Global cryptocurrency thefts have accelerated in 2025, with Chainalysis reporting that roughly $3.4 billion was stolen in the year to date as attackers increasingly target centralized platforms, decentralized finance (DeFi) protocols and individual wallets, according to the analytics firm’s mid‑year and related 2025 reports.

Key figures and drivers

Chainalysis’s mid‑year update shows that more than $2.17 billion was stolen in the first half of 2025, driven in large part by a single, massive breach of the ByBit exchange and by an uptick in personal wallet compromises and coerced thefts known as “wrench attacks.” Chainalysis projects that, if trends continue, stolen funds from services could exceed $4 billion by year end, contributing to the roughly $3.4 billion total reported for 2025 so far in aggregated industry tracking and media reporting[1].

Largest incidents

The largest single incident identified by Chainalysis in 2025 was a reported $1.5 billion theft from the ByBit exchange, which accounted for the majority of service losses in the first half of the year[1].

Shift in attack patterns

Chainalysis notes an important shift in how criminal actors steal crypto: while platform hacks and smart‑contract exploits remain significant, individual wallet compromises have become a major vector, representing a growing share of total thefts (reported at about 23.35% of stolen‑fund activity year‑to‑date in 2025 in the mid‑year briefing)[1].

Geopolitical and organized threats

The reports highlight the prominent role of nation‑linked actors and organized groups in high‑value thefts; for example, North Korean‑linked hackers have continued to be among the most prolific attackers historically, and Chainalysis’s 2024 coverage noted North Korean actors responsible for large portions of prior years’ thefts, a trend that has continued into 2025[3].

Stablecoins, DeFi and laundering

Chainalysis’s analysis shows that criminals increasingly convert stolen assets into stablecoins and use a wider array of chains and mixing techniques to obfuscate flows, complicating recovery and enforcement efforts[2][3]. Decentralized finance services and cross‑chain activity remain key targets for exploiters seeking rapid conversion and movement of stolen funds[3].

Industry response and investigation

Law enforcement and on‑chain forensic firms such as Chainalysis say they are improving detection and attribution tools, using enriched on‑chain signals to trace theft proceeds and identify laundering patterns, but they warn that rapid diversification of assets and infrastructure among illicit actors makes recovery and prosecution increasingly difficult[2][4].

Context and historical comparison

Chainalysis points out that 2025’s theft velocity is notable: where 2022 took 214 days to reach $2 billion in service thefts, 2025 reached comparable volumes in just 142 days, signaling a faster accumulation of high‑value incidents[1]. The firm’s broader crypto crime reporting also indicates that while some categories of illicit crypto usage fluctuated year‑over‑year, stolen funds were the standout issue in 2025’s risk landscape[3].

What this means for users and platforms

• For exchanges and DeFi platforms: enhanced security audits, stricter operational controls and faster incident response are critical to reduce large‑scale breaches[1][3].
• For individual holders: Chainalysis’s data on rising personal wallet compromises underlines the importance of hardware wallets, multi‑factor protections and guarded private‑key practices[1].
• For regulators and law enforcement: cooperation with blockchain analytics firms and cross‑border investigations remain central to pursuing stolen funds and disrupting laundering networks[2][4].

Limitations and outlook

Chainalysis cautions that estimates can change as more attributions and Signals‑based assessments are added; its 2025 reporting incorporates expanded use of suspected‑activity signals alongside traditional evidentiary attributions, which can affect totals as investigations evolve[3]. The firm also warns that if current mid‑year trends continue, 2025 could finish considerably worse than prior record years for stolen funds from crypto services[1].

Methodology note

Chainalysis compiles theft and illicit‑activity figures by combining on‑chain transaction analysis, address clustering and documented attributions from public reports and law‑enforcement disclosures; its mid‑year update and Crypto Crime Report preview materials explain that some totals include signal‑based suspected activity in addition to confirmed attributions[1][3][4].