In line with the information collected by Slowmist, cybercriminals stole almost $3 billion in crypto hacks and scams in 2025. Researchers recorded a complete of 202 hack occasions, of which one was answerable for virtually half of all losses. In February, a large-scale outflow of funds from the ByBit trade platform resulted within the theft of over $1.46 billion.
Criminals hacked one in every of ByBit’s suppliers to secretly alter the digital pockets deal with to which 401,000 Ethereum cryptocurrency cash had been being despatched. ByBit thought it was transferring the funds to its personal digital pockets, however as an alternative, it despatched all of the funds to the hackers.
The Ethereum ecosystem was essentially the most focused amongst all classes, struggling 33 hacks and scams that resulted in $245 million in losses. Hacks on the Binance Sensible Chain (BSC) ecosystem had been the second hottest, with 25 occasions that stole $20 million price of cryptocurrency.
“Crypto is right for cybercriminals as a result of transactions are irreversible and almost nameless,” mentioned Marijus Briedis, chief know-how officer at NordVPN. “There’s no financial institution to freeze funds, no chargebacks, and belongings shortly vanish via mixers or decentralized platforms. For hackers, it’s the proper heist: excessive reward, low traceability, and victims typically lack authorized recourse.”
How cybercriminals steal crypto
In line with the FBI, cryptocurrency fraud accounts for 50% of all monetary fraud losses. Cybercriminals goal particular person crypto holders with malware that takes over transactions. These assaults typically start with phishing emails, contaminated downloads from unofficial websites, malicious adverts, or compromised web sites.
A very efficient instrument is “clipper” malware, which displays a sufferer’s clipboard and routinely replaces copied pockets addresses with ones the hackers management. Customers typically copy and paste pockets addresses on account of their complexity, unknowingly sending funds to criminals.
Infostealer malware is a good larger risk. It targets browsers and crypto wallets to steal credentials and delicate information. As soon as put in, it really works quietly within the background, gathering pockets info and sending it to attackers. In 2025, infostealers led to report ranges of ransomware and identity-based breaches and we anticipate it to be a good larger challenge this 12 months.
Tricks to defend crypto
Defending your cryptocurrency requires proactive motion. Use solely respected exchanges and wallets with a confirmed report. All the time allow two-factor authentication and create sturdy, distinctive passwords for each account. Keep alert for unsolicited messages and gives, and by no means ship cryptocurrency to unknown sources.
All the time confirm pockets addresses earlier than sending any cryptocurrency. Copy and paste addresses, then test if the pasted deal with matches the unique. Check with a small transaction first to verify the deal with is appropriate and to identify any clipboard malware.
“That’s why we’ve added a crypto pockets deal with checker to Menace Safety Professional,” mentioned Briedis. “As you browse, the instrument scans web page content material domestically in your machine. It identifies cryptocurrency pockets addresses and checks in the event that they’ve been linked to fraud, phishing, or scams. If an deal with is flagged as harmful, you’ll see a warning earlier than making a mistake. Solely the pockets deal with is distributed for verification, by no means your private info or shopping historical past.”