In May 2025, the cryptocurrency sector was featured in the headlines several times for colossal breaches of security, with losses estimated to be about $244.1 million in overall. Overall, this is a staggering loss, with a decline of 39.29% losses estimated in the previous months’ numbers, it was still not an uneventful month at all. By far the most prominent story was the Cetus Protocol exploit, which underscores the continued vulnerability of decentralized finance (DeFi) platforms.
Cetus Protocol Exploit: The Largest Incident of the Month
The largest incident of note for May was Cetus Protocol, which suffered a $220 million exploit. In exploiting the protocol the attackers were able to influence liquidity parameters on the protocol by taking advantage of a bug related to “most significant bits check” systems to create positions that leveraged large portions of liquidity resulting in easy, incredibly disproportionate winners.
In an incredible show of cooperative mitigation, Sui Validators and the Cetus Protocol team independently worked together to mitigate around $ 157 million of stolen funds with a 71% recovery. This timely response underlines the significance of joint initiatives in offsetting the effect of such hacks.
Other Signified Incidents in May
Apart from the Cetus Protocol, numerous other platforms suffered heavy losses:
- Cork Protocol: Lost $12 million in another exploit.
- MBU Token: Lost $2.2 million to a breach.
- MapleStory Universe: Lost $1.2 million to a security breach.
A separate cyberattack by North Korean-affiliated hackers produced $5.2 million in losses. The breach is consistent with existing fears regarding state-sponsored cyber attacks on the crypto space.
The Broader Context: A Year of High-Profile Hacks
While May’s losses were large, they are still a decline compared to previous months in 2025. The first quarter alone recorded over $1.63 billion worth of stolen cryptocurrencies. Incidents in January alone contributed over $87 million, while February saw the operation jump to $1.53 billion, most of which was because of the record-breaking Bybit attack.
The Bybit hack, which was the work of North Korea’s Lazarus Group, saw around $1.5 billion worth of Ethereum tokens stolen, making it one of the biggest crypto hacks in history. The attack highlights the growing levels of sophistication and audacity among state-sponsored hackers.
North Korea’s Continued Cyber Menace
The engagement of North Korea in cryptocurrency hacks has been increasing. In 2024, North Korea-linked hackers hacked more than $1.34 billion in 47 attacks, accounting for over 61% of the overall crypto worth hacked during the year. The Lazarus Group, a state-sponsored hacking group, has been attributed to various major hacks, such as the July 2024 WazirX exchange hack that saw a loss of $235 million.
These cyber activities are thought to finance North Korea’s ballistic and nuclear missile development in a way that evades international sanctions. The application of advanced techniques, like the utilization of deepfake AI technology for identity checks and the creation of bogus businesses to disperse malware, demonstrates the dynamic nature of these threats.
Industry Response and the Path Forward
The reaction of the crypto market to these issues has been varied. It has worked in a few instances with cooperation between platform validators, security companies, and cross-country law enforcers, as illustrated by the recovery of funds from the Cetus Protocol exploit.
But the recurring nature of these threats requires constant monitoring. Better security measures, frequent audits, and heightened user awareness are all key ingredients in strengthening the industry’s defense. In addition, global cooperation plays an integral role in countering state-sponsored cyber attacks and maintaining the integrity of the global financial system.
Conclusion
May 2025 came as a wake-up call to the inherent vulnerabilities of the fast-changing cryptocurrency ecosystem. Although the reduction in losses from earlier months holds out the promise of some hope, the prevalence of advance attacks, and especially those attributed to state actors such as North Korea, serves to emphasize the necessity for strong security and international cooperation. As the industry expands, so must its dedication to protecting digital assets from a constantly evolving variety of threat.
