Crypto hacks top $1.6B in Q1 2025 — PeckShield

Hackers stole more than $1.63 billion in cryptocurrency during the first quarter of 2025, with the Bybit exploit accounting for more than 92% of total losses, according to blockchain security firm PeckShield.

PeckShield reported that over $87 million in crypto was lost to hacks in January, while February saw a dramatic spike to $1.53 billion, largely due to the Bybit attack. That incident was one of the largest crypto thefts to date.

In addition to the Bybit hack, other attacks in February caused $126 million in losses. This included a $50-million exploit targeting Infini, a $9.5-million hack on zkLend and an $8.5-million loss from Ionic.  

Hack-related losses dropped significantly in March, decreasing by 97% from February. PeckShield reported only $33 million in crypto assets were stolen last month. Some funds were even recovered, helping offset damage to users and protocols.

According to PeckShield, the first quarter of 2025 saw more than 60 crypto hacks. The blockchain security firm said the $1.63 billion loss in Q1 2025 represented a 131% year-over-year increase from the first quarter of 2024, when losses reached $706 million.

The largest incident in March was a $13 million exploit involving decentralized finance protocol Abracadabra.Money. PeckShield said the attacker drained 6,260 Ether (ETH) from the protocol on March 25.

Crypto hack losses in March. Source: PeckShield

Related: North Korean crypto attacks rising in sophistication, actors — Paradigm

The second-biggest incident during the month was an $8.4-million hack on the real-world asset (RWA) restaking protocol Zoth. 

On March 21, security firm Cyvers flagged a suspicious Zoth transaction, an attacker withdrawing $8.4 million from the protocol's wallets. The assets were converted into a stablecoin and transferred to another address. 

While millions were lost in March, some cases saw assets being returned. On March 7, a crypto hacker who stole $5 million from decentralized exchange (DEX) 1inch returned 90% of the funds. 

After a smart contract vulnerability was exploited, the DEX offered a 10% bounty to the attacker, worth $500,000, in exchange for returning the rest of the crypto assets. The hacker obliged and sent back $4.5 million to 1inch. 

Magazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express