2025 Crypto theft losses exceed $3.4 billion! Chainalysis: Personal wallets become the latest hotspot

According to the latest statistics from blockchain intelligence firm Chainalysis, the total amount of stolen cryptocurrency worldwide in 2025 has exceeded $3.4 billion. Despite efforts across the industry to strengthen cybersecurity this year, the security situation remains severe, with North Korean hackers “precisely targeting” large exchanges and attacks “springing up everywhere” against individual users.

Statistics show that just the February 2025 Bybit hack resulted in $1.5 billion stolen, accounting for about 44% of the total losses for the year; the top three thefts combined account for 69% of losses.

Even more concerning is that Chainalysis found that in 2025, the focus of hacker attacks has shifted significantly toward “personal crypto wallets” and private keys, with an astonishing growth rate. The report states:

The proportion of personal wallet intrusions has increased dramatically, from only 7.3% of total thefts in 2022 to 44% in 2024.

Chainalysis noted that from early January to early December this year, there were as many as 158,000 cases of personal wallet intrusions involving at least 80,000 different victims. Although the total amount stolen from individuals has decreased from $1.5 billion last year to $713 million, this instead indicates a strategic shift among hackers — no longer focusing solely on large holders, but “casting a wide net and catching small fish” with smaller amounts for higher hit rates.

Data also shows that the victimization rate per 100,000 wallets on Ethereum and Tron is significantly higher than on emerging chains like Base or Solana.

Even though most major exchanges and centralized services (CeFi) have invested heavily in cybersecurity measures, data reveals that in the first quarter of 2025, attacks caused by private key leaks accounted for 88% of all stolen funds.

Enhanced Security in DeFi

In contrast, the security of decentralized finance (DeFi) protocols has surprisingly improved. Chainalysis pointed out that although the total value locked (TVL) in DeFi has rebounded, the losses caused by hacking incidents have not increased proportionally. This contrasts sharply with previous bullish cycles — where rising TVL often correlated with higher hacking success rates.

Chainalysis cited the September 2025 Venus Protocol incident as an example of how improved security measures can make a real difference. At that time, Venus Protocol used the security monitoring platform Hexagate to detect abnormal activity 18 hours before an attack occurred, immediately paused operations, and successfully recovered funds within hours.

Subsequently, Venus Protocol used governance mechanisms to freeze $3 million worth of assets held by the hacker, ultimately causing the attacker to “lose both the horse and the rider.”

Chainalysis commented:

Active monitoring, rapid response capabilities, and decisive governance mechanisms are making the entire DeFi ecosystem more agile and resilient.

Even if hacking still occurs, the ability to detect, respond, and even ultimately reverse losses from attacks signifies that the DeFi industry is gradually maturing. The dark era of “permanent loss upon being hacked” is no longer present.

North Korea’s Crypto Theft Surpasses $2 Billion in 2025

Among all threat sources, North Korea remains the most challenging and destructive adversary in the crypto world.

Chainalysis stated that in 2025, North Korean hacker groups have stolen at least $2.02 billion in crypto assets, a $680 million increase from last year, once again setting a record.

As of this year, North Korean-backed cybercriminals have stolen a total of $6.75 billion in cryptocurrency, much of which has been used to fund nuclear development.

Chainalysis emphasized that what sets North Korea apart from typical hackers is their “military-grade” operational mode.

One of their key tactics involves arranging fake IT personnel to infiltrate crypto companies, thereby gaining access to fund management rights. The surge in crypto theft amounts in 2025 reflects North Korea’s increasing reliance on such infiltration strategies.

In terms of money laundering pathways, North Korea also demonstrates highly organized characteristics, typically maintaining a fixed cycle of about 45 days:

• First 5 days: Rapidly cut off funds through DeFi protocols and mixers.
• Weeks 2: Transfer funds to non-KYC exchanges, cross-chain bridges, and begin attempting withdrawals.
• Days 20–45: Switch to Chinese-based platforms such as Huione and some centralized exchanges, converting stolen assets into fiat or other assets.

Chainalysis issued a final warning:

• As North Korea continues to view crypto theft as a state-level strategic tool, the industry must face a harsh reality — these adversaries do not follow ordinary cybercrime rules.

• The key in 2026 is not just post-incident investigation, but whether we can detect and intercept a “Bybit-level” theft before it happens.

  _ Disclaimer: This article is for market information only. All content and opinions are for reference only and do not constitute investment advice. The viewpoints do not represent the stance of BlockTalk. Investors should make independent decisions and transactions. The author and BlockTalk are not responsible for any direct or indirect losses resulting from investor transactions. _