Crypto hacks hit $2B in Q1 2025, $1.63B from access control flaws

Crypto hacks led to $2 billion in losses in Q1 2025, with $1.63 billion of that amount linked to flaws in access control.

The first quarter of 2025 saw more than $2 billion lost to crypto hacks, with Bybit’s $1.4 billion exploit driving the surge in access control breaches.

Hacken, a crypto cybersecurity firm, reported that access control exploits caused almost $1.63 billion in losses during Q1 2025.

Anmol Jain, vice president of investigations at crypto forensics firm AMLBot, attributed the exceptionally high figure to the recent Bybit hack.

Crypto cybersecurity firm PeckShield released similar data recently.

Excluding scams, PeckShield’s report indicated that crypto hacks in Q1 2025 amounted to $1.6 billion.

Reports from late February revealed that North Korean hackers behind the $1.4 billion Bybit exploit control over 11,000 cryptocurrency wallets to launder stolen funds.

North Korean state actors’ increasing participation reflects the escalating sophistication and scope of these operations. This hack significantly influenced the data for this quarter.

Looking at the $2.25 billion total loss for 2024, the Q1 2025 loss stands out even more. Hacken shared an essential lesson on the topic:

“Securing digital assets requires more than just secure on-chain code — the entire infrastructure, from front-end interfaces to internal processes, must be equally hardened, as all it takes is a single weak spot to wreck the entire system.“

Hacken’s report emphasized that, in recent months, even the largest centralized and decentralized players have fallen victim to operational failures, access control weaknesses, and, in a few cases, social engineering.

The report pointed out that no notable new exploits occurred in the quarter, but existing attack vectors remained highly effective.

The report also highlighted that, although smart contract vulnerabilities are still prevalent, most damage now results from failures in people, processes, or permission systems.

For the third consecutive quarter, hackers targeted multisignature wallets as the top exploit.

The Bybit hackers targeted and compromised the Safe{Wallet} front end. Bybit reports 89% of the funds remain traceable.

The Radiant Capital and WazirX hacks, which occurred in Q4 and Q3 2024, are notable past incidents involving multisignature wallet implementations.

Hacken’s report noted that scams, including phishing and rug pulls, caused significant financial damage, with phishing scams accounting for $96.37 million and rug pulls for $300 million.

Jain drew attention to the worrisome rise of crypto scams, which are increasingly becoming an industry in themselves.

“The most worrying trend is the professionalization of scam networks, where criminals operate with startup-like efficiency, including ‘training programs’ for scammers, internal quotas, and multi-stage laundering schemes using platforms like Huione Pay.“

Mid-January reports revealed that Huione, often called “the largest online illicit marketplace,” saw a 51% surge in its monthly inflows within the last half-year.

After launching its USD-pegged stablecoin and offering financial services aimed at illegal activities, the platform experienced this growth.

Anmol mentioned that operators trace pig butchering scams primarily to cybercrime centers in Southeast Asia, including Cambodia, Myanmar, Laos, and, to a lesser extent, Thailand.

Trafficked youths from India, Nepal, Vietnam, and the Philippines often carry out these activities.