Crypto hackers stole $3.3 billion in 2025, but the number of attacks fell sharply as losses became concentrated in fewer, more sophisticated supply-chain exploits, according to new data from blockchain security firm CertiK shared with Cointelegraph.
While total losses remained elevated, the decline in incident counts and a drop in median theft sizes suggest that protocol-level security is improving, pushing attackers away from simple code vulnerabilities and toward phishing and infrastructure-level attacks.
CertiK said supply-chain breaches emerged as the most damaging threat, accounting for $1.45 billion in losses across just two incidents, including the $1.4 billion Bybit hack in February.
“The Bybit exploit signals that well-capitalized, well-coordinated threat actors are becoming more active across the ecosystem,” the report said, predicting a rise in the “sophistication” of supply chain attacks as attackers target more infrastructure providers.
Related: Soulja Boy token sparks backlash after Base co-founder posts purchase receipt
The number of security incidents decreased by 162 counts year-over-year, indicating that blockchain cybersecurity measures are improving despite hackers aiming for larger targets.
The average amount lost per hack stood at $5.3 million, a 66% increase from the previous year. However, the median loss — a measure less influenced by outlier incidents — fell to $103,966, down 35.75% over the same period.
Related: Solana AI token Ava hit by launch sniping tied to deployer: Bubblemaps
Code vulnerabilities fade as “pig butchering” scams threaten crypto savings
Phishing scams became the second-largest threat, costing crypto investors a cumulative $722 million across 248 incidents.
Recently, an investor lost their entire Bitcoin (BTC) retirement fund in an artificial intelligence-fueled romance scam, also known as a “pig butchering” scam, where the con artists used prolonged emotional manipulation to convince the investors to transfer their funds.
Pig butchering scams are a subset of phishing scams that cost the industry a collective $5.5 billion in 2024, across 200,000 individual cases.
Notably, the average grooming period for victims is between one and two weeks in 35% of cases, while 10% of scams involve grooming periods of up to three months, according to blockchain security platform Cyvers.
In June, the US Department of Justice announced the seizure of over $225 million in crypto linked to pig butchering scams.
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
