2025 delivered no shortage of crypto hacks and scams, though one incident stood out from the crowd. A total of around $4 billion was lost, a 37% increase on 2024’s total, with over half linked to North Korea, according to blockchain security firm Hacken. February’s ByBit hack drained over $1.4 billion of crypto assets from the exchange after one of its cold wallets was compromised. The hack was later attributed to North Korean hackers’ crypto-focused campaign dubbed TraderTraitor.
In response to the “blind signing” problem facing multisig operators, hardware wallet manufacturer Ledger introduced a new “clear signing” feature. TRM Labs sees this as part of a shifting trend in North Korea’s “industrialization of infrastructure attacks.” The focus appears to have moved from targeting bridges (2021-2022) to service providers (2023-2024) to “CEX Mega-Heists” (2024–2025). Apart from ByBit, exchanges hit by North Korean hackers in 2025 include Swissborg, which lost $41 million in September, and Upbit, hit for $30 million in November.
Other centralized exchanges (CEXs) hacked in 2025 include CoinDCX ($44 million), WooX ($14 million), BigONE ($27 million), BtcTurk ($49 million, which also lost $55 million in 2024) and BitPro ($11.5 million). June’s politically-motivated hack of Iranian exchange Nobitex stood out, when the stolen $90 million was sent to irrecoverable addresses containing anti-Iranian messages. The year also saw significant hacks on DeFi projects, though with lower severity and frequency than previous years. The most serious incident came in November, when Balancer’s v2 pools were exploited for $129 million.
Leave a Reply