$3.1 Billion Vanished: Crypto Hacks Hit Record High in Q1 2025 (Hacken Report)

Crypto’s bleeding isn’t stopping—just ask the hackers.

Hacken’s latest report reveals a brutal Q1: $3.1 billion siphoned from protocols, exchanges, and wallets. That’s not a typo—it’s a quarterly haul bigger than some national GDPs.

Where’s the money going? Offshore accounts, mixer services, and—let’s be real—probably some Lambo dealerships.

Security’s still an afterthought. Projects chase hype (and VC checks) while leaving backdoors wide open. DeFi’s 'trustless' mantra? More like 'trust us, we’ll get hacked eventually.'

Meanwhile, TradFi bankers are 'shocked'—between sips of their $28 artisanal coffee.

Although the $1.5 billion Bybit incident in February stands out as a major event, it does not obscure the fact that the industry continues to face broad security shortcomings.

Hacken’s forensic team observed a recurring theme in 2025: human and procedural errors are now a more frequent point of attack than cryptographic weaknesses.

Legacy Infrastructure and Operational Vulnerabilities

Hacken’s head of forensics, Yehor Rudytsia, noted that older codebases have remained active targets for attackers, with the GMX v1 platform being a key example.

The protocol’s outdated structure began facing exploitation in Q3 2025. “Projects have to care about their old or legacy codebase if it was not stopped from operating completely,” Rudytsia said, emphasizing the risks of leaving older protocols exposed.

Operational vulnerabilities have also played a prominent role, accounting for approximately $1.83 billion in losses across both DeFi and CeFi. The most notable case was the $223 million breach on Cetus, a DeFi platform, during Q2. The exploit was traced to an overflow check vulnerability in its liquidity calculations.

Using a flash loan, the attacker opened hundreds of small positions across 264 pools. Hacken analysts suggested that real-time TVL monitoring with automatic pause mechanisms might have prevented up to 90% of the funds from being drained.

AI and Insecure APIs Add Complexity to Web3 Security

The incorporation of artificial intelligence tools into Web3 projects has added another LAYER of complexity to the security environment. According to Hacken’s report, there has been a 1,025% increase in AI-related attacks compared to 2023.

Nearly 99% of these incidents involved insecure APIs, making them one of the most exploited attack surfaces today. As of mid-2025, 34% of Web3 projects are using AI agents in live environments, increasing their exposure to risks such as model hallucination, prompt injection, and data poisoning.

Hacken also highlighted that existing security standards like ISO/IEC 27001 and the NIST Cybersecurity Framework are not yet adequately equipped to handle these AI-specific threats. The report called for updated governance and risk models that can better account for evolving vulnerabilities in smart systems.

With more sophisticated threat vectors emerging and attackers increasingly relying on automation and social engineering, the demand for proactive and adaptive security mechanisms in the crypto sector has grown substantially.

Featured image created with DALL-E, Chart from TradingView