In February 2025, the cryptocurrency sector saw an eye-watering total of $1.53 billion in losses, representing an unprecedented 18-fold increase from the previous year. This surge in losses was primarily driven by one significant event—a $1.46 billion hack of the Bybit exchange. This massive breach alone pushed the cumulative losses for the year to $1.6 billion, which already surpassed the total amount of losses the entire crypto market experienced in 2024. This alarming increase in security breaches and financial losses in such a short period highlights the growing risks and vulnerabilities that centralized platforms and digital assets continue to face.
According to a comprehensive report from Immunefi, most of the February 2025 losses stemmed from two major incidents: the Bybit hack, which dominated the statistics, and a second breach at Infini, a stablecoin bank, which resulted in a $49.5 million loss. Beyond these two high-profile incidents, there were seven smaller attacks across various platforms, including zkLend and Ionic Money, which saw losses of $9.5 million and $8.6 million, respectively. While these smaller incidents may seem less significant in comparison to the Bybit breach, they still add to the overall picture of heightened risks within the crypto ecosystem.
The research also revealed a disturbing trend in the breakdown of these losses. Centralized finance (CeFi) platforms, such as exchanges and centralized banks, accounted for a staggering 95.5% of the total funds lost in February 2025. The Bybit hack was the largest contributor to this percentage. In contrast, decentralized finance (DeFi) protocols, which generally operate on a more open and distributed basis, accounted for just 4.5% of the total losses, with eight separate incidents spread across the month. This stark contrast between CeFi and DeFi losses suggests that centralized platforms are still the most vulnerable to large-scale attacks, even as DeFi continues to grow and evolve.
A key insight from the report was that hacks were the overwhelming cause of these losses in February, with no significant contribution from fraud. Immunefi noted that hacks made up 100% of the total funds lost, highlighting the growing sophistication of cybercriminals and the persistent threat they pose to crypto users and platforms alike. Fraud, which has historically been a common issue in the crypto space, did not factor into these specific incidents.
Regarding the specific blockchains targeted, BNB Chain and Ethereum were the most affected, each suffering four separate attacks, which together accounted for a significant 72.8% of the total losses in February. These two blockchains continue to be key players in the crypto world, so their exposure to attacks is particularly concerning. Other blockchains, including Abstract, Mode, and Optimism, were hit in individual incidents, but these attacks had less of an overall impact.
As for the aftermath of the Bybit hack, it was reported that the attacker behind the breach has already laundered an astonishing 266,300 ETH, which is worth approximately $614 million. The attacker was reportedly averaging 48,420 ETH laundered per day, suggesting that they could continue to offload the stolen funds at an alarmingly fast pace. If this rate continues, it is estimated that the remaining stolen ETH—around 233,086 ETH—could be fully laundered within just another five days. This rapid laundering process complicates efforts by authorities and security experts to track down the stolen funds, recover them, and bring those responsible to justice. It also raises questions about the effectiveness of anti-money laundering (AML) measures within the crypto industry, especially as more sophisticated techniques for laundering funds are developed.
This growing trend of hacks, the staggering financial losses, and the increasing sophistication of attackers signal that security within the crypto space needs to be reevaluated. While there have been efforts to improve security protocols, such as multi-signature wallets, improved encryption, and more robust regulatory frameworks, these incidents highlight that there is still much work to be done to protect users, platforms, and the entire crypto ecosystem from similar breaches in the future. For now, the industry will have to contend with the aftermath of these devastating hacks and work together to find solutions to mitigate such risks moving forward.
