Report: $3.01B Stolen in H1 2025, CEXs Account for 54.26% of Laundering

Generated by AI AgentCoin World
Friday, Jul 25, 2025 4:53 pm ET2min read
ETH
--
Aime RobotAime Summary

- Global Ledger report reveals $3.01B stolen via 119 crypto hacks in H1 2025, with 54.26% of losses traced to centralized exchanges (CEXs).

- Attackers launder funds within 24 hours, exploiting AI vulnerabilities and protocol flaws, often completing laundering before breaches are publicly disclosed.

- CEXs face 10–15 minute windows to block suspicious transactions, highlighting systemic risks as real-time attacks outpace traditional compliance systems.

- High-profile breaches like CoinDCX ($44.2M) and Munchables ($290M) underscore urgent need for automated monitoring and regulatory upgrades like the U.S. Genius Act.

A new report from Swiss blockchain analytics firm Global Ledger highlights the escalating threat of real-time crypto laundering and systemic vulnerabilities in centralized exchanges (CEXs). The firm revealed that over $3.01 billion was stolen across 119 crypto hacks in the first half of 2025, marking a significant increase compared to the previous year’s total. The report underscores not only the scale of theft but also the unprecedented speed at which attackers launder stolen assets. Researchers found that laundering often occurs within minutes of a breach, frequently before victims or authorities are even aware of the incident [1].

The analysis tracked the movement of funds through mixers, bridges, and CEXs, mapping the time between the initial hack and the final laundering endpoint. In nearly 23% of cases, the entire laundering process was completed before the breach became public. For many others, funds were already in motion by the time victims realized they had been compromised. The report notes that attackers typically gain a 20-hour head start, as laundering is often finalized within 24 hours, while public disclosures take an average of 37 hours [1].

Centralized exchanges emerged as the most critical entry points for laundered funds, accounting for 54.26% of total losses in 2025. Compliance teams at CEXs face immense pressure, with only 10–15 minutes to block suspicious transactions before funds are lost. The report stresses that traditional, ticket-based compliance processes are no longer sufficient to counter the speed of modern attacks. Instead, exchanges must adopt real-time, automated monitoring systems capable of detecting and halting illicit activity before it is fully laundered [1].

The urgency of these findings is underscored by recent high-profile incidents. The Hacken 2025 Half-Year Web3 Security Report, released July 24, corroborates the growing threat landscape, revealing that Web3 platforms lost $3.1 billion in H1 2025—surpassing 2024’s total. Access control failures accounted for $1.83 billion of these losses, while phishing and social engineering attacks claimed $600 million. Notably, a 1,025% surge in AI-related exploits was attributed to vulnerabilities in API design and AI inference layers [2].

The CoinDCX hack in July 2025, which resulted in $44.2 million in losses, exemplifies CEX vulnerabilities. Attackers bypassed user wallets by exploiting backend infrastructure, exposing architectural weaknesses. This aligns with broader trends, as access control flaws and protocol design errors continue to be exploited. Other major breaches, including the $290 million Munchables incident and the $136 million Pike Finance attacks, further illustrate the sector’s vulnerability [2].

AI-driven exploits have compounded the complexity of cyberattacks. Insecure AI implementations, such as weak input validation and improper access restrictions, have created new avenues for attackers.

Ethereum
was the most targeted chain, accounting for 61.4% of losses, followed by BNB Chain and Arbitrum. DeFi protocols, responsible for nearly 70% of incidents, face distinct challenges compared to CeFi, where fewer but larger breaches occur [2].

The reports collectively emphasize the need for systemic security improvements. Hacken advocates for continuous monitoring and automated defense systems, arguing that traditional auditing methods are ill-suited for the complexity of Web3 ecosystems. Yevheniia Broshevan, co-founder of Hacken, warned that as blockchain scales for enterprise use, cybersecurity must evolve from an afterthought to a core operational function [2].

Regulatory developments, such as the U.S. Genius Act, further pressure exchanges to adhere to stricter AML standards and faster response times. Meanwhile, the ongoing trial of Tornado Cash developer Roman Storm highlights shifting regulatory expectations. Prosecutors argue that platforms must proactively prevent illicit use, even if it challenges innovation in open-source and privacy-focused tools [1].

Without systemic improvements in access controls, protocol design, and AI integration, the risks of real-time laundering and large-scale breaches are likely to persist. The convergence of AI-driven attacks and traditional threats has created a volatile environment, necessitating coordinated efforts between Web3 firms, regulators, and cybersecurity vendors to address overlapping vulnerabilities [2].

Sources:

[1] [Real-time crypto laundering exposes CEX vulnerabilities — Report] [https://cointelegraph.com/news/real-time-crypto-laundering-cex-vulnerabilities-report]

[2] [Hacken Report Flags $3.1B Web3 Meltdown] [https://t.co/6x8JDjkmJT]

[3] [Inside the $44M CoinDCX Hack] [https://www.ccn.com/education/crypto/coindcx-hack-44m-india-crypto-security-crisis-explained/]