The cryptocurrency sector lost nearly $3 billion to security breaches in 2025 despite a 51% decline in the number of attacks, according to blockchain security firm SlowMist. The total value stolen from crypto hacks increased 46% compared to 2024, with 200 incidents recorded this year versus 410 the previous year.
What Happened: Security Losses
SlowMist released its 2025 Blockchain Security & AML Annual Report on Tuesday, documenting total losses of approximately $2.935 billion compared to $2.013 billion in 2024.
The data revealed a shift toward fewer but larger-scale heists across the digital asset industry.
DeFi platforms remained the most frequently targeted sector with 126 security incidents, accounting for 63% of all hacks and total losses of around $649 million.
This represented a 37% decline in incident count and a 62% decrease in losses compared to 2024's 339 incidents and $1.029 billion stolen.
Centralized exchange platforms reported 22 incidents resulting in $1.809 billion in losses, led by Bybit's February attack. That single breach resulted in approximately $1.46 billion stolen, becoming the largest security event of the year.
Also Read: Grayscale Files SEC Registration For First TAO Exchange-Traded Product In The United States
Why It Matters: Evolving Threats
Attack methods have grown more complex, according to SlowMist's analysis.
"Traditional phishing has gradually expanded into permission hijacking, malicious code execution, and supply-chain poisoning," the report stated. "Attacks are no longer reliant on a single method; instead, they increasingly combine social engineering, browser exploitation, new protocol mechanics, and hybrid lure strategies to form stealthy and destructive attack chains."
Regulatory enforcement showed a "clear trend of escalation" this year as agencies intervened in crypto-related money laundering, fraud, sanctions evasion and illicit financing cases.
Eighteen incidents resulted in funds being recovered or frozen, with nearly $387 million of $1.95 billion in stolen assets successfully returned or frozen.
SlowMist concluded that "the development of the Web3 industry will no longer rely solely on technical innovation," noting that organizations building stronger internal security controls, transparent fund governance models and comprehensive KYT/AML review capabilities would gain longer-term resilience.
Read Next: ZCash Climbs Past $500 As Whale Holdings Jump 47% Despite Market Weakness