The first six months of 2025, have to date, been a chaotic time for the crypto space. According to the mid year “Blockchain Security and AML Report” from SlowMist, crypto hackers have executed 121 attacks on DeFi, exchanges, and users resulting in historic losses, estimated to be about $2.373 billion. This report cracks open fresh insights into attack trends, response strategies, and emerging fraud tactics.
Incident Volume vs. Financial Damage
While the number of recorded crypto breaches has fallen—121 incidents in H1 2025 compared to 223 in H1 2024—the dollar losses have surged nearly 66% (from $1.43 billion to $2.37 billion).
- Ethereum took the lead among blockchain ecosystems, with losses around $38.6 million.
- Solana at $5.8 million and Binance Smart Chain at $5.49 million show that high liquidity draws hackers.
DeFi vs Centralized Exchanges
DeFi protocols were by far the most popular target (92 of 121 hacks) and collectively lost around $470 million, which was a 28.7% improvement over H1 2024, due to improvements in smart contract protection.
In contrast, centralized exchanges suffered fewer attacks (11 cases) but with devastating impact: about $1.883 billion stolen, largely due to one colossal breach.
The Record Breaking Bybit Breach
The standout attack happened on February 21, when Dubai based Bybit lost approximately $1.46 billion in a routine transfer that was manipulated during a multi signature cold wallet operation.
Blockchain analytics firms Elliptic and Arkham, along with the FBI, have attributed the theft to North Korea’s Lazarus Group. Bybit managed to re establish solvency through bridge loans and pledged to cover any shortfall.
Attack Vectors & Emerging Scams
- Account compromise led to 42 breaches, and smart contract flaws caused 35 more.
- New scams take advantage of EIP 7702 wallet delegation if phishing kits lure users to sign malicious permissions.
- Deepfake scams, complicated or advanced social engineering, and other malicious browser extensions made headlines too. Some of the operations even used a fake recruitment scheme that used clips of legitimate wallets, and a Telegram based clipboard attacker to mislead users and steal coins.
Recovery Efforts & Regulation
On the bright side, there were notable defensive strides:
- Tether froze 209 USDT ERC 20 addresses, Circle froze 44 USDC addresses.
- Around $270 million—11.4% of stolen funds—was frozen or recovered across nine cases.
- SlowMist’s InMist Lab helped recover $14.56 million and played a key role in retrieving $8.44 million in the KiloEx case within 3½ days.
From a regulatory perspective:
- The United States passed the GENIUS Act, Hong Kong applied stablecoin regulations, and the European Union imposed greater AML (anti-money laundering) regulations prohibiting anonymous accounts.
What lies ahead?
As losses have exceeded unprecedented amounts, security is still the weakness in crypto’s growth story. While DeFi’s updated rails are a sign of relief, the massive Bybit hack underscored that centralized infrastructure is frequently one point of failure. As regulation persists globally and recovery tools continue to improve, one thing is for certain: prevention is far better than cure.
It’s high stakes for the ecosystem, but it must strike a balance between continued innovation and comprehensive security. Otherwise, the next $1 billion hack may already be in the making.
