Key Takeaways:
- Q1 2025 saw record-breaking crypto losses, totaling $1.64 billion across 40 incidents.
- North Korean hackers were responsible for 94% of the losses, targeting major centralized exchanges.
- Centralized platforms suffered the most, with Bybit and Phemex losing a combined $1.52 billion.
The crypto industry has experienced the worst quarter on record, with Q1 2025 recording losses valued at $1.64 billion due to hacks. The huge amount is a 4.7x increase from Q1 2024, when losses were valued at $348 million, according to the recent report by Immunefi.
Two major breaches contributed to the bulk of the losses: Bybit suffered a devastating $1.46 billion attack, while Phemex incurred losses of $69.1 million.
These attacks identify the vulnerabilities in centralized platforms, which, secure as they may be, remain top targets due to the vast amounts of capital they hold. Additionally, Web3 protocols currently hold almost $100B, drawing in cybercriminals who are taking advantage of exchange vulnerabilities.
North Korean Hackers Behind Massive Exchange Breaches
94% of this quarter’s cryptocurrency losses are attributed to the Lazarus Group, which masterminded the Bybit and Phemex hacks. Investigators have connected the two breaches, indicating sophisticated efforts to cover their tracks.
State-sponsored hackers more frequently target centralized exchanges to take full control of assets, making them ideal exploit targets.
The Lazarus Group being capable of breaching top-tier exchanges illustrates the dynamic nature of cyber threats. They use techniques that include taking advantage of security vulnerabilities, manipulating private keys, and conducting transactions using sophisticated laundering schemes.
As such attacks are on the rise and growing in sophistication, the cryptocurrency industry is facing mounting pressure to enhance its security protocol.
BNB Chain Leads in Crypto Breaches, Ethereum Follows Closely
A further trend in Q1 2025 was the asymmetrical impact on centralized finance (CeFi) platforms and decentralized finance (DeFi) protocols. DeFi suffered 38 incidents at a cost of $106.8 million in losses, while CeFi had only two attacks, but these accounted for 94% of total losses at $1.53 billion.
The numbers reflect a significant break from previous trends, where DeFi platforms had previously been more vulnerable due to smart contract vulnerabilities.
However, the scale of the Bybit and Phemex hacks has rearranged the risk profile, pointing out that centralized platforms, despite all their security guarantees, remain high-value targets.
The BNB Chain and Ethereum networks suffered the most, cumulatively accounting for 76% of all chain-related losses. The BNB Chain suffered 19 incidents that made up 44% of all losses, while Ethereum suffered 15 incidents that were responsible for 32%. Small yet notable breaches were experienced by other networks like Base, Optimism, and Arbitrum.
Related Reading | DeFi Protocol Linear Finance Abruptly Shuts Down After Binance Delisting and Financial Losses