Crypto Crime Mid‑Year 2025: $2.17B Stolen and Counting
By mid-2025, the crypto world has already lost over $2.17 billion to cyberattacks, wallet thefts, and sophisticated AI-powered scams. From global exchange breaches to targeted personal heists, the pace of digital crime is accelerating, and experts warn the year’s second half could be even more dangerous.
Crypto Crime in 2025: At a Glance
Bybit Exchange Hack
In February 2025, crypto exchange Bybit suffered one of the largest digital heists in history, losing approximately $1.5 billion in Ethereum (around 401K ETH at the time) during what should have been a routine transfer from its cold wallet to a warm wallet.
The FBI later attributed the attack to the Lazarus Group, a North Korea-linked cybercrime outfit infamous for high-stakes financial thefts. Investigators found that the stolen funds were quickly converted into other cryptocurrencies and spread across thousands of wallets to obscure the trail.
How the Attack Worked
The breach was not the result of a traditional coding flaw but of a sophisticated deception at the user-interface level. According to a detailed analysis by Sygnia and Check Point Research, hackers compromised Bybit’s wallet interface, injecting malicious JavaScript to alter what operators saw during the signing process. While the interface displayed a legitimate transfer, the underlying smart-contract logic had been quietly altered to send the Ethereum to attacker-controlled addresses.
This type of “blind signing” exploit side-stepped even multi-signature cold wallet protections, revealing a dangerous new class of vulnerability.
Fallout and Response
Bybit moved quickly to reassure customers that all client assets remained fully backed on a one-to-one basis. The exchange processed more than 580,000 withdrawal requests in the aftermath, froze millions of dollars in associated assets, and launched a bounty program offering up to 10% of recovered funds.
Security experts say the incident marks a turning point in crypto-asset protection, underscoring that even the most hardened systems can be undone if operators cannot trust the interface in front of them.
Learn how to spot scams and protect your crypto with our free checklist.
Phemex Exchange Breach
On January 23, 2025, Singapore‑based crypto exchange Phemex suffered a major hot‑wallet breach, with losses reported between $70 million and $85 million, depending on the source.
Incident Response
As soon as the breach became evident—Phemex detected unusual activity at 11:30 UTC—the exchange promptly halted deposits and withdrawals, alerted third‑party security firms and law enforcement, and published a Proof of Reserves to reassure customers that cold wallets were uncompromised.
Recovery was staged methodically: withdrawals for Ethereum-based assets resumed first, followed by Bitcoin, Solana, and eventually other blockchains such as Arbitrum, Optimism, BSC, Polygon, and Base. Users were advised to discontinue use of old deposit addresses to avoid delays or misdirected funds.
Analysis by Merkle Science further tracked the asset flow across multixple chains and confirmed that the incident was indeed a coordinated hack, not routine activity. The firm noted hacks across up to 16 blockchains, estimated the stolen funds at $73 million, and highlighted the importance of tools like blockchain analytics and real-time monitoring to manage such risks.
Nobitex Exchange Cyberattack (Iran)
On June 17–18, 2025, Nobitex, Iran’s largest cryptocurrency exchange, was targeted in a high-stakes cyberattack attributed to the Israel-linked hacker group Predatory Sparrow (Gonjeshke Darande).
Over $90 million, which included Tether (USDT), Bitcoin, Ethereum, and Dogecoin, was drained from the exchange’s hot wallets. The hacker group accused Nobitex of being a linchpin in Iran’s sanctions-evasion infrastructure, and enabling regime-linked financial operations and militant funding. The stolen funds were deliberately sent to inaccessible “vanity” addresses emblazoned with anti-IRGC slogans, effectively burning the funds as a pointed political statement, not for profit.
Fallout, Data Leak & Aftermath
Following the breach, Nobitex’s app and website went offline amid an internal investigation into unauthorized system access. The attackers threatened (and in some cases, followed through) on releasing Nobitex’s source code and internal documentation, exposing critical insights into how the exchange operated within Iran’s tightly regulated, sanctions-stricken fiat infrastructure.
TRM Labs also revealed that user withdrawals had surged ahead of the hack, indicating that Iranians were already shifting assets off the platform amid rising geopolitical tensions. After the breach, incoming transactions dropped sharply, with some users permanently avoiding the exchange.
Iran’s government responded by imposing trading curfews on domestic crypto exchanges, and cyber activity, including an internet blackout, further disrupted financial services.
CoinDCX Platform Breach
In mid‑July 2025, India’s largest crypto exchange, CoinDCX, fell victim to a sophisticated hack that compromised one of its internal operational wallets, used solely for liquidity provisioning on a partner platform. The breach resulted in a loss of approximately $44 million.
Despite the financial hit, the company was quick to reassure users that their personal funds, stored securely in segregated cold wallets, remained completely untouched.
Rapid Response & Industry Lessons
CoinDCX moved swiftly to isolate the affected systems, contained the breach, and confirmed that trading operations and INR withdrawals remained fully functional during the incident. To preserve customer confidence, the platform released a Proof of Reserves, which re-confirmed that user assets are backed 1:1 and remain secure.
Importantly, CoinDCX took full financial responsibility for the loss, absorbing it with its corporate treasury reserves. They also launched a bug bounty and recovery program, offering up to $11 million for information leading to the recovery of stolen funds.
Personal Wallet Thefts: A Growing Share of Crypto Crime
In the first half of 2025, personal wallet breaches continued to be a major driver of crypto crime. CertiK’s Hack3d Report reveals that compromised wallets accounted for roughly $1.71 billion in losses across just 34 incidents, while phishing scams added another $410 million over 132 attacks.
Chainalysis also noted this rising trend: personal wallet compromises now represent 23.35% of all stolen funds in 2025 so far, signaling that attackers are increasingly targeting everyday users, not just big exchanges.
One of the big contributors to these numbers was a new malware campaign dubbed JSCEAL. Launched in early 2025, it slips past antivirus software via evasive JavaScript. This malware, distributed through thousands of deceptive online ads and counterfeit wallet/exchange apps, successfully targeted over 10 million users globally, harvesting their wallet credentials and private keys.
Remember that there are many things that go into keeping your crypto wallet safe—including avoiding using it on devices that may have been compromised. Like the PC you use to browse the Internet and never run the antivirus on. Or your Android phone that you frequently get new APKs for.
Read more: Top Crypto Wallets in 2025
AI-Driven Crypto Scams
AI is taking over our world, and even crypto scams aren’t an exception. Fraud tactics once limited by human skill are now being automated and enhanced by AI models capable of producing lifelike visuals, voices, and written communication on demand.
This year has already seen a surge in deepfake-based fraud. A joint report by Bitget, SlowMist, and Elliptic identified at least 87 scam rings dismantled in the first quarter alone, many using AI-generated faces and voices to impersonate trusted figures.
Chainalysis has also flagged the growing prevalence of AI in phishing bots, voice cloning schemes, fake trading platforms, and impersonations in messaging apps, warning that these methods are becoming harder to detect. The company also reported that vendors selling AI-powered scam services have seen their revenues grow by more than 1,900% in 2025.
Disclaimer: Please note that the contents of this article are not financial or investing advice. The information provided in this article is the author’s opinion only and should not be considered as offering trading or investing recommendations. We do not make any warranties about the completeness, reliability and accuracy of this information. The cryptocurrency market suffers from high volatility and occasional arbitrary movements. Any investor, trader, or regular crypto users should research multiple viewpoints and be familiar with all local regulations before committing to an investment.
The post Crypto Crime Mid‑Year 2025: $2.17B Stolen and Counting appeared first on Cryptocurrency News & Trading Tips – Crypto Blog by Changelly.
Cryptocurrency News & Trading Tips – Crypto Blog by Changelly
