Ah, 2025-a year so bruising for cybersecurity that one might mistake it for a poorly choreographed ballet of blunders, ending with a staggering $3.4 billion in crypto pilfered across hundreds of incidents. Independent tallies, as meticulous as a Victorian butler, count over 300 major security incidents. At least $2 million of these thefts, my dear reader, were attributed to the North Korean hackers, who, it seems, have traded their nuclear ambitions for digital heists, most notably in the Bybit debacle. 🌍💰
The 2025 Skynet Hack3d Report is here. 🎭
$3.35B lost. 700+ incidents. New attack vectors. Key trends. 🕵️♂️
Get the most detailed breakdown of Web3 security in 2025, from exploits to insights. 📚
Read the full report👇
– CertiK (@CertiK) December 23, 2025
Below, my curious friend, are the five most audacious heists of 2025, including one driven primarily by social engineering-a modern-day con so sophisticated it would make even the most seasoned dandy blush. 🎩
Bybit: $1.5b (February 2025)
U.S. authorities, with all the drama of a Shakespearean tragedy, attributed the largest crypto theft in history to North Korea’s Lazarus Group. These digital brigands, it seems, took control of a cold ETH wallet and laundered funds across chains with the finesse of a Parisian pickpocket. Exchange disclosures and forensic analysis revealed that large portions were routed through THORChain and split across tens of thousands of addresses-a financial labyrinth even Daedalus would envy. 🧩
According to a later report by Crystal Intelligence, the attack Bybit faced was a sophisticated operation that compromised its frontend, tricking employees into believing they were signing legitimate transactions. WazirX and Phemex were similarly ensnared. Following the incident, Bybit launched a 10% recovery bounty and engaged blockchain investigators to freeze the stolen funds. Alas, most remain in motion, like a Wildean wit at a dull party. 🕺
Cetus DEX (Sui): $220m (May)
Sui’s largest DEX, Cetus, was drained of $220 million in just 15 minutes-a heist so swift it would make even the most seasoned highwayman envious. According to Merkle Science, the hackers did not exploit a smart contract vulnerability, the usual culprit in such tales. Instead, they benefited from a rounding bug in a third-party math library, a flaw as subtle as a Wildean irony. An attacker manipulated pool parameters and extracted assets, leaving the team to pause contracts and claim $160 million had been frozen or recovered. Yet, $60M remained at risk, making this the year’s most significant DeFi exploit and briefly halting trading in the Sui ecosystem. 🦄
Balancer: $116m (November)
A breach in Balancer, a popular DeFi protocol, was initially spotted by crypto sleuths on X. An attacker exploited a rounding bug in Balancer V2’s stable pool logic across Ethereum and several L2s and sidechains-a technical root cause as convoluted as a Wildean plot. Initial estimates placed losses near $120 million, with the bulk on the Ethereum mainnet. A dormant whale withdrew $6.5 million just after the hack, and Balancer’s Total Value Locked (TVL) halved from $442 million to $214.5 million in a single day. Most funds, however, were traced, and the wallets are now closely monitored for potential transactions to freeze the stolen funds. 🕵️♂️
Phemex (CEX): $73m (January)
Phemex, a centralized exchange based in Singapore, saw its hot-wallet compromised across 16 chains-a breach as widespread as Wilde’s wit. Security firms flagged dozens of suspicious outflows from Phemex hot wallets spanning major networks. This was the first big hack of 2025 that shook the community. ZachXBT, a prominent expert on X, proved that the Phemex and Bybit attacks were carried out by Lazarus and used similar addresses. After the incident, the company halted deposits and withdrawals, but by February, services were fully resumed with additional security hardening. 🛡️
Lazarus Group just connected the Bybit hack to the Phemex hack directly on-chain commingling funds from the initial theft address for both incidents. 🎭
Overlap address:0x33d057af74779925c4b2e720a820387cb89f8f65
Bybit hack txns on Feb 22, 2025:…
– ZachXBT (@zachxbt) February 22, 2025
Upbit (CEX): over $30m (November)
South Korea’s largest exchange, Upbit, reported a hack in November, with a total impact of 44.5 billion won (around $34 million). Customers were reimbursed from reserves, while 5.9B ($4 million) in Upbit corporate funds was lost. Just a small portion of $1.77 million was frozen through tracing. Upbit halted Solana flows, moved funds to cold storage, coordinated freezes with issuers/exchanges, and gradually reopened wallets using new deposit addresses. Even with reimbursement, the incident underscored CeFi’s concentration risk. 🏦
2025 Crypto Hacks in Numbers
- Total stolen: $3.3-3.4 billion (a range as broad as Wilde’s humor). 💰
- Incident count: ~313 major cases (Beosin/Footprint). 📊
- H1 snapshot: around $2.5 billion stolen across over 300 incidents. According to CertiK, this already exceeds the total for 2024. 📈
- Typical attacks: compromised wallets and phishing/social engineering were material drivers. 🎣
- Platforms targeted: A few infrastructure-level attacks dominated losses (e.g., Bybit), while overall DeFi incident counts remained much higher, though with more minor losses. 🏗️
🛡️ Beosin is thrilled to release the 2025 Global Web3 Security Report! 📜
🔍 Key Highlights: In 2025, total losses in the Web3 ecosystem from hacks, #phishing scams, and rug pulls reached $3.375 billion across 313 major security incidents.
Major Incidents: The largest single loss… 🕵️♂️
– Beosin 🛡 Web3 Security & Compliance (@Beosin_com) December 29, 2025
Why Social Engineering Mattered More
In general, security firms noted a shift toward human-factor and supply-chain compromises. Hackers moved from poisoned frontends and multisig UI tricks to executive impersonation and key theft, reducing the relative share of pure solidity bugs. 2025’s outlier losses were overwhelmingly due to access-control failures, not to novel on-chain math. A year of digital deceit, indeed, as Wilde might say, “Experience is simply the name we give our mistakes.” 🧐
Read More
- Lynae Build In WuWa (Best Weapon & Echo In Wuthering Waves)
- Gold Rate Forecast
- The Rookie Saves Fans From A Major Disappointment For Lucy & Tim In Season 8
- Kali’s Shocking Revelation About Eleven’s Sacrifice In Stranger Things Season 5 Is Right
- Did Nancy and Jonathan break up in Season 5? Stranger Things creators confirm the truth
- Henry Cavill’s Little Known Action Thriller Finds Huge Success on Streaming
- Stranger Things’s Randy Havens Knows Mr. Clarke Saved the Day
- Final Fantasy 9 Remake Series Confirmed With 2028 Release Window
- Justin Bieber Wants To Change The Music Industry After How It Treated Him: ‘It Didn’t Always Protect My Soul’
- Stranger Things Season 5’s Will Byers monologue took two 12-hour days to film, Noah Schnapp says
2025-12-30 23:06