Crypto related crime surged in 2025, with hackers stealing an estimated $3.4 billion, the highest annual total since 2022. According to a new report by blockchain analytics firm Chainalysis, attackers increasingly focused on high value targets such as major exchanges, centralised services and personal wallets, while decentralised finance protocols showed stronger resilience due to improved security practices.

A few massive hacks drove most losses

Chainalysis found that just three major hacks were responsible for nearly 69 percent of total crypto losses recorded between January and early December 2025. The most significant incident was the $1.4 billion breach of crypto exchange Bybit, which alone reshaped the yearly figures.

The report noted that the scale of the largest attacks was roughly a thousand times greater than that of a typical hacking incident. Andrew Fierman, head of national security intelligence at Chainalysis, said this pattern reflects a clear shift towards what he described as big game hunting, where attackers prioritise fewer but far larger targets.

Fierman cautioned that it remains difficult to predict whether losses will rise further in 2026. He explained that yearly figures are heavily influenced by rare but extreme events, though current trends suggest that major hacks are unlikely to disappear in the near future.

Personal wallets increasingly in the spotlight

While large institutions absorbed the biggest financial blows, individual crypto users also faced growing risks. Wallet and private key compromises accounted for around 20 percent of total stolen value in 2025. Excluding the Bybit incident, that share would rise to nearly 37 percent, highlighting how exposed personal wallets have become.

This marks a sharp increase compared with earlier years. Personal wallets represented just 7.3 percent of stolen crypto in 2022, rising to 44 percent in 2024. Despite this, the total value stolen from personal wallets fell to $713 million in 2025, down from $1.5 billion the previous year.

Fierman explained that individual wallet losses tend to be smaller because personal holdings are usually far lower than those stored in exchange wallets, which pool funds from many users.

DeFi security shows signs of maturity

Decentralised finance presented a contrasting picture. Total value locked in DeFi has rebounded strongly to around $119 billion, more than double the lows seen in 2023, according to data from DefiLlama. Historically, such growth would have attracted a wave of attacks.

However, Chainalysis reported no corresponding surge in DeFi related hacks. This divergence from past trends suggests that security standards across DeFi protocols have improved significantly. The firm believes that better auditing, stronger smart contract design and more proactive risk management have made these platforms less attractive to attackers.

As a result, hackers appear to be shifting their focus away from DeFi towards wallets and centralised services, where vulnerabilities are often linked to human error or third party access.

North Korea sharpens its cyber operations

State linked hacking groups from North Korea were responsible for $2.02 billion in stolen cryptocurrency in 2025, up $681 million from the previous year. Chainalysis found that these groups carried out fewer attacks overall, but caused far greater damage per incident.

The report attributes this to increased sophistication, patience and strategic planning. Tactics included embedding IT workers within Web3 companies or exploiting weaknesses in third party vendors to gain access to sensitive systems.

Fierman noted that while the crypto industry continues to learn from each breach and strengthen its defences, North Korean operators are also evolving, constantly seeking new ways to extract value to support the regime.

Outlook remains uncertain

Chainalysis concluded that the persistence of large scale hacks highlights ongoing structural risks within the crypto ecosystem. While improved DeFi security represents meaningful progress, the concentration of losses in a small number of major incidents shows that high value targets remain dangerously exposed.

With attackers becoming more selective and more capable, the industry faces continued pressure to strengthen security across exchanges, wallets and supporting infrastructure.