Crypto Hacks Drained $1.5B in 2024 — 2025 Is Already Worse

Crypto hacks drained nearly $1.5 billion from the industry in 2024 across 232 separate incidents, according to Immunefi’s annual report. That figure represented a 17% decline from the $1.8 billion lost in 2023. But the improvement was short-lived: by the end of Q1 2025, losses had already blown past the entire 2024 total, driven by the largest single hack in crypto history.

$1.5 Billion Stolen in 2024: Two Hacks Drove More Than a Third of All Losses

The $1,495,487,055 in total 2024 losses was spread across hundreds of incidents, but two exchange breaches accounted for a disproportionate share. Japan’s DMM Bitcoin lost $305 million in a May 2024 hack, while India’s WazirX suffered a $235 million breach in July. Together, those two incidents represented 36% of the year’s total.

Hacking, not fraud, was the dominant threat vector. Exploits accounted for 98.1% of all losses ($1.47 billion), while scams and rug pulls made up just 1.9%. Q2 2024 was the worst quarter, with $572.7 million stolen, a 115.7% increase over Q2 2023. May alone saw $358.5 million drained.

The most striking structural shift in 2024 was the divergence between centralized and decentralized finance. CeFi losses surged 77.5% year-over-year to $726.2 million across just 11 incidents, meaning each CeFi breach averaged roughly $66 million. DeFi losses, by contrast, fell 44.8% to $769.3 million, but were spread across 221 incidents.

That split matters. DeFi protocols were hit more often but for smaller amounts, suggesting that improved smart contract auditing and security practices are having an effect. CeFi platforms, which hold larger concentrated pools of user funds, became higher-value targets with fewer but far more damaging breaches. For investors weighing custodial risk, the data suggests that exchange security has not kept pace with the threat landscape, even as broader regulatory scrutiny of banks and financial institutions, including eased capital requirements for large banks, continues to evolve.

2025 Surpassed 2024’s Total Before the Year Was Half Over

In February 2025, a single incident rewrote the record books. Bybit, one of the world’s largest crypto exchanges, lost approximately $1.4 billion in what blockchain forensics firms and the FBI attributed to North Korea’s Lazarus Group. It was the largest crypto hack ever recorded, surpassing every prior incident by a wide margin.

The Bybit breach alone nearly matched the entire 2024 industry total. By the end of Q1 2025, cumulative losses had reached $1.64 billion, already exceeding the full-year 2024 figure. By April 2025, Immunefi data showed $1.7 billion in total losses, four times higher year-over-year and 14% above the full 2024 total.

Ethereum and BNB Chain together accounted for roughly 60% of total chain-level losses in 2025, reflecting both the concentration of DeFi activity and the scale of assets held on those networks. The acceleration in losses has contributed to a sharp deterioration in market sentiment, with the ongoing regulatory debate around crypto yield products adding further uncertainty.

The Fear & Greed Index sat at 23 (Extreme Fear) as of mid-March 2026, reflecting lingering investor anxiety from the scale of 2025 breaches. The Bybit hack, in particular, reignited debates about whether centralized exchanges can be trusted with large-scale custody, a question that extends into the growing institutional push around products like spot Bitcoin ETFs.

State-Sponsored Hackers and Social Engineering Are Changing the Threat Model

The Bybit attack was not a smart contract exploit. Reports indicate the breach involved manipulation of front-end signing interfaces, a social engineering vector that bypasses traditional cold storage protections. This represents a fundamental shift from the protocol-level exploits that defined earlier DeFi hacks toward supply chain and human-layer attacks.

North Korea’s Lazarus Group has become the single most significant threat actor in crypto security. The group has systematically targeted exchanges and DeFi protocols to fund state activities, with U.S. Treasury and FBI designations confirming the pattern. In 2024 alone, North Korean-linked actors were responsible for a substantial share of all crypto theft globally.

Mitchell Amador, CEO of Immunefi, acknowledged the structural challenge while pointing to emerging defenses.

On DeFi specifically, Amador noted that “we could argue that DeFi is getting safer due to improved security maturity, though DeFi still operates in one of the most adversarial environments in software.”

The data supports a cautiously mixed picture. DeFi’s 44.8% year-over-year decline in losses suggests that audit culture, formal verification, and bug bounty programs are working at the protocol level. But CeFi’s 77.5% surge, combined with the Bybit breach, shows that the industry’s largest custodial platforms remain vulnerable to sophisticated, targeted attacks that exploit human processes rather than code.

Concrete defensive measures gaining traction include multi-signature verification improvements, front-end integrity checks, and expanded bug bounty programs. Immunefi alone has facilitated over $100 million in bounty payouts to white-hat hackers. Whether these measures can scale fast enough to outpace state-sponsored attackers with billion-dollar incentives will define the next phase of crypto’s security evolution.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.