In 2025, hostile actors orchestrated a series of high-impact security incidents that collectively drained approximately $2.2 billion from digital-asset platforms. At the top of the list, Dubai-based Bybit suffered a record $1.4 billion breach on February 21, when attackers exploited vulnerabilities in Safe-based multisig wallets to authorize unauthorized transfers of around 401,000 ETH. Investigators pointed to compromised signing keys and possible phishing of internal wallet operators as the root cause; the exchange paused withdrawals, launched an internal probe, and pledged to honor user balances while coordinating with law enforcement to trace stolen funds.
Cetus, a concentrated-liquidity decentralized exchange on Sui, ranked second with a $223 million exploit in May. The attacker introduced spoofed tokens into liquidity pools, manipulated pricing via automated market-maker logic, and repeatedly extracted value before protocol teams patched the vulnerability and recovered a portion of the losses through white-hat actions. Balancer V2 followed with a $128 million exploit in November, driven by a rounding-error bug in composable stable pools; repeated deposit-withdrawal loops capitalized on accounting discrepancies until the issue was identified and mitigated.
Across centralized exchanges, Bitget lost $100 million when adversaries front-ran internal market-making bots on its VOXEL market, exploiting thin liquidity for low-risk gains before draining the treasury. Phemex recorded an $85 million hot-wallet breach in January, prompting a withdrawal freeze and key rotations. Nobitex in Iran reported $80 million missing from hot wallets in June, while Indian exchange CoinDCX disclosed a $44.2 million server-side breach in July, later linked to insider credential misuse. Decentralized perpetuals platform GMX saw a $42 million exploit via a reentrancy-style vulnerability in its v1 GLP pool on Arbitrum, halting trading and disabling minting until contract fixes were deployed.
Other notable incidents included a $49.5 million admin-privilege exploit at Infini, a stablecoin-focused neobank, and a $48 million hot-wallet hack at BtcTurk, underscoring that both custody and protocol logic remain frequent attack vectors. These breaches spotlight the need for robust multisig key management, rigorous protocol audits, and layered security controls to safeguard user assets and maintain trust in the evolving blockchain ecosystem.
Comments (0)