Cryptocurrency Hacks Decline, But Are We Really in the Clear?

Yele Bademosi
March 24, 2025
3 Views
Top 10 losses in January. Source: Immunefi

The crypto space has always been a battleground between innovation and cybercrime. While January saw a promising decline in overall hacker loot compared to last year, the numbers still paint a cautionary tale. Have we truly turned a corner, or is this just a temporary reprieve? Let’s break it all down.

A Mixed Bag: Crypto Hacks in January 2025

January saw hackers making off with a staggering $73 million worth of digital assets across 19 attacks—certainly not a number to shrug off. However, in context, it’s a 44% decrease from the $133 million stolen in January 2024, signaling potential progress in security measures.

But here’s the curveball: Despite this year-over-year drop, January’s losses were nearly nine times higher than December 2024, when hackers only stole $3.8 million in digital assets. This drastic month-over-month increase suggests that even with improved security, hackers are far from giving up.

Top 10 losses in January. Source: ImmunefiTop 10 losses in January. Source: Immunefi

The most significant incident? The Phemex crypto exchange hack, which accounted for a jaw-dropping $69 million in losses. The second-largest? A $2.5 million attack on the Moby Trade options platform.

Crypto losses, January 2025. Source: ImmunefiCrypto losses, January 2025. Source: Immunefi

The bigger picture is even more worrisome—crypto hacks drained a whopping $2.3 billion across 165 incidents in 2024, marking a 40% rise from 2023. Even though January 2025’s numbers look better than last year, the long-term trend screams “caution.”

CeFi: The Primary Target for Hackers in 2025

According to Mitchell Amador, CEO of Immunefi, centralized finance (CeFi) platforms continue to be the biggest targets for cybercriminals. In January 2025, CeFi losses accounted for 93% of the total value stolen, amounting to $69 million. In contrast, decentralized finance (DeFi) platforms suffered $4.8 million in losses across 18 attacks.

DeFi vs CeFi losses. Source: ImmunefiDeFi vs CeFi losses. Source: Immunefi

Amador points out why CeFi remains especially vulnerable:

“The largest volume of losses will likely come from CeFi, as hackers are targeting infrastructure, particularly through private key compromises. CeFi doesn’t generally suffer the highest number of successful attacks, but when a breach occurs, it typically leads to catastrophic losses.”

In other words, while DeFi may experience frequent smaller breaches, when a CeFi platform is compromised, the damage is massive. A single stolen private key can unlock an entire vault’s worth of assets—whereas DeFi exploits often lead to partial losses rather than complete wipeouts.

The Human Factor: Phishing & Operational Mistakes

Beyond outright infrastructure weaknesses, CeFi platforms also suffer from human errors, with phishing attacks being one of the biggest threats.

“CeFi platforms must adopt a multi-layered security approach that includes enhancing key management, reducing reliance on single private keys, and improving operational security (OpSec) through regular security training for employees,” says Amador.

So, what can be done? Experts recommend:
Better key management – Moving away from reliance on single private keys.
Continuous employee training – Keeping teams sharp in spotting phishing attempts.
Bug bounty programs – Encouraging ethical hackers (white hats) to find vulnerabilities before criminals do.
Real-time threat detection – Using AI-driven monitoring tools to detect suspicious activity before it escalates.

Speaking of bug bounties, Immunefi is currently offering over $181 million in rewards for ethical hackers, securing $190 billion worth of crypto assets.

A Step in the Right Direction—But No Time for Complacency

The drop in total stolen assets in January 2025 compared to last year is a hopeful sign, proving that improved security measures and awareness are making a difference. However, the staggering month-over-month increase from December signals that hackers are still evolving their tactics and exploiting any weak points they can find.

The Takeaway?

  • Crypto security is improving, but still has a long way to go.
  • CeFi remains the biggest target, with devastating breaches occurring when vulnerabilities are exploited.
  • Education, better key management, and proactive security measures are crucial to keeping funds safe.

While innovation continues driving the crypto industry forward, security can’t be an afterthought; it needs to be at the forefront of everything. The battle against cybercriminals rages on—so the question is, are we ready to stay ahead of them?

Author Yele Bademosi