Cybersecurity and cryptocurrencies: advances, risks, and lessons learned in 2025

The year 2025 was marked by record losses from attacks and fraud in the cryptocurrency universe. In the first half of the year alone, thefts totaled $2.17 billion, surpassing the total value recorded in 2024, according to Chainalysis. Projections indicate that 2025 could end with more than $4 billion in stolen assets, an all-time high.

ESET, a leading company in proactive threat detection, reviews some of the major cases that occurred in 2025 and how seemingly simple vulnerabilities resulted in multimillion-dollar thefts that shook the cryptocurrency market.

This scenario of vulnerability contrasts sharply with the growing institutionalization of the sector, where cryptocurrency ETFs registered record inflows of $5.95 billion and corporate investors like Strategy (formerly MicroStrategy) announced new Bitcoin purchases. The market, however, exposed its security weaknesses. “The BBC noted that the $1.5 billion attack on the Bybit exchange, attributed to hackers linked to North Korea, was the largest in history, thus symbolizing this contradiction: even with regulatory and technical advances, known vulnerabilities continue to be exploited,” comments Camilo Gutiérrez Amaya, Head of the Research Lab at ESET Latin America.

2025 is shaping up to be a year of historic losses for the cryptocurrency market. According to CertiK, the industry lost nearly $2.5 billion to attacks and scams in the first six months of the year alone. Chainalysis, on the other hand, noted that the volume of stolen crypto assets in the same period surpassed the $2.17 billion mark recorded for all of 2024.

At this rate, according to ESET, losses could exceed $4 billion by the end of the year, making 2025 the year with the largest amount of stolen assets in cryptocurrency history.

Vulnerabilities that can lead to multimillion-dollar losses

ESET has analyzed the most significant incidents of the year, illustrating how vulnerabilities of different kinds can result in multimillion-dollar losses:

1. Attacks on exchanges and centralized platforms (CEXs): Among the most emblematic incidents is the attack on Bybit, which resulted in the theft of approximately $1.5 billion worth of Ethereum, the largest ever recorded in cryptocurrency history. In this case, the attackers didn’t directly breach the exchange’s servers, but rather compromised a third-party platform provider, changing the wallet address where the funds were transferred. ByBit thought it was transferring the funds to its own digital wallet, but it was sending everything to the hackers. The sophistication of the operation revealed how chains of trust and external integrations can become entry points for highly specialized criminals.
2. Exploits in DeFi protocols: The Balancer attack, which caused losses of over $100 million, highlighted one of the recurring weaknesses in the DeFi space: errors in the code. A bug in the smart contract allowed unauthorized withdrawals, exposing how small logical flaws can be exploited to compromise an entire protocol. The impact extended to derivative projects, such as Beets Finance, which also reported losses in the millions. These incidents reinforce the importance of continuous and independent audits, a challenge for protocols that prioritize innovation and speed of launch.
3. Phishing scams: While large platforms suffered coordinated attacks, individual users remained the preferred targets. Phishing scams, in which victims are tricked into voluntarily surrendering their credentials, resulted in $410 million in losses, according to Certik. Attacks targeting individuals are estimated to have accounted for 23.35 % of all stolen funds during the period, a sign that social engineering remains as effective as technical intrusions.
4. Historical attacks and bridge vulnerabilities: Although no major bridge-related incidents occurred in 2025, this type of attack remains one of the most destructive. The memory of the 2022 Ronin Bridge breach, in which $600 million was stolen, remains a constant warning. These failures show how the interconnectivity between networks, essential for the scalability of the crypto ecosystem, also expands the attack surface and can turn a single code error into a systemic collapse.

“Recent attacks reveal the increasing professionalization of cryptocurrency-related cybercrime. Even with the growing technical and regulatory maturity of the ecosystem, cybercriminals have shown they remain one step ahead in 2025, improving their methods, exploiting known vulnerabilities, and diversifying their targets. While the industry has matured in terms of regulation, transparency, and infrastructure, many attacks exploited human error, poorly managed integrations, and unaudited code—issues that innovation alone cannot eliminate,” notes Gutierrez Amaya.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram @esetla) and Facebook (ESET).

With information and reference image provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram