- Phishing attacks led Q1 exploits, with 81 incidents on record.
- Ethereum platforms saw 98 hacks out of 197 total incidents reported.
Crypto losses surged in early 2025, with $1.67 billion of digital assets stolen in just three months. CertiK reported a 303% increase in theft compared to the last quarter of 2024. Most of the losses came from a single breach involving the crypto exchange Bybit. The total now represents over two-thirds of the crypto stolen throughout 2024.
Bybit Hack Accounts for Majority of Q1 Losses
CertiK’s Q1 2025 Hacked Report identified the Bybit exploit as the most significant single crypto theft. On-chain security expert ZachXBT first flagged suspicious activity involving Bybit’s cold wallets. Previously reported by Coincryptonews over $1.46 billion in tokens, including (stETH) and (mETH), were siphoned and exchanged for ETH on decentralized platforms.
Bybit’s CEO Ben Zhou later confirmed that a phishing attack compromised a multi-signature wallet.The incident triggered widespread concern across the industry while Arkham Intelligence responded by initiating a bounty program to trace the stolen funds. The hack also caused over $100 million in liquidations, affecting several trading platforms.Â
CertiK noted that while the Bybit attack dominated the report, other major incidents contributed to the quarter’s total losses. In January, the crypto exchange Phemex lost $71 million in a separate exploit. In February, crypto neobank Infini reported a $49.5 million theft involving DAI tokens. The attacker converted the funds into 17,700 ETH and transferred them to a new address. As highlighted in our report, the funds were routed through Tornado Cash, complicating recovery.
Ethereum-Based Platforms and Phishing Attacks Remain Top Targets
CertiK recorded 197 hacking incidents in Q1, with 98 occurring on Ethereum-based platforms. Phishing remained the most common method used by attackers, with 81 incidents involving stolen login credentials. Additionally, 15 cases of private key compromise were documented. These breaches give attackers full access to digital wallets and remain hard to prevent without user-side security.
Recovery rates also dropped sharply in Q1. CertiK reported that only 0.38% of stolen funds were returned, compared to 42.09% in the previous quarter. In February, there were no returns at all. This decline in asset recovery has widened the gap between losses and restitution, placing more pressure on digital asset platforms to strengthen their systems.
Conclusion
Security researchers continue to emphasize the importance of platform audits and user education. The Infini hack involving Tornado Cash highlighted the role of privacy protocols in laundering stolen assets. Experts recommend using multi-signature wallets, tighter phishing controls, and improved monitoring tools to limit exposure.
