated, more targeted, and far more costly—raising the stakes for platforms and users alike.