This year, crypto hackers targeted major crypto entities and personal wallets, leading to $3.4 billion in losses — the highest since 2022.
A Chainalysis report released on Thursday revealed that three hacks in 2025, including the $1.4 billion theft from crypto exchange Bybit, constituted 69% of total losses from January to early December, with the largest incidents being significantly larger than the average breach.
Andrew Fierman, Chainalysis’ head of national security intelligence, stated to Cointelegraph that while these significant attacks contributed to this year’s surge in losses, it remains uncertain how 2026 will play out.
“Predicting whether it will worsen in 2026 is challenging, as hacks can be driven by outliers — just one or two major incidents may set a yearly record. However, the trend of targeting larger entities appears to be ongoing, and there’s no indication that hacks will decrease next year,” he noted.
Wallets and private keys are prime targets
Fierman added that personal wallets have also emerged as an appealing target for cybercriminals.
They made up 7.3% of the total stolen value in 2022 and increased to 44% in 2024. This year, they represent about 20%, but excluding the Bybit breach, that figure would near 37%.
However, the total stolen from individual hacks has decreased from $1.5 billion in 2024 to $713 million this year, even as the number of incidents nearly tripled compared to 2022.
“The smaller amounts are typical since individual personal wallets generally hold less than large exchange wallets, which combine multiple users’ balances,” Fierman explained.
DeFi protocols show improved security
The total locked value in DeFi is around $119 billion, according to the analytics platform DefiLlama, surpassing the 2023 lows of below $40 billion.
Yet, Chainalysis indicated that the recovery in DeFi markets hasn’t coincided with an increase in hacks, which marks “a clear divergence from historical patterns.”
Historically, sectors rich in funds tended to experience more hacks. However, Chainalysis attributes the current trend to enhanced security measures in DeFi protocols and attackers shifting their focus to wallets and centralized services.
“The consistently lower level of DeFi hacks, despite the influx of billions back into these protocols, signifies a significant change,” the Chainalysis team noted.
North Korean hackers are becoming more advanced
North Korean hacker groups accounted for $2.02 billion in stolen cryptocurrency in 2025, a notable increase of $681 million from 2024, employing strategies like embedding IT personnel within various projects.
Analysis revealed that North Korean hackers conducted fewer but significantly more impactful attacks in 2025, a trend that Chainalysis attributes to increased sophistication and patience in targeting larger rewards.
Related: Solana under ‘industrial scale’ DDoS attack: Co-founder says it’s ‘bullish’
“The regime continuously trains and develops new tactics for executing their operations, whether by infiltrating Web3 companies as IT personnel or locating exploitable access points through third-party vendors,” Fierman remarked.
“As the industry learns from each hack about DPRK tactics and strengthens security measures to mitigate future risks, the DPRK simultaneously evolves in its quest to discover new avenues for generating illicit returns.”
Magazine: Do Kwon sentenced to 15 years, Bitcoin’s ‘choppy dance’: Hodler’s Digest, Dec. 7 – 13
