2025 Crypto theft losses exceed $3.4 billion! Chainalysis: Personal wallets become the latest hotspot

According to the latest statistics from blockchain intelligence firm Chainalysis, the total amount of stolen crypto worldwide in 2025 has surpassed $3.4 billion. Despite efforts across the industry to strengthen cybersecurity this year, the security situation remains severe due to North Korean hackers “precisely targeting” large exchanges and “widespread” attacks on individual users.

Statistics show that just in February this year, the Bybit hack resulted in $1.5 billion stolen, accounting for about 44% of the total annual losses; the top three thefts combined account for 69%.

Even more concerning is that Chainalysis found a clear shift in hacker focus in 2025 toward “personal crypto wallets” and private keys, with astonishing growth. The report states:

The proportion of personal wallet intrusions has increased significantly, from only 7.3% of total thefts in 2022 to 44% in 2024.

Chainalysis pointed out that from early January to early December this year, there were as many as 158,000 cases of personal wallet intrusions involving at least 80,000 different victims. Although the total amount stolen from individuals has decreased from $1.5 billion last year to $713 million, this instead indicates a strategic shift among hackers—no longer just targeting large holders, but “casting a wide net and catching small fish,” with smaller amounts for higher hit rates.

Data also shows that the victimization rate per 100,000 wallets on Ethereum and Tron is significantly higher than on emerging chains like Base or Solana.

Even though most large exchanges and centralized services (CeFi) have invested heavily in cybersecurity, data shows that in the first quarter of 2025 alone, attacks caused by private key leaks accounted for 88% of all stolen funds.

DeFi Security Improvements

In contrast, the security of decentralized finance (DeFi) protocols has surprisingly improved. Chainalysis noted that although the total value locked (TVL) in DeFi has rebounded, the losses from hacks have not increased proportionally. This is a stark contrast to previous bullish cycles—where rising TVL often correlated with higher success rates for hackers.

Chainalysis cited the September incident involving Venus Protocol as a prime example of how improved security measures can have a tangible impact. At that time, Venus Protocol used the security monitoring platform Hexagate to detect abnormal activity 18 hours before an attack, immediately paused the system, and successfully recovered funds within hours.

Subsequently, Venus Protocol used governance mechanisms to freeze $3 million worth of assets held by the hacker, ultimately causing the attacker to “lose both the money and the fight.”

Chainalysis commented:

Proactive monitoring, rapid response capabilities, and decisive governance actions are making the entire DeFi ecosystem more agile and resilient.

While hacker attacks still occur, the ability to detect, respond, and even reverse losses from attacks signifies that the DeFi industry is gradually maturing. The dark era of “permanent loss upon being hacked” is no longer present.

North Korea’s Crypto Theft Surpasses $2 Billion in 2025

Among all threat sources, North Korea remains the most challenging and destructive adversary in the crypto world.

Chainalysis states that in 2025, North Korean hacker groups have stolen at least $2.02 billion in crypto assets, a jump of $680 million from last year, setting a new record.

As of this year, North Korean-backed cybercriminals have stolen a total of $6.75 billion in crypto, much of which has been used to fund nuclear weapons development.

Chainalysis emphasizes that what sets North Korea apart from typical hackers is its almost “military-grade” operational mode.

One of their key tactics is to deploy fake IT personnel to infiltrate crypto companies, gaining access to fund management permissions. The surge in crypto theft amounts in 2025 reflects North Korea’s increasing reliance on such infiltration strategies.

In money laundering pathways, North Korea also demonstrates highly organized features, typically maintaining a fixed cycle of about 45 days:

• First 5 days: Rapidly cut off cash flow through DeFi protocols and mixers;
• Second week: Transfer funds to non-KYC exchanges and cross-chain bridges, and begin attempting withdrawals;
• Days 20–45: Shift to Chinese-based platforms (like Huione) and some centralized exchanges, converting stolen assets into fiat or other assets.

Chainalysis concludes with a warning:

• As North Korea continues to treat crypto theft as a state-level strategic tool, the industry must face a harsh reality—these adversaries do not follow the usual rules of cybercrime.
• The key in 2026 is not just post-incident investigation, but the ability to detect and intercept such “Bybit-level” thefts before they happen.

_ Disclaimer: This article is for market information only. All content and opinions are for reference only and do not constitute investment advice. They do not represent the objective views or positions of BlockCast. Investors should make their own decisions and transactions. The author and BlockCast are not responsible for any direct or indirect losses resulting from investor transactions. _