- Crypto hackers stole over $2 billion in Q1 2025, according to a report by Hacken
- More than 50% of the funds came from the Bybit hack
- The amount is 96% more than what was stolen in Q1 2024
Crypto hackers continue to wreak havoc in the industry and have stolen over $2 billion in just three months ending March 2025. The amount is 96% more than what was stolen within a similar period last year, with most of the funds coming from the Bybit hack linked to North Korean threat actors. According to a report by blockchain security firm Hacken, hackers mostly exploited weaknesses in crypto platforms’ access control measures, meaning that crypto and web3 projects are yet to find foolproof methods to prevent unauthorized access.
$1.6 Billion Lost Via Access Control Exploits
In its “2025 Q1 Web3 Security Report,” Hacken noted that losses from access control exploits accounted for the largest share of stolen funds at $1.6 billion, followed by rug pulls, phishing scams, and smart contract vulnerabilities at $300.7 million, $96.3 million, and 29.4 million, respectively.
🚨 Web3 just faced its toughest quarter yet.
$2 billion stolen. The biggest hack in history. A $300M rug pull-backed by a head of state.
Q1 2025 wasn’t chaos — it was a pattern.
Access control is the new attack surface. Let’s break it down 🧵👇 pic.twitter.com/pFLlG9YOdw
— Hacken🇺🇦 (@hackenclub) April 2, 2025
According to Hacken, most of the damage was “caused by failures in people, processes, or permission systems” rather than from smart contract vulnerabilities. It added that the amount stolen in Q1 2025 is close to the over $2 billion siphoned from crypto projects in the whole of 2024.
The report revealed that DeFi platforms lost a combined $81 million through access control, smart contract vulnerability, and social engineering attacks.
“Implement Human-Readable Signing”
Hacken advised projects using multi-sig wallets to “implement human-readable signing,” use hardware wallets, establish policy checks, and secure off-chain components to prevent malicious actors from draining their wallets.
To prevent smart contract exploits, the blockchain security firm asked crypto projects to review their arithmetic in flash loans, update contracts, and “adopt a strong security culture.” The report comes two months after blockchain analytics firm Chainalysis revealed that AI will help crypto threat actors to steal more funds.
With over $2 billion lost in the first three months of the year, it’s evident the amount stolen in 2025 will be higher than in 2024.
