The first quarter of 2025 delivered a crushing blow to the global crypto industry. Hackers stole over $1.6 billion across multiple attacks, making it the worst quarter ever recorded for crypto security breaches, according to Immunefi’s latest research report. The figure more than doubled the losses in Q1 2024, which stood at $706 million, based on data from PeckShield.
With two major incidents driving the bulk of the losses — a $1.46 billion exploit at Bybit and a $69.1 million hack on Phemex — the industry faces heightened scrutiny and renewed pressure to prioritize cybersecurity.
Bybit and Phemex Hacks Shatter Records
The crypto space has seen high-profile breaches before, but the scale of these Q1 2025 incidents pushed the envelope. The Bybit exploit alone accounted for nearly 91% of the total losses, making it one of the most devastating cyberattacks on a centralized exchange in crypto history.
Hackers targeted vulnerabilities deep within Bybit’s infrastructure, breaching multiple layers of its security framework. The exchange confirmed the breach on March 4, after detecting abnormal withdrawals totaling nearly $1.46 billion in various assets. Investigations revealed that attackers gained access through compromised hot wallets and exploited system weaknesses related to third-party integration points.
Shortly after the Bybit attack, Phemex, another centralized exchange, suffered a $69.1 million breach. The incident exposed flaws in Phemex’s withdrawal verification systems and API rate limits. Attackers used automated scripts to simulate legitimate transactions, eventually draining wallets and bypassing internal alerts.
Together, these two attacks accounted for 94% of all Q1 losses, underlining a dangerous trend: centralized exchanges remain the prime targets for sophisticated, large-scale hacks.
Immunefi: “State-Sponsored Actors a Major Concern”
Immunefi, a leading bug bounty and security services platform for Web3, analyzed these incidents and drew a troubling conclusion.
“The sheer scale of the Bybit and Phemex attacks, totaling $1.5 billion, shows how state-backed actors are arguably the most pressing threat to our industry,” Immunefi analysts wrote in their Q1 2025 report.
Their statement reflects growing concerns that advanced persistent threats (APTs), often backed by nation-states, now target cryptocurrency infrastructure. These actors possess both the funding and technical capability to breach “battle-tested platforms” and evade detection for long periods.
Immunefi warned that crypto firms must fortify the entire stack, from smart contracts to middleware and custodial layers. “Security measures must evolve to detect and prevent attacks before they unfold. Relying on traditional perimeter defenses no longer works.”
Centralized Exchanges Take the Hardest Hit
Centralized platforms experienced the overwhelming majority of losses, with 94% of total losses occurring through attacks on centralized exchanges and custodial wallets. These platforms store massive amounts of user assets in hot wallets, making them high-value targets.
In contrast, decentralized finance (DeFi) protocols only accounted for 6% of total losses, despite being historically more vulnerable to smart contract bugs. This shift in attack focus indicates that hackers increasingly pursue single points of failure in centralized ecosystems rather than the fragmented and often slower-moving DeFi platforms.
Still, DeFi didn’t escape unscathed. In March alone, attackers targeted protocols like Abracadabra.money, draining $13 million, and Zoth, which lost $8.32 million. Overall, March saw 20 separate attacks, contributing $33.46 million to Q1’s loss total.
Blockchains Most Affected in Q1 2025
While attackers mostly targeted centralized platforms, blockchain ecosystems also saw repeated incidents. Binance’s BNB Chain experienced the highest number of security breaches, with 19 separate incidents, followed by Ethereum with 15.
BNB Chain, formerly known as Binance Smart Chain, has faced criticism over its frequent vulnerabilities. The blockchain’s low transaction fees and popularity among developers attract a wide range of users but also open the door to spam attacks and insecure protocols.
Ethereum, while more mature and secure, also witnessed attacks due to the complexity of DeFi integrations and the sheer number of active protocols running on the chain. Although the value stolen on Ethereum was significantly lower than on centralized exchanges, the repeated breaches reveal that no ecosystem remains entirely safe.
Community Response and Industry Reactions
The community responded swiftly to the Q1 chaos. Crypto Twitter and Reddit exploded with commentary, as users questioned the security postures of leading exchanges and projects. Influencers called for greater transparency, auditing, and open-source verification to ensure that platforms don’t cut corners.
In response to the Bybit breach, the exchange promised to reimburse affected users and announced a partnership with Chainalysis to track the stolen funds. Phemex took similar steps, suspending withdrawals temporarily and launching a security overhaul.
Meanwhile, developers and white-hat hackers pushed for wider adoption of bug bounty programs, which offer incentives for identifying vulnerabilities before malicious actors exploit them. Immunefi and other platforms noted a surge in demand for their services after the March wave of attacks.
A New Phase in Crypto Security
Q1 2025 sent a clear message: the threat landscape has changed. Attackers now focus on centralized targets with higher reward potential and leverage state-level sophistication in their methods.
Crypto firms must rethink their security strategy. Simple firewalls, cold storage, and smart contract audits no longer provide sufficient protection. Today’s attackers exploit multi-layered vulnerabilities, from API misconfigurations to weak KYC systems and compromised admin keys.
Exchanges and DeFi protocols must implement zero-trust architecture, multi-party computation (MPC) wallets, and real-time anomaly detection systems. They also need to invest in threat intelligence and build relationships with global law enforcement agencies.
Looking Ahead: What Must Change?
To prevent another catastrophic quarter like Q1 2025, the crypto industry must adopt several key changes:
-
Mandatory Third-Party Audits: Exchanges should undergo quarterly audits from independent cybersecurity firms.
-
Bug Bounties and White-Hat Collaborations: Projects must reward ethical hackers for finding bugs before black-hat actors do.
-
Full Transparency: Platforms should disclose security breaches in real time to protect users and preserve trust.
-
Cross-Chain Security Standards: Blockchains must collaborate to develop shared standards for secure token bridging and contract deployment.
-
Regulatory Cooperation: Governments must work with the crypto industry to build frameworks that tackle cross-border cybercrime and money laundering via stolen crypto.
Conclusion
Crypto lost more than $1.6 billion in Q1 2025, making it the most damaging quarter in the industry’s history. The Bybit and Phemex hacks alone accounted for 94% of those losses, underscoring the threat centralized platforms face from increasingly advanced attackers.
As hackers grow more capable and better funded, the crypto world must act with urgency. Security can no longer remain a checklist item—it must become a foundational pillar of every crypto company’s DNA. The price of ignoring this lesson has already proven catastrophic.
