2025's Biggest Crypto Security Incidents: Exchange Breaches, DeFi Exploits, and What We Learned

Source: CryptoNewsNet Original Title: 2025’s biggest crypto hacks: From exchange breaches to DeFi exploits Original Link:

Centralized Exchanges Plundered

2025 delivered no shortage of crypto hacks and scams. Around $4 billion was lost in total, a 37% increase on 2024’s total, with over half linked to North Korean actors, according to blockchain security firm Hacken.

Far and away the year’s biggest loss was February’s major exchange hack. Over $1.4 billion of crypto assets were drained after one of its cold wallets was compromised. The hack was later attributed to North Korean hackers’ crypto-focused campaign dubbed “TraderTraitor.”

After compromising a Safe Wallet developer machine, the hackers disguised malicious transactions presented to the exchange team, to take control of the wallet.

In response to the “blind signing” problem facing multisig operators, hardware wallet manufacturer Ledger introduced a new “clear signing” feature. However, the announcement was met with backlash after the “free” security upgrade turned out not to be free at all.

TRM Labs sees this as part of a shifting trend in North Korea’s “industrialization of infrastructure attacks.” The focus appears to have moved from targeting bridges (2021-2022) to service providers (2023-2024) to “CEX Mega-Heists” (2024-2025).

Other centralized exchanges hacked in 2025 include several major platforms losing significant sums: $41 million in September, $30 million in November, $44 million, $14 million, $27 million, $49 million, and $11.5 million respectively.

June’s politically-motivated hack of Iranian exchange Nobitex stood out, when the stolen $90 million was sent to irrecoverable addresses containing anti-Iranian messages.

DeFi Platforms Hacked

The year also saw significant hacks on DeFi projects, though with lower severity and frequency than previous years.

The most serious incident came in November, when Balancer’s v2 pools were exploited for $129 million. In addition to the large loss, the hack was surprising in that it came a full five years after the pools were launched.

Balancer wasn’t the only legacy DeFi protocol hit this year. December saw a trio of hacks on Ribbon Finance, Rari Capital, and iEarn Finance, with some suspecting an AI-assisted hacking spree worth around $5 million.

Yearn Finance was hit by a $9 million hack, though $2.4 million was recovered, and it later disclosed a malfunction in one of its vaults.

Two hacks also hit Abracadabra in March ($13 million) and October ($1.7 million), while Zoth lost a total of $8.7 million in March. A $42 million hack of GMX had USDC’s issuer Circle catching criticism over its failure to freeze funds, and an $11 million hack of blockchain bridge Garden was dubbed “DeFi karma.”

One hacker showed particular flair, sending stolen ether to a crypto mixer developer’s defense fund after taunting auditors on-chain.

Phishing and Social Engineering

A monster $27 million loss initially caused worries of a large-scale hack of Venus Protocol in July. However, the transaction turned out to be a single whale who had fallen victim to a phishing scam.

There were more reminders that even experienced experts sometimes get hooked, as crypto veteran Jill Gunter was drained and the UXLINK hacker lost their loot to phishing.

Disaster also struck another major hacker who was phished for $9.5 million after reportedly using a malicious front-end for a crypto mixer. Another user recently lost $2.3 million, seemingly to the same issue.

Shortly before Christmas, a mammoth address poisoning scam saw a victim lose $50 million of USDT.

Despite all the bad news, some light relief came in September when what was dubbed “likely the largest supply chain attack in history,” managed to steal just $0.05.

DeFi Drama and Governance Issues

Hacks and scams aside, there were plenty of other dramas played out on the DeFi stage.

The collapse of intertwined yield vaults, precipitated by Stream Finance, saw hundreds of millions evaporate as the “daisy chain” unraveled. The fallout saw many of the firms involved go quiet or opt for threatening users seeking answers.

DAO debates heated up, with major protocols squabbling over governance rights and treasury management disputes.

After almost three years in regulatory limbo, sanctions on a crypto mixer were lifted in March. This didn’t help one developer, however, who was convicted four months later despite dubious evidence from the prosecution.

Developers of another mixer pled guilty in July but are now seeking a presidential pardon.

Key Lessons: Where We Stand

The year’s largest exchange hack, in its complexity and level of preparation needed, showed that crypto’s weakest link is humans, not code. A need for clear, tamper-proof signing methods remains a crucial space to improve, both for teams and individuals.

The willingness of politically-motivated actors to target foreign exchanges demonstrates an additional, geopolitical danger to traders.

Maturing codebases also proved their worth in that many of the year’s DeFi hacks were on legacy protocols. After years being plagued by hackers, perhaps developers are learning to avoid the pitfalls of previous incidents.

We also saw that a less stringent regulatory environment has led to increased confidence. After years of operating cautiously, major DeFi projects are now reconsolidating and targeting mainstream audiences.