What to know
- Crypto losses hit nearly $3B in 2025, with fewer attacks but much bigger damage per incident.
- Centralized exchanges caused the largest losses, while DeFi faced the most frequent attacks.
- Scams and hacks grew more organized as regulators stepped up global enforcement.
Blockchain security problems did not slow down in 2025; they became more serious and more organized. According to the latest 2025 Blockchain Security & AML Annual Report released by SlowMist, the industry recorded nearly $3 billion in losses this year, even though the total number of incidents went down.
The report shows that around 200 security incidents were recorded in 2025, leading to losses of about $2.935 billion. This is a sharp jump from 2024, which saw 410 incidents but lower total losses of $2.013 billion. In simple terms, attacks happened less often, but when they did, they caused much bigger damage.
Where the Losses Happened
Ethereum remained the most affected ecosystem, with losses of about $183.25 million. Solana followed with $17.45 million, while Arbitrum recorded losses of $17.10 million. These numbers show that major and widely used networks continue to attract attackers because that is where the money and users are.
When looking at project types, DeFi platforms were hit the most in terms of the number of incidents. There were 126 DeFi-related cases, causing losses of around $649 million. However, centralized exchanges caused the biggest shock. Even though there were only 22 exchange incidents, losses reached $1.809 billion. One single incident at Bybit alone accounted for about $1.46 billion, making it the largest loss of the year.
How Attackers Broke In
First were smart contract issues, which caused 56 incidents. Second were account takeovers, with 50 cases. These often happened because users were tricked into giving access without realizing it.
The report explains that scams are no longer simple tricks. In 2025, attackers used more advanced and layered methods. Phishing attacks now guide users step by step to complete the theft themselves. Social manipulation plays a big role, where scammers pretend to be trusted people or create emotional pressure. Fake browser extensions, poisoned open-source tools, and even AI-powered voice and video scams were widely used.
Ponzi schemes also continued to grow. Many were disguised as “blockchain finance” or “data platforms” and relied on stablecoin deposits and referral systems. These schemes looked professional on the surface but collapsed once new money stopped coming in.
Regulation Step Up
The report also highlights stronger global action against illegal money flows. Governments moved from warnings to real enforcement. Authorities targeted exchanges, stablecoins, service providers, and even individual wallet addresses.
During 2025, Tether froze USDT on 576 Ethereum addresses, while Circle froze USDC on 214 addresses. In total, about $387 million was frozen or recovered across 18 cases, which equals a recovery rate of roughly 13%. SlowMist itself helped recover or freeze about $19.29 million through its investigations and support work.
Hacker groups linked to North Korea moved away from small, one-off attacks and instead ran highly organized operations, often targeting centralized services and using large-scale, factory-like methods to move stolen funds, sometimes hiding illegal activity behind outsourced IT work. So-called drainer scams were still active but slowed compared to last year, causing losses of about $83.85 million across more than 106,000 victims, with the biggest single theft at $6.5 million, and new malicious signatures appearing after recent network upgrades. The Huione Group continued to grow its platforms and services, but rising on-chain tracking and pressure from cross-border law enforcement made it harder to operate freely. At the same time, ransomware and malware attacks became easier to launch as ready-made tools lowered the barrier for criminals, helping fuel a wider cybercrime supply chain, even as major groups like LockBit and LummaC2 were taken down
Final Thoughts
SlowMist says 2025 clearly showed three major trends: attacks became more professional, criminal networks became harder to track, and regulators became much stricter. Security and compliance are no longer optional. For blockchain projects today, strong protection, clear rules, and constant monitoring are now basic requirements for survival, not just extra features.
Also Read: Russian Justice Ministry Moves to Criminalize Illegal Crypto Mining With Jail Time
