Record $2.7 Billion Cryptocurrency Theft in 2025 Driven by North Korean Hackers | Ukraine news

In 2025, hackers and other cybercriminals seized about $2.7 billion in cryptocurrency – a record high in the history of crypto-asset-related breaches.

The largest incident was the attack on the cryptocurrency exchange Bybit, where attackers took about $1.4 billion. According to experts and the FBI, government hackers from North Korea are implicated in this malicious act – one of the most professional groups active in the crypto sphere lately.

Prior to that, the largest cryptocurrency thefts in 2022 were $624 million and $611 million during the Ronin Network and Poly Network breaches.

According to Chainalysis and TRM Labs, the total amount stolen in 2025 is estimated at $2.7 billion. Chainalysis also recorded an additional about $700k stolen from individual cryptocurrency wallets.

Key Events of the Year

De.Fi, a Web3 security company that maintains the REKT database, also tallies losses and breaches at about $2.7 billion for the previous year.

Of course, North Korean government hackers remained the most successful crypto thieves in 2025: according to Chainalysis and Elliptic they stole at least $2 billion, and the total since 2017 could exceed $6 billion. Such actions fund the country’s sanctioned nuclear and ballistic missile program.

Other serious incidents included the theft from the decentralized exchange Cetus of $223 million, an attack on the Balancer protocol with losses of about $128 million, and the hack of the Phemex exchange – attackers seized more than $73 million.

The trend shows no signs of stopping: in 2024, criminals stole $2.2 billion, and in 2023 – $2 billion. Experts forecast continued high activity of attacks on crypto infrastructure and DeFi projects in the future.

Lorenzo Franceschi-Bicchierai – senior TechCrunch journalist who specializes in breaches, cybersecurity, surveillance, and privacy.

You can reach Lorenzo at [email protected], send an encrypted message via Signal at +1 917 257 1382, or via the @lorenzofb account on Keybase/Telegram.

Experts emphasize: to strengthen protection, attention should be paid to smart-contract audits, asset monitoring, and bolstering cybersecurity on DeFi platforms, as the threat from malicious actors remains high.