2025 marked the worst year on record for crypto security, with total losses from hacks, scams, and exploits surpassing $4.04 billion, according to data published by PeckShield. The figure represents a 34.2% increase compared with the $3.01 billion lost in 2024, highlighting a sharp deterioration in the industry’s threat landscape. PeckShield attributed the surge to systemic weaknesses in centralized infrastructure and a clear tactical shift toward targeted social engineering, rather than broad, low-effort attacks.
Hacks Still Dominate, but Scams Are Catching Up
The breakdown of losses shows that crypto hacks remained the largest contributor, accounting for $2.67 billion, up roughly 24% year over year.
However, scams and phishing-related attacks grew even faster, reaching $1.37 billion, a 64% increase from 2024.
While the number of scam incidents rose, PeckShield noted that attackers increasingly focused on high-value individual targets, driving a higher average loss per incident. This shift reflects more sophisticated social engineering campaigns rather than mass-market fraud.
Centralized Exchanges Become Primary Targets
A major structural change emerged in 2025: attackers pivoted away from DeFi toward centralized exchanges (CEXs) and large organizations. Losses linked to centralized entities surged to 75% of total value stolen, up from 46% in 2024. This transition was driven by:
- •Supply-chain attacks
- •Compromised private keys
- •Exploits targeting custodial infrastructure
Among all incidents, the Bybit exploit stood out as the single largest hack in crypto history, accounting for $1.5 billion in losses during February alone. That month marked the most severe spike of the year, with $1.51 billion stolen across just 20 incidents.
Ethereum Bears the Largest Financial Damage
In terms of blockchains targeted, BNB Chain recorded the highest number of incidents, representing 29.2% of all attacks. However, Ethereum absorbed the bulk of the financial damage, accounting for 69% of total value lost, largely due to its role in hosting high-value institutional targets. PeckShield also flagged Sui (SUI) as an emerging target, signaling potential future concentration of attacks beyond the dominant chains.
Recovery Rates Decline as Laundering Accelerates
Despite law enforcement and industry efforts, recovery outcomes worsened in 2025. Only $334.9 million worth of stolen crypto was recovered or frozen, down significantly from $488.5 million in 2024. At the same time, tracked laundering linked to exploits reached $1.49 billion, a 14.6% increase year over year. PeckShield noted that this rise was driven by a higher concentration of large-scale hacks, with laundering conversion rates exceeding 60% for major incidents.
A Structural Warning for the Industry
PeckShield’s data paints a clear picture: crypto crime in 2025 was not just larger, but more strategic. Attackers increasingly favored fewer, higher-impact operations, targeting centralized infrastructure and exploiting human vulnerabilities rather than smart contract flaws alone. As the industry enters 2026, the report underscores a growing need for:
- •Stronger custody controls
- •Enhanced key management
- •Better user-side security education
- •Improved real-time monitoring of laundering flows
Without structural changes, the trend suggests that financial losses could continue to scale faster than security defenses.