In 2025, losses from cryptocurrency theft exceeded $3.4 billion! Chainalysis: Personal wallets have become the latest disaster zone.

According to the latest statistics from blockchain intelligence firm Chainalysis, the total amount of crypto assets stolen globally in 2025 has exceeded $3.4 billion. Despite the efforts to strengthen cybersecurity across the market this year, the security situation in the industry remains severe under the “precision strikes” by North Korean hackers on large exchanges and the widespread attacks targeting individual users.

According to statistics, the Bybit hack in February alone resulted in the theft of 1.5 billion dollars, accounting for about 44% of the total losses for the year; the top three theft cases combined accounted for 69% of the losses.

What is even more concerning is that Chainalysis has found that by 2025, the focus of hacker attacks will clearly shift to “personal crypto wallets” and private keys, with a remarkable growth rate. The report points out:

The proportion of personal wallets being hacked has significantly increased, rising from just 7.3% of total theft amounts in 2022 to 44% in 2024.

Chainalysis pointed out that from the beginning of January to the beginning of December this year, there were as many as 158,000 cases of personal wallets being hacked, involving at least 80,000 different victims. Although the total amount stolen from individuals has decreased from last year's $1.5 billion to $713 million, this actually indicates a shift in hacker strategies – no longer just targeting the wealthy, but rather “casting a wide net to catch small fish,” aiming for a higher hit rate with smaller amounts.

Data also shows that the victimization rate of Ethereum and Tron per 100,000 wallets is significantly higher than that of emerging chains like Base or Solana.

Even though most large exchanges and centralized services (CeFi) have invested significant resources in cybersecurity, data shows that in the first quarter of 2025, attacks caused by private key leaks accounted for 88% of all stolen amounts.

Enhancing DeFi Security

In contrast, the security of decentralized finance (DeFi) protocols has unexpectedly improved. Chainalysis pointed out that even though the total value locked (TVL) in DeFi has rebounded, the losses caused by hacks have not increased correspondingly. This stands in stark contrast to previous bull markets — in the past, as long as the TVL rose, the success rate of hacker attacks would also increase.

Chainalysis cited the Venus Protocol incident in September of this year as a clear example of how improvements in security measures can have a tangible impact. At that time, Venus Protocol successfully detected abnormal behavior 18 hours before the attack occurred, thanks to the cybersecurity monitoring platform HexaGate, promptly suspending system operations and successfully recovering funds within hours.

Afterwards, Venus Protocol further froze the 3 million USD assets held by the hackers through its governance mechanism, ultimately causing the attackers to “lose both the lady and the soldiers.”

Chainalysis commented:

Active monitoring, rapid response capabilities, and governance mechanisms that can act decisively are making the entire DeFi ecosystem more flexible and resilient.

Even though hacker attacks will still occur, the ability to detect and respond in real time, and even ultimately reverse the losses caused by the attacks, signifies that the DeFi industry is gradually maturing. The dark age of “once hacked, it's a permanent loss” is no longer present.

North Korea's cryptocurrency theft amount exceeds 2 billion USD in 2025

Among all sources of threats, North Korea remains the most challenging and destructive adversary in the world of Crypto Assets.

Chainalysis pointed out that North Korean hacker groups stole at least $2.02 billion in crypto assets in 2025, an increase of $680 million from last year, setting a new historical record.

As of this year, North Korean-backed cybercriminals have stolen a total of $6.75 billion in Crypto Assets, a large portion of which has been used to fund nuclear weapons development.

Chainalysis emphasizes that the biggest difference between North Korea and regular hackers lies in its operational mode, which is almost “military-grade.”

One of their key tactics is to arrange for fake IT personnel to infiltrate the internal operations of Crypto Assets companies, thereby gaining access to fund management permissions. The surge in stolen funds in 2025 reflects North Korea's increasing reliance on such infiltration strategies.

In the money laundering pathway, North Korea also exhibits highly organized characteristics and typically maintains a fixed rhythm of about 45 days:

• Last 5 days: Quickly cut off cash flow through DeFi protocols and mixers.
• Week 2: Fund the no KYC exchange, cross-chain bridge, and start trying to withdraw;
• Days 20 to 45: Shift to Chinese platforms with looser regulations (such as Huione) and some centralized exchanges, converting stolen assets into fiat or other assets.

Chainalysis final warning:

• As North Korea continues to view the theft of Crypto Assets as a national strategic tool, the industry must face a reality — this type of opponent does not follow the usual rules of online crime.

• The key in 2026 is not about post-event investigation, but whether it can be detected and intercepted in time before the next “Bybit-level” theft occurs.

  _ Disclaimer: This article is for the purpose of providing market information only. All content and opinions are for reference only and do not constitute investment advice, nor do they represent the views and positions of the Blockchain. Investors should make their own decisions and trades, and the author and Blockchain will not bear any responsibility for any direct or indirect losses incurred by investors' trading. _

Tags: 2025 Bybit Chainalysis Crypto Assets North Korea Theft Stolen Security Hacker