Crypto theft reached $3.4B in 2025 with actors linked to North Korea driving record losses and evolving attack patterns, says Chainalysis.

A Big Year for Crypto Theft

The blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Read this Term intelligence firm Chainalysis’s 2026 Crypto Crime Report, a preview of which you can see here, reveals a stark picture of cryptocurrency theft in 2025. According to the report, more than $3.4 billion worth of digital assets were stolen from January through early December 2025, continuing an alarming trend of high-value thefts in the crypto space.

This figure incorporates an unusual pattern: a few extraordinarily large breaches account for the majority of losses, rather than countless small hacks. The top three hacks alone made up 69 percent of total stolen funds.

North Korea: Dominant Threat Actor

The Democratic People’s Republic of Korea (DPRK) stands out as the most significant state-linked threat in the report. North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025, a 51 percent year-over-year increase from 2024, despite carrying out fewer overall attacks than in previous years.

That massive haul has pushed the lower-bound estimate of total DPRK-linked stolen crypto to an astonishing $6.75 billion over time.

The report suggests that these actors are focusing on high-impact, high-value targets and using sophisticated methods to access privileged systems inside exchanges and custodial services. Techniques have evolved beyond traditional breaches to include social engineering and impersonation of recruiters at major web3 and AI firms, giving attackers ways to harvest critical credentials.

• UK Moves to Regulate Crypto by 2027 After FCA Sought Public Feedback on Oversight
• Ondo’s SEC Clearance Comes as European Tokenized Stocks Advance via Bitget
• Prosecutors Seek Twelve Years for Do Kwon in Terraform Collapse; Defense Seeks Five

Not Just Big Services, But Personal Wallet Targets Too

While institutional and exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term hacks account for most of the dollar value stolen, there is a notable rise in personal wallet compromises. Chainalysis estimates more than 158,000 theft incidents involving individual wallets in 2025, impacting roughly 80,000 unique victims.

Interestingly, even though the number of compromised personal accounts has spiked, the total value stolen from these individual incidents is lower than in previous years, suggesting attackers are targeting many users for smaller amounts rather than a few for big scores.

This shift could reflect broader adoption of crypto wallets, meaning more potential victims, but also possibly better security practices at major platforms that deter large-scale exploitation.

Large Hacks Are Still the Main Drivers

Despite more incidents overall, a small number of catastrophic hacks drive the lion’s share of losses. For example, early in 2025, a major breach at Bybit, now attributed to North Korean actors, resulted in a haul of around $1.5 billion, making it one of the largest single thefts in crypto history. Officials also dismantled a EUR 700 million fraud ring operating across Europe just this month.

Such high-value thefts skew the industry’s crime landscape. The report notes that the ratio between the largest hack and the median stolen amount has now exceeded 1,000 to 1, underlining how a handful of outliers can dictate annual totals.

These massive breaches also shape broader trends. Centralized platforms, despite their professional security teams, remain vulnerable to private key compromises, and when these attacks succeed, they generate disproportionate losses compared with smaller, decentralized finance (DeFi) hacks.

What This Means for Crypto Security

Evolving Attack Strategies

The 2026 Crypto Crime Report highlights how threat actors are adapting and innovating. Instead of merely exploiting technical bugs, attackers are increasingly leveraging human-targeted tactics, such as impersonation and social engineering to gain privileged access.

Particularly concerning is the possibility that hackers may embed themselves within organizations or pose as potential partners to gain deeper entry into infrastructure systems, a trend that could outpace traditional defensive measures.

Bigger Targets, Bigger Impact

The concentration of losses in a few breaches suggests that platform security remains a weak link. Large exchanges and custodians, where vast sums of assets are aggregated, present attractive targets. Their compromise can ripple across markets and shake investor confidence.

That said, the divergence in DeFi, where hack losses have remained comparatively lower even as total value locked rises, may indicate improved defensive practices in some parts of the ecosystem.

Looking Ahead

Chainalysis’s findings paint a complex picture for 2026 and beyond. With attackers capable of inflicting enormous damage in a single incident, the industry will need to double down on robust security, compliance, and threat intelligence to stave off further losses.

At the same time, the rise in personal wallet compromises underscores the need for better education and individual security practices, as users increasingly manage their own keys and assets in a decentralized world.

In a space prized for innovation, the battle against theft and hacking remains a persistent and evolving challenge, one that demands coordinated defenses, smarter protocols, and industry-wide vigilance.