In the first quarter of 2025, hackers made off with over $1.63 billion in cryptocurrency, with the Bybit exploit alone responsible for more than 92% of the total losses, as reported by a blockchain security company.
In January, hacking incidents resulted in the loss of more than $87 million in cryptocurrency, but February witnessed a staggering leap to $1.53 billion primarily due to the Bybit breach, which stands as one of the largest crypto heists on record.
Besides the Bybit incident, other attacks during February led to $126 million in losses, including a $50 million exploit against Infini, a $9.5 million breach at zkLend, and an $8.5 million loss tied to Ionic.
However, losses related to hacking saw a significant decline in March, plummeting by 97% from February figures. The same blockchain security firm noted that only $33 million in crypto assets were stolen during the last month, with some recovered funds helping to mitigate the impact on users and platforms.
Crypto hacking incidents rose by 131% year-over-year
The first quarter of 2025 recorded over 60 crypto hacks, with the loss of $1.63 billion representing a 131% increase compared to the first quarter of 2024, when losses totaled $706 million.
The most significant incident in March was an exploit amounting to $13 million involving the decentralized finance protocol Abracadabra.Money. On March 25, the attacker successfully withdrew 6,260 Ether (ETH) from the protocol.
Crypto hack losses in March.
The second-largest event of the month was an $8.4 million hack targeting the real-world asset (RWA) restaking protocol Zoth. On March 21, a security company flagged a suspicious transaction involving the withdrawal of $8.4 million from Zoth’s wallets, with the funds subsequently converted to stablecoins and moved to another address.
Despite the substantial losses in March, there were instances of asset recovery. For example, on March 7, a hacker who stole $5 million from the decentralized exchange (DEX) 1inch returned 90% of the funds. After exploiting a smart contract vulnerability, the DEX offered a 10% bounty, totaling $500,000, for the return of the remaining assets. The hacker complied, returning $4.5 million to 1inch.