Crypto Heists Blow Past $2.17B in 2025 — Big Names Like ByBit and CoinDCX Are in the Firing Line

Crypto Heists Blow Past $2.17B in 2025 — Big Names Like ByBit and CoinDCX Are in the Firing Line

Halfway through 2025, and the tally is already staggering: more than $2.17 billion in stolen cryptocurrency. That’s not an annual projection — that’s what hackers have pocketed so far.

And it’s not just small-time operators getting caught out. Even exchanges with household names — ByBit, CoinDCX — are being picked apart by intrusions so carefully executed, they could pass for intelligence agency work.

 

 

The Shape of the Modern Crypto Thief

The cliché of a lone hacker in a darkened room feels outdated now. The real operators in this game look more like organized crime syndicates — deep pockets, division of labor, and a long game that stretches over months.

Before a single breach attempt, these groups spend weeks — sometimes longer — on quiet surveillance. They’ll map out company networks, keep tabs on staff, figure out when software patches roll out, even note which vendors get routine system access.

The toolkit has evolved too:

  • Social engineering that plays on insider trust.

  • Zero-day exploits that slip in before anyone knows the flaw exists.

  • Supply chain compromises — breaking into partners or contractors to get the keys to the front door.

It’s less “smash and grab,” more “move in quietly and learn the floorplan before you touch the safe.”

 

 

ByBit & CoinDCX: How the Breaches Unfolded

ByBit’s trouble began not inside its own walls, but through a third-party vendor with privileged system access. Once that supplier was compromised, the attackers simply followed the trail inside.

CoinDCX faced a different nightmare. Hackers stole administrator-level logins and used the exchange’s own internal tools to move assets. To outside monitoring, it looked like routine system work.

In both cases, the real sting is in the timeline: digital forensics later showed the first break-ins happened months before the actual theft. The intruders were already there, quietly taking notes.

 

 

The Five Moves of a Modern Exchange Hack

From the outside, it looks sudden. Inside, it usually goes like this:

  1. Recon – Gather intel on people, partners, and systems.

  2. Initial Entry – Often through phishing or a compromised vendor.

  3. Stay Hidden – Install backdoors and keep multiple ways in.

  4. Climb the Ladder – Slowly gain higher permissions.

  5. The Take – Move assets quickly and vanish.

 

 

Why the Old Defenses Keep Falling Short

Cold storage. Multi-sig wallets. Fortified firewalls. They’re all necessary, but they protect the vault — not the corridors leading to it.

The weak points are often human:

  • A vendor who has more access than anyone realized.

  • An administrator’s account that’s just one phishing email away from compromise.

  • A maintenance window that gives cover for suspicious activity.

 

 

People: Still the Soft Target

A lot of these breaches hinge on tricking the right person. We’ve seen hackers send convincing messages from what looks like a CEO’s account, complete with insider knowledge about projects and staff.

Some go further, targeting an employee’s personal phone or email first — then walking in through their work login without raising alarms. Often, the “insider threat” doesn’t even know they’ve been turned into one.

 

 

The Fallout Runs Deeper Than the Balance Sheet

Every major hack chips away at trust. Even if an exchange reimburses customers, many won’t risk coming back. The loss in trading volume and future partnerships can be brutal.

And the underground economy is catching on — “hack-as-a-service” is becoming a reality. One group develops the tools, another rents them, and both walk away richer.

 

 

What Needs to Change — Now

Exchanges can’t keep patching holes after the fact. The industry needs:

  • Behavioral monitoring that spots odd-but-possible activity.

  • Zero-trust networks that shut down lateral movement.

  • Real-time threat sharing between exchanges before damage spreads.

For everyday crypto holders, the takeaway is blunt: don’t leave large balances on an exchange. If you do, you’re trusting that team to outwit some of the most determined and well-resourced criminals in the world — and the scoreboard this year doesn’t inspire confidence.

Back to blog