Crypto Heists Surge in H1 2025: $187M Recovered Amid 344 Onchain Exploits
Crypto's Wild West Era Isn't Over Yet
Hackers outpaced last year's thefts—but white hats clawed back $187 million from digital bandits. Here's how the chaos unfolded.
CertiK's Tally: 344 Attacks and Counting
Onchain heists hit record frequency in 2025's first half. Security teams played whack-a-mole as exploiters targeted everything from DeFi protocols to bridge vulnerabilities.
The $187M Silver Lining
Recovery efforts scored rare wins—proving even in crypto's lawless frontier, some sheriffs can track the money trail. (Take notes, traditional finance—we see your 18-month chargeback windows.)
The Bottom Line
Innovation attracts both builders and bandits. As crypto matures, so do its predators—and the hunters chasing them.
Wallet Breaches, Phishing Scams Push Crypto Losses in First Half of 2025
According to the report, between January and June, a total of $2.47 billion was lost across 344 incidents. Wallet-related breaches alone accounted for $1.7 billion across just 34 attacks.
Phishing followed as the second most expensive threat, with over $410 million stolen in 132 incidents.
The Q2 + H1 2025 Hack3d Report is here.
$2.47B lost in the first half of the year.
$801M lost in Q2 alone.
Phishing and wallet compromise dominated the threat landscape.
Dive into the data
pic.twitter.com/Sxa6AGejGK
While the raw numbers suggest rising risk, CertiK says two incidents, Bybit and Cetus Protocol, skew the data.
Combined, those attacks made up about $1.78 billion of the total, pushing the year’s figures above all of 2024’s losses.
Removing those two cases brings the total to $690 million, which aligns more closely with previous years.
Ethereum remained the most targeted blockchain, experiencing 175 security events and over $1.6 billion in losses.
In a statement, CertiK noted that the trend in wallet breaches is “alarming,” but added that private key compromises, a top concern in 2024, have shown signs of decline.
The largest hack of the year so far came in February, when crypto exchange Bybit suffered a breach that led to the theft of more than $1.5 billion in liquid-staked ETH and MegaETH. It remains the single largest exploit of 2025.
The funds stolen in the Bybit hack are on the move — and investigators have a clearer idea of how the $1.4 billion in crypto was stolen#Bybit #LazarusGrouphttps://t.co/P9mgdDbkd1
Cetus Protocol, a decentralized exchange on Sui, was next. On May 22, the protocol lost about $225 million due to a smart contract flaw. The attacker used spoof tokens and price manipulation to drain liquidity. sui validators later froze and returned $162 million.
The average amount lost per incident stood at over $7.1 million, while the median loss was just under $90,000.
Phishing attacks have grown more deceptive, especially in Q2, where they topped all other attack vectors. The report urges users to be cautious, double-check URLs, avoid suspicious links, and use hardware wallets for storage.
Social engineering attacks also remain a serious threat. In April, a BTC whale fell victim to a phishing scam that resulted in a $330 million loss. The attacker used multiple instant exchanges and eventually swapped the funds for the privacy coin Monero.
A suspected theft of 3,520 Bitcoin valued at approximately $330.7 million has triggered a sharp rally in Monero (XMR).#Bitcoin #XMRhttps://t.co/AXZu6RYpI4
Despite the scale of attacks, some funds were recovered.
CertiK reports that $187 million was returned to victims through law enforcement action, whitehat efforts, and exchange cooperation.
This brings the net loss for the first half of the year to around $2.29 billion.
Code Flaws Cost $229M in May as Wrench Attacks Surge Globally
Looking closer at May 2025, CertiK noted a rise in losses due to code vulnerabilities.
In that month alone, flawed smart contracts caused $229 million in damages, a massive jump from just $5 million in April.
“As the tokenization of financial systems accelerates, so too do the methods of attack,” the report said.
“While it’s encouraging to see private key breaches drop, phishing and smart contract risks continue to evolve rapidly.”
With the pace of incidents showing no sign of slowing, the second half of 2025 may test whether recovery efforts can keep up with the rising tide of exploits.
As crypto scams and hacks rise, so do violent crimes targeting private holders.
According to bitcoin security advocate Jameson Lopp, at least 32 physical attacks, known as “wrench attacks,” have been reported globally this year, putting 2025 on pace to surpass 2021’s record of 36.
Nearly a third of these incidents occurred in France.
The attacks have grown more brutal. In January, Ledger co-founder David Balland was kidnapped and mutilated in a failed ransom attempt.
In another case, the father of a young trader was abducted by men posing as couriers; his captors severed a finger and demanded €7 million before police intervened.
Criminals have also begun targeting families. In May, Pierre Noizat, CEO of Paymium, narrowly avoided tragedy when attackers tried to kidnap his daughter and grandson.
That same month, authorities arrested 25 suspects in a Paris-based kidnapping ring.
Outside France, cases have emerged in the U.S., including a kidnapping in Las Vegas where the victim was driven into the Arizona desert.
Experts say crypto-related violence is entering a darker, more personal phase, prompting increased demand for private protection services.
