1 day ago
12
Crypto hacks surged to record levels in the first quarter of 2025, with losses surpassing $1.6 billion, according to fresh data from blockchain security firm Immunefi.
This marks the worst quarter on record for the digital assets industry in terms of security breaches, eclipsing the $706 million lost in the same period last year.
Most of these losses stemmed from two major attacks targeting centralised exchanges—Bybit and Phemex—underscoring vulnerabilities in platforms often perceived as more secure.
Centralised platforms took 94% of Q1 losses
Of the total $1.6 billion lost to hacks in Q1 2025, Immunefi’s data reveals that 94% came from breaches of centralised exchanges.
Bybit alone was hit with a $1.46 billion exploit, while Phemex suffered an attack totalling $69.1 million.
Combined, these two incidents made up $1.52 billion in losses, accounting for nearly all of the damage during the quarter.
In contrast, decentralised finance (DeFi) protocols accounted for just 6% of the quarter’s total losses.
While DeFi has often been criticised for its security weaknesses, Q1 data reflects a significant shift in the risk landscape, with centralised platforms now appearing to be more frequent targets.
BNB Chain hit 19 times, Ethereum 15
According to data from blockchain analytics firm PeckShield, Binance’s BNB Chain (formerly Binance Smart Chain) was the most exploited blockchain network during the quarter, with 19 recorded incidents.
#PeckShieldAlert Q1 2025 witnessed 60+ crypto hacks, resulting in total losses of $1.63B, a YoY increase of 131% compared to $706M in Q1 2024. March 2025 recorded 20 crypto hacks, resulting in $33.46M in losses, including a $5M hack affecting #1inch, which was 90% recovered.
Ethereum followed with 15 separate exploits.
The data supports the idea that larger and more widely used networks are attracting more attention from hackers, possibly due to the sheer volume of assets and activity they host.
These incidents range from smart contract vulnerabilities to targeted phishing and infrastructure weaknesses.
March saw 20 hacks, $33 million lost
March 2025 alone recorded 20 separate crypto hacks, leading to $33.46 million in total losses.
Among the largest of these incidents was a $13 million exploit involving the decentralised borrowing protocol Abracadabra.money.
Another notable case was the $8.32 million hack affecting Zoth, a blockchain-based financial ecosystem.
March also saw a hack on ZkLend, a StarkNet-based DeFi lender, adding to the growing list of affected projects and highlighting risks in zero-knowledge ecosystems.
These smaller-scale attacks may seem negligible in comparison to the Bybit and Phemex breaches, but together they contributed to a growing tally of incidents targeting digital assets this year.
They also reflect the persistent background threat that affects a wide range of protocols, regardless of size or popularity.
State-backed actors may be involved
Immunefi analysts highlighted the potential involvement of state-backed hacking groups in the Bybit and Phemex breaches.
The ability of attackers to breach “battle-tested” platforms has raised concerns across the industry.
While no government-linked entity has been officially named, experts suggest the scale and sophistication of these attacks may point to actors with substantial resources and technical capability.
The emphasis now is on improving end-to-end security for crypto platforms, especially centralised exchanges.
Industry stakeholders are increasingly under pressure to deploy measures that go beyond standard protection tools, as attackers continue to bypass traditional safeguards.
The post Crypto hacks hit $1.6B in Q1 2025: Bybit, Phemex among biggest victims appeared first on Invezz
English (US) ·