In the first three months of 2025, the crypto ecosystem experienced a significant loss of $1,635,933,800 across 39 incidents, as reported by the blockchain security platform Immunefi. This marks a historic moment as Q1 2025 is noted as the worst quarter for hacks in the history of the crypto ecosystem.
Two centralized exchanges, Phemex and Bybit, were the primary targets of these attacks. Phemex suffered a loss of $69.1 million in January, while Bybit lost a staggering $1.46 billion in February. These two hacks accounted for the majority of the total losses in the first quarter of 2025.
Compared to Q1 2024, the total number of losses in Q1 2025 increased by 4.7 times. Experts believe that the infamous North Korean Lazarus Group is behind the two largest attacks, stealing $1.52 billion, or 94% of the total losses. This highlights the pressing threat that state-backed actors pose to the crypto industry.
Immunefi Founder Mitchell Amador emphasized the need for enhanced security measures to protect against catastrophic attacks. The scale of the Bybit and Phemex attacks underscores the importance of safeguarding the entire stack to prevent such breaches.
Exchanges, which manage large sums of money, are vulnerable to attacks, with even a small breach resulting in significant losses. The report also revealed that hacks were the main cause of losses, accounting for 100% of the total losses, compared to fraud incidents.
BNB Chain surpassed Ethereum as the most targeted chain in Q1 2025, with the two chains together representing 76% of the total losses. Centralized finance (CeFi) became the primary target for exploits, despite only two attacks recorded in the first quarter.
In contrast, decentralized finance (DeFi) saw 38 incidents but recorded lower total losses of $106,833,800. The report highlighted a 69% decrease in DeFi losses compared to Q1 2024. Additionally, only $6.5 million of the stolen funds was recovered in Q1 2025, representing just 0.4% of the total losses.
Immunefi has paid out over $112 million in total bounties and saved over $25 billion in user funds, with over $180 million in available bounty rewards. The platform continues to play a crucial role in enhancing security measures and protecting the crypto community from malicious attacks.
Overall, the crypto industry faces ongoing challenges in cybersecurity, with the need for continuous innovation and vigilance to safeguard against threats. The significant losses incurred in Q1 2025 serve as a stark reminder of the importance of robust security measures in the ever-evolving crypto landscape.