MPC Gains Ground as $3.5B in Crypto Stolen in 2025

Generated by AI AgentMira SolanoReviewed byAInvest News Editorial Team
Tuesday, Dec 30, 2025 1:17 am ET2min read
BTC
--
Aime RobotAime Summary

- In 2025, crypto thefts reached $3.5B as attackers exploited weak security, phishing, and supply chain vulnerabilities, with insider threats causing nearly $1B in losses.

- Traditional cold storage failed to prevent breaches, prompting regulators to mandate Multi-Party Computation (MPC) for key management and zero-trust policies.

- Supply chain attacks like the $1.4B Bybit breach highlighted infrastructure risks, while AI-powered phishing and lateral intrusions exposed institutional custody flaws.

- Industry responses included protocol-level asset freezes and threat intelligence sharing, as attackers focused on fewer, higher-value targets with 66.6% increased average losses.

In 2025, crypto thefts totaled $3.5 billion as attackers exploited weak security and phishing vulnerabilities. A new report from SQHWYD GLOBAL advisor Gideon Cohen outlines the failure of traditional "cold storage" methods and highlights the growing sophistication of cyber threats. The year was marked by high-profile breaches, with supply chain attacks and insider threats emerging as dominant vectors of loss

according to the report
.

The rise in AI-powered phishing scams and lateral network intrusions exposed critical weaknesses in institutional custody models. Insurers and regulators responded by pushing for Multi-Party Computation (MPC) as a standard for key management.

According to Cohen
, traditional security measures failed to address insider coercion and advanced social engineering tactics.

Meanwhile, supply chain attacks became the most damaging threat in the crypto space. The Bybit hack, in which attackers compromised a third-party wallet provider, cost over $1.4 billion and signaled a strategic shift toward targeting foundational infrastructure.

As the industry struggled to contain losses
, blockchain security firms reported a 37% year-over-year increase in total stolen value.

The Failure of Legacy Security Models

Cohen's report dissects the anatomy of 2025's major breaches and highlights the inadequacy of perimeter-based security. Over 60% of exchange hacks involved the compromise of static private keys stored in traditional "cold" or "warm" environments. The report argues that physical vaults alone cannot prevent digital theft, especially when insiders or phishing scams bypass physical barriers

according to the report
.

CertiK's 2025 Skynet Hack3D report echoed these findings, noting that while the number of crypto-related security incidents dropped, the average loss per incident increased by 66.6%. This shift indicated that attackers were focusing on fewer but higher-value targets.

The Bybit breach, for example, involved a supply chain compromise rather than a direct code vulnerability,
demonstrating the growing complexity of modern cyberattacks
.

The Rise of MPC and Zero Trust

As insurers and regulators moved to close security gaps, Multi-Party Computation (MPC) emerged as a new industry standard. The technology splits cryptographic keys into multiple "shards," requiring coordination across multiple systems to execute a transaction. This architecture eliminates the single point of failure that plagued the sector in previous years

according to the report
.

Cohen argues that MPC is no longer optional for institutional players but rather a requirement for doing business. In 2025, major insurance providers began mandating its use as a condition for coverage. This shift reflected a broader understanding that single-key systems were too risky to support the growing scale of crypto operations

according to the report
.

At the same time, the threat of insider attacks forced firms to adopt Zero Trust policies. Nearly $1 billion in losses in 2025 were attributed to insider threats, including cases where developers failed to revoke access during offboarding. As a response, firms began implementing Policy Engines and Role-Based Access Controls to reduce internal vulnerabilities

according to Cointelegraph
.

Looking Ahead: Supply Chains and AI

The 2025 security landscape was also shaped by the growing use of artificial intelligence in phishing and social engineering attacks. Hacken's 2025 report noted that while the number of crypto-related security incidents dropped, the average loss per incident increased by 66.6%. This shift indicated that attackers were focusing on fewer but higher-value targets. The Bybit breach, for example, involved a supply chain compromise rather than a direct code vulnerability,

demonstrating the growing complexity of modern cyberattacks
.

In response, firms are exploring new ways to mitigate these risks. Some exchanges have introduced protocol-level freezing capabilities, allowing them to block the movement of stolen assets. While controversial, these measures are seen as necessary in the face of increasingly sophisticated attacks. Others are turning to industry-wide coordination initiatives, like SEAL 911, to improve threat intelligence sharing

according to Bitcoin News
.

As the year ended, the crypto industry faced a stark reality: in 2025, security was not just about protecting digital assets but about rethinking the entire threat landscape. With North Korea-linked clusters responsible for over half of all losses and AI-driven attacks becoming more common,

the need for proactive and adaptive defenses has never been greater
.