2025 was an eventful year for crypto criminals, who made record bank off digital heists, but a disturbing new trend added real-world violence to this mix.
An end-of-the-year report from Chainalysis found that over $3.4 billion worth of digital assets was illegally obtained via hacks, exploits, and compromises in 2025. More than half of this sum ($2 billion) involved thefts organized by North Korea’s state-sponsored hacking operations, including the infamous Lazarus Group.
North Korea’s 2025 haul represented a 51% increase over the ~$1.34 billion that Kim Jong-un’s digital minions purloined in 2024. Much of 2025’s gain had to do with the single biggest heist of 2025: the February hack of South Korea’s Bybit exchange, which netted North Korea a whopping $1.5 billion. Lazarus was also fingered as the culprit behind the $30 million theft from South Korea’s Upbit exchange in November.
That $2 billion also marks a new annual record for the Hermit Kingdom’s thieving escapades. The total sum stolen over the years by North Korea now stands at $6.75 billion, much of which is subsequently laundered via cross-chain bridges, coin mixers, and “Chinese-language money movement and guarantee services.”
North Korea further widened its attack vectors through fraudulent installation of agents as remote IT workers for Western firms, allowing it to exploit companies from within. These efforts were aided by Western accomplices who provided ‘laptop farms’ that allowed the North Koreans to appear as if they operated from U.S. IP addresses.
North Korea recently took this digital chicanery one step further by acting as fraudulent IT recruiters, using the interview process to harvest credentials from Western tech-firm employees, then using the data to target the companies these individuals work for.
Major incidents for which North Korea can’t claim responsibility included the early-2025 exploit of the Coinbase (NASDAQ: COIN) exchange by members of the company’s India-based customer service team. Coinbase ultimately had to allocate up to $400 million to compensate customers whose personal data was stolen and sold online for use in social engineering scams.
A separate report from Certik found that, absent the Bybit hack, 2025 would have represented a decline in total funds lost compared with 2024. The median amount lost to exploits was also down more than one-third (35.75%) year-on-year.
But this just underscores the “dominant” trend that “attackers are concentrating resources into fewer, larger-scale operations that often involve cross-chain infrastructure, automation, and sophisticated algorithms.”
According to Certik’s data, supply chains proved the most costly attack vector in 2025, followed by phishing compromises and code vulnerabilities.
Back to the top ↑
Wrench attacks
Digital exploits are undeniably costly, but the latest crypto crime phenomenon is infinitely scarier in terms of its threat to real-world life and limb. We’re talking about ‘wrench attacks,’ the physical act of an individual being detained against their will and compelled to produce the private keys to their digital wallets and transfer their tokens to the perpetrators, or have their friends/family produce a ransom to secure their release.
The historic tendency of many HODLers to boast about the size of their bags on social media has boomeranged with a vengeance, effectively putting bullseyes on those unwise enough to advertise their digital wealth (real or feigned). While wrench attacks aren’t new, both the frequency and the severity of these attacks found another gear in 2025.
In January, David Balland, founder of the Ledger hard wallet, was kidnapped along with his partner in France before being rescued by police, unfortunately, not before the kidnappers cut off one of his fingers. That spring, the father of a crypto businessman was abducted (also in France) by individuals who similarly cut off his finger, video of which was sent to his son to compel a ransom payment.
These reports culminated this summer in a truly WTF episode in which an Italian national escaped a New York townhouse where he’d been held and tortured for two weeks. The torture reportedly involved everything from electric shocks to an electric chainsaw in an effort to get the victim to surrender his private keys.
As the year wound down, reports emerged of a crypto ‘investor’ being burned alive in Austria while a Russian couple was tortured and their bodies encased in concrete and dumped in an Arabian desert. In November, the New York Times estimated that there’d been 60 such attacks this year, convincing some crypto execs to take courses on how to prepare for the possibility.
All in all, it was a year of increasingly outlandish/ugly reports that led many people who ridiculed Coinbase for paying over $6 million a year to personally protect CEO Brian Armstrong to rethink their criticism.
Back to the top ↑
Sentence pronounced
This year has been marked by the wind-down of nearly all probes of crypto firms launched under the former leadership of the U.S. Securities and Exchange Commission (SEC). Basically, unless an existing case involved actual fraud, the SEC’s current leadership doesn’t appear to believe any crime has been committed.
Despite this imminent reversal of fortune, the Gemini digital asset operation run by Cameron and Tyler Winklevoss reached a $5 million settlement with the U.S. Commodity Futures Trading Commission (CFTC) in January. The Winklevii had been accused by the Biden-era CFTC of “making false or misleading statements of material facts” to the regulator regarding the twins’ pumping up the trading volume of their BTC-based exchange-traded product. While the settlement didn’t force the twins to admit their guilt, the settlement was clearly still sticking in their craw months later.
This year also saw a number of resolutions in criminal cases launched under the previous U.S. administration, including the OKX exchange reaching a $504 million settlement with the Department of Justice (DOJ) in February for operating an unlicensed money-transmitting business.
December brought the long-awaited reckoning of Terraform Labs’ principal, Do Kwon. Kwon got 15 years—three more than prosecutors asked for—for his role in the fraud that led to Terra’s 2022 collapse, and he could end up serving even more time once his separate South Korean prosecution concludes. It’s a small comfort to Kwon’s former customers, who collectively lost $40 billion, but hopefully seeing the formerly smug prick in an orange jumpsuit offers some resolution.
Another member of the crypto criminal class of 2022, Celsius Network founder Alex Mashinsky, was sentenced to 12 years in May. But this year’s other major court resolutions largely involved coin mixers, including Tornado Cash co-founder Roman Storm, who in August was found guilty of conspiracy to operate an unlicensed money transmitting business.
Storm has yet to be sentenced while he appeals his conviction, but Keonne Rodriguez and William Lonergan Hill, co-founders of rival mixer Samourai Wallet, were sentenced to five and four years, respectively, in November after pleading guilty this summer to the same charge Storm was found guilty of.
The judge told Rodriguez that he got the maximum possible sentence due in part to his unwillingness to accept responsibility for his crimes. That could spell bad news for Storm, given his ongoing efforts to deny any wrongdoing. But given President Trump’s recent comments about mulling a pardon for Rodriguez, the question of guilt or innocence may not matter much when the possibility of forgiveness lurks in the background.
Back to the top ↑
Pardon potpourri
Trump made a 2024 campaign pledge to pardon Ross Ulbricht, founder of the infamous Silk Road darkweb guns & drugs bazaar, and made good on that pledge shortly after his January inauguration. But few thought the crypto pardon floodgates would open so wide during his second presidency’s first year.
In March, Trump pardoned four execs from the BitMEX exchange, including co-founder Arthur Hayes, who pleaded guilty to violating the Bank Secrecy Act’s anti-money laundering rules in 2022. But Trump’s pardon broke new ground by pardoning BitMEX (the company) as well, freeing it from the responsibility of paying a $100 million fine a federal judge had imposed on the exchange two months earlier.
Trump’s biggest use of the pardon pen came in October, when Changpeng ‘CZ’ Zhao, founder of the Binance exchange, had his criminal history expunged. Questions over a potential quid pro quo between CZ/Binance and the Trump family’s decentralized finance (DeFi) project World Liberty Financial (WLF) weren’t helped by Trump’s subsequent claims that he didn’t know who CZ was.
Regardless, other crypto luminaries who were either already serving time or looking at the possibility of the same upped the volume of their own pardon requests. This included the truly Hail Mary pardon candidacy of Sam Bankman-Fried (SBF), the disgraced founder of the failed FTX exchange, whose chances of finding a pardon in his Christmas stocking would be a miracle on par with the virgin birth in that Bethlehem manger.
Also coming up shy on the pardon front is Roger Ver, who in October reached a deal with federal prosecutors on his mail fraud/tax evasion charges. Ver agreed to pay $50 million to secure his release from prison in Spain, where he’d been held since being arrested in May 2024. In January, Ver released a long-form video in which he shamelessly argued for a Trump pardon, but the plea apparently fell on deaf ears, possibly because he’d voluntarily surrendered his American citizenship a decade ago.
Back to the top ↑
Seized up
October saw the DOJ make the largest digital asset seizure on record when it announced it had taken control of digital wallets containing 127,217 BTC tokens worth ~$15 billion at the time. The wallets belonged to Chen ‘Vincent’ Zhi, founder of the Prince Holding Group, an entity responsible for one of the largest ‘pig butchering’ scam compounds in Southeast Asia.
The following month, the International Consortium of Investigative Journalists (ICIJ) released a report on crypto’s pivotal role in fueling the rise of pig butchering, which has increasingly targeted victims in Western countries.
Things got to a point that the DOJ, Federal Bureau of Investigation (FBI), and Secret Service formed a joint Scam Center Strike Force to target those who prey on Americans lured in by the scammers, while the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) severed the notorious Huione Group from the U.S. financial system. Interpol later adopted a resolution targeting operators of “cryptocurrency scams.”
About a month after the ICIJ report, Cambodia’s central bank finally revoked the license of the scam-linked Huione Group’s payment processing unit, which had been flagged by U.S. authorities as a crucial conduit for pig butchering scammers. The DoJ’s October seizure led to a ‘bank run’ on Huione Pay customer accounts, leading the company to freeze withdrawals.
Traditionally, this type of enforcement action has resembled a game of ‘whack-a-mole’ as the scammers relaunched their financial rails elsewhere under different names. Only time will tell if there’s any more lasting impact of these latest actions.
As if on cue, Wired just released a report on two Telegram-based pig butchering marketplaces “enabling close to $2 billion a month in money-laundering transactions.” The report quoted Ellilptic co-founder Tom Robinson saying “when you consider illicit use of crypto assets, there really isn’t anything larger right now.” Okay, but just wait till next year…
Back to the top ↑
Tirón de la alfombra
While Trump’s release of his $TRUMP memecoin just days before his inauguration earned him plenty of criticism for allegedly preying on the loyalties of the MAGA faithful, strictly speaking, he wasn’t doing anything illegal.
That’s not necessarily the case of Argentina’s President Javier Milei, who was linked to the rugpull of a memecoin he’d personally endorsed online just hours earlier. The $LIBRA token was launched by a group that included U.S. national Hayden Davis, and messages soon emerged in which Davis bragged of his connections to Milei’s family and his ability to tell the president what to do.
Davis was unrepentant about $LIBRA insiders profiting off retail suckers, and while Milei appeared to believe he could ride out the negative publicity, Argentina’s opposition politicians weren’t so keen to let him off the hook.
In November, an Argentine congressional committee issued a final report into the matter that found Milei “presumably provided indispensable cooperation for carrying out the scheme.” Milei’s failure to alert state oversight agencies of his involvement in the project “makes plausible the hypothesis that there was a deliberate intent to evade institutional controls.”
The report added that Milei’s sister (and chief of staff) Karina “facilitated the use of official national government facilities and granted the involved parties access to the president to carry out an act being investigated as an alleged fraud of international scope.”
Argentina’s judiciary is conducting its own probe into the matter, and it’s anyone’s guess where this buck might stop. But delays in getting these probes underway, coupled with the recent midterm elections that strengthened Milei’s allies in the legislature, suggest that impeachment is unlikely. Forget it, Jake… It’s Buenos Aires.
Back to the top ↑
Watch: What’s ahead for crypto regulation? Highlights from Blockchain Futurist Conference 2025
title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen=””>
Source: https://coingeek.com/2025-crypto-criminals-making-bank-while-cutting-off-fingers/
