Crypto Hacks Surge 303.38% in Q1 2025, $1.67 Billion Stolen

The first quarter of 2025 saw significant changes in the cryptocurrency landscape, marked by new regulations such as the U.S. Strategic Cryptocurrency Reserve and the SEC’s Crypto Task Force. The EU also made strides with its MiCA rules, aimed at enhancing the safety and regulation of cryptocurrencies. However, despite these regulatory efforts, the quarter witnessed a surge in crypto hacks and scams, resulting in substantial losses and raising serious concerns about security within the industry.

According to CertiK’s Web3 security quarterly report, Hack3d, for Q1 2025, over $1.67 billion was stolen across 197 incidents. This represents a staggering 303.38% increase in losses compared to the previous quarter and exceeds two-thirds of the total losses recorded in 2024. The most significant incident was the Bybit exploit, which accounted for $1.45 billion of the total losses. This breach highlighted the vulnerabilities of centralized exchanges and prompted calls for stronger security measures from regulators and security experts.

CertiK Co-Founder Ronghui Gu emphasized the need for enhanced security strategies within the blockchain industry. He noted that the Bybit breach served as a major wake-up call, underscoring the importance of viewing security as a shared responsibility rather than just a competitive advantage. Gu stressed that protecting the ecosystem requires thorough code audits, constant monitoring, clear incident response plans, vulnerability assessments, and employee training.

Following the Bybit exploit, other notable incidents included Phemex, which lost $71.7 million, 0xInfini with $49.5 million, and MIM Spell at $12.9 million. Most of these losses were due to wallet compromises, with private key hacks causing $142.4 million in damage across 15 incidents. Code vulnerabilities led to $47.1 million in losses from 68 separate exploits, while phishing attacks accounted for $15.8 million stolen in 81 incidents. Only 0.38% of the stolen funds were recovered, a sharp drop from 42.09% in the previous quarter. In February 2025, no stolen funds were returned at all.

Ethereum remained the top target for crypto hacks, with $1.54 billion stolen across 98 incidents. Its dominance in DeFi and smart contracts makes it a prime target for attackers, who are increasingly using tactics like social engineering, artificial intelligence, and contract manipulation to bypass security measures. CertiK’s experts warn that as more people adopt crypto and asset values rise, crypto theft is likely to continue increasing.

In addition to the Bybit exploit, the zkLend exploit targeted a Starknet-based lending platform, resulting in the theft of 2,930 ETH, valued at approximately $9.6 million. However, the hacker behind this exploit lost the entire stolen amount to a phishing scam. The attacker mistakenly deposited the funds into a fake version of Tornado Cash, a popular crypto mixer, only to have the funds instantly drained. This incident highlights the growing trend of even sophisticated cybercriminals falling victim to scams within the same ecosystem they exploit.

The zkLend breach was part of a broader trend of increased crypto thefts in the first quarter of 2025. The first three months of the year marked the worst quarter in crypto security history, with a total of $1.64 billion stolen across various platforms. Decentralized finance (DeFi) protocols accounted for $106.8 million across 38 incidents, while Ethereum and BNB Chain were the top two targets. Centralized platforms, although hit only twice, accounted for the vast majority of losses, with $1.5 billion stolen.

The zkLend exploit alone saw 2,930 ETH siphoned off in a targeted smart contract attack. The loss of this ETH, currently valued at around $9.6 million, makes the phishing blunder a significant moment in crypto theft history. It not only erased the stolen funds but also highlighted vulnerabilities from both attackers and victims in the DeFi ecosystem. The attacker’s failed laundering attempt sheds light on a newer layer of risk: fake versions of legitimate crypto tools. As security protocols ramp up to recover hacked assets, phishing sites are now capturing stolen funds before they can even be laundered.

This trend raises broader concerns about the ecosystem’s security. Even experienced hackers using advanced methods are being deceived by convincingly spoofed tools. It also complicates efforts for law enforcement and recovery experts, as the destination addresses of phishing sites often vanish without a trace or are controlled by unknown operators. With losses mounting, industry analysts are urging DeFi protocols and crypto users alike to improve operational security. The zkLend case adds to the mounting list of cautionary tales emerging from an already record-breaking quarter for crypto exploits.