Crypto Hacks Netted Nearly $3B In 2026: NordVPN

According to the data collected by Slowmist, cybercriminals stole nearly $3 billion in crypto hacks and scams in 2025. Researchers recorded a total of 202 hack events, of which one was responsible for almost half of all losses. In February, a large-scale outflow of funds from the ByBit exchange platform resulted in the theft of over $1.46 billion.

Criminals hacked one of ByBit’s suppliers to secretly alter the digital wallet address to which 401,000 Ethereum cryptocurrency coins were being sent. ByBit thought it was transferring the funds to its own digital wallet, but instead, it sent all the funds to the hackers.

The Ethereum ecosystem was the most targeted among all categories, suffering 33 hacks and scams that resulted in $245 million in losses. Hacks on the Binance Smart Chain (BSC) ecosystem were the second most popular, with 25 events that stole $20 million worth of cryptocurrency.

“Crypto is ideal for cybercriminals because transactions are irreversible and nearly anonymous,” said Marijus Briedis, chief technology officer at NordVPN. “There’s no bank to freeze funds, no chargebacks, and assets quickly vanish through mixers or decentralized platforms. For hackers, it’s the perfect heist: high reward, low traceability, and victims often lack legal recourse.”

How cybercriminals steal crypto

According to the FBI, cryptocurrency fraud accounts for 50% of all financial fraud losses. Cybercriminals target individual crypto holders with malware that takes over transactions. These attacks often begin with phishing emails, infected downloads from unofficial sites, malicious ads, or compromised websites.

A particularly effective tool is “clipper” malware, which monitors a victim’s clipboard and automatically replaces copied wallet addresses with ones the hackers control. Users often copy and paste wallet addresses due to their complexity, unknowingly sending funds to criminals.

Infostealer malware is an even bigger threat. It targets browsers and crypto wallets to steal credentials and sensitive data. Once installed, it works quietly in the background, collecting wallet information and sending it to attackers. In 2025, infostealers led to record levels of ransomware and identity-based breaches and we expect it to be an even bigger issue this year.

Tips to protect crypto

Protecting your cryptocurrency requires proactive action. Use only reputable exchanges and wallets with a proven record. Always enable two-factor authentication and create strong, unique passwords for every account. Stay alert for unsolicited messages and offers, and never send cryptocurrency to unknown sources.

Always verify wallet addresses before sending any cryptocurrency. Copy and paste addresses, then check if the pasted address matches the original. Test with a small transaction first to confirm the address is correct and to spot any clipboard malware.

“That’s why we’ve added a crypto wallet address checker to Threat Protection Pro,” said Briedis. “As you browse, the tool scans page content locally on your device. It identifies cryptocurrency wallet addresses and checks if they’ve been linked to fraud, phishing, or scams. If an address is flagged as dangerous, you’ll see a warning before making a mistake. Only the wallet address is sent for verification, never your personal information or browsing history.”