10
2025 marked a turning point in crypto security with the $1.5 billion Bybit hack, the largest DeFi breach ever, executed by North Korea’s Lazarus Group. Chainalysis data shows rising risks for individual wallets, while exchanges experiment with controversial protocol‑level freezes. Analysts argue the future of crypto security hinges on balancing rapid‑response coordination, transparency, and decentralized governance.
The Bybit Heist: A Catalyst for Industry Contraction
The year 2025 emerged as a decisive inflection point for digital asset security, punctuated by a breach of unprecedented scale: the $1.5 billion Bybit hack. Orchestrated by the state-sponsored Lazarus Group, the heist was an operation of surgical precision. By executing a sophisticated supply chain exploit targeting Safe wallet, attackers effectively compromised the platform’s signing interface, turning a trusted security layer into a gateway for historic theft.
This breach sent seismic shockwaves through the global markets, momentarily chilling the institutional fervor generated by the U.S. government’s aggressive pivot away from Biden-era restrictive crypto policies. The agility with which the Lazarus Group obfuscated and moved these assets—outpacing even the most advanced regulatory response units—has left the industry at a critical crossroads. It has forced a grueling re-examination of “immutable” security protocols and remains a haunting benchmark that the digital asset ecosystem is still struggling to reconcile.
Despite the scale of the theft, the aftermath showcased a new standard for exchange accountability. CEO Ben Zhou immediately guaranteed 1-to-1 asset backing from the corporate treasury and launched a high-stakes “War on Lazarus” by offering a record-breaking $140 million bounty and achieving real-time traceability for over 88% of the stolen funds.
Read more: Bybit Founder Exposes Hack Flows: 86% of Stolen Crypto Traced to 9,117 Bitcoin Wallets
However, some experts believe this attack exposes how the reactive disposition of DeFi security infrastructure makes platforms susceptible to further breaches. Nicolas Vaiman, CEO of Bubblemaps, cites human error as the primary threat to DeFi.
“Even solid platforms can fail when risks build up across infrastructure, wallets, and counterparties without being caught early,” Vaiman asserts. “No matter how strong the technical defenses are, mistakes in operations, access control, or decision-making will always exist.”
Natalie Newson, senior blockchain investigator at Certik, believes decentralized governance and community involvement can be pivotal in thwarting future attacks. However, she notes this will only be possible “with the right balance of transparency, expertise, and rapid-response capability.”
While the Bybit hack was the single largest loss, it accounted for just over two-fifths of the overall losses suffered by crypto platforms in 2025. According to Chainalysis, a further $2 billion was lost to attacks ranging from smart contract exploits to wallet compromises. The Coinbase support system exploit revealed in May saw attackers take funds estimated between $180 million and $400 million. To effect the attack, cybercriminals used AI-powered voice cloning and phishing to bribe or trick overseas support agents. This provided “privileged access” to customer data and internal tools, allowing them to bypass security protocols for high-value accounts.
The Cetus protocol exploit, in which criminals stole $231 million, was the largest decentralized finance ( DeFi)-specific breach of the year. Other platforms suffered notable breaches: Nobitex, an Iranian exchange, was targeted by a group known as “Predatory Sparrow” in a politically motivated attack that disrupted regional liquidity and drained an estimated $90 million.
The Indian exchange Coindcx lost $44 million after suffering unauthorized treasury access due to compromised internal credentials, while Upbit lost $36 million in a breach attributed to North Korean hackers. A supply chain attack where malicious code was injected into third-party software tools used by Bigone resulted in a loss of $27 million.
Meanwhile, Chainalysis data shows a dramatic increase in the proportion of losses coming from individual users rather than services. Personal wallet compromises accounted for only 7.3% of stolen value in 2022 but surged to 44.4% in 2024. While the share of personal wallet losses dropped to 20.6% in 2025, excluding the Bybit attack would bring that figure to 36.8%. The report also noted that centralized platforms were increasingly susceptible to private key compromises throughout the year.
Following the Bybit attack, many exchanges sought to preempt threats by adding protocol-level freezing capabilities. Though controversial, proponents believe these measures effectively stop criminals from cashing out stolen funds. Vaiman believes this capability—already adopted by 16 blockchains—will become more common.
“In practice, the most effective way to stop large-scale crypto crime today is still through stablecoin issuers or CEXs freezing funds,” Vaiman said. “If similar controls are available at the blockchain level, they can help limit damage in clear cases of hacks.”
Conversely, Newson argues for a collaborative framework to address cyber threats. She says the challenge lies in creating operational bridges to facilitate transparency standards and threat signals across ecosystems.
“This is notably what is happening with initiatives like SEAL 911 or the ‘Coalition to Change Crypto Freezes & Recovery’ led by zeroShadow,” Newson said. “The goal is to enable defensive coordination against threats while preserving the openness and innovative potential of Web3.”
FAQ 💡
- What happened in 2025? Bybit suffered a $1.5B hack, the largest DeFi breach in history.
- Who was behind it? The state‑sponsored Lazarus Group executed a supply‑chain exploit via Safe wallet.
- How did Bybit respond? CEO Ben Zhou guaranteed full asset backing and launched a $140M bounty campaign.
- Why does it matter globally? The attack shook markets from the U.S. to Asia, forcing exchanges to adopt stricter security.
coindesk.com
bitcoinmagazine.com
cryptobriefing.com
cointelegraph.com
1