While 2025 has come and gone, it didn't leave without its fair share of cryptocurrency heists. And in a digitally connected world, they happen at the speed of light.
So once transactions occur, they are irreversible. Funds can and are stolen in the blink of an eye. And many crypto exchanges have seen considerable amounts of cryptocurrency stolen from them.
What happened?
When in February of 2025, the Dubai-based cryptocurrency exchange,ByBit, got hacked, it wasn't bits and pennies that were stolen. The hack exploited a vulnerability which made it possible for the attackers to penetrate the system and steal the funds.
Vulnerabilities is why hacks occur
This Bybit attack, questions the strength of systems to protect against data breaches. When a hack occurs, usually it means that there is some kind of vulnerability in a system, which hackers exploit to their advantage and extract user data or, as in the case of ByBit, steal funds.
One article described the vulnerability that was exploited this way,
"The hackers exploited a free storage software product that ByBit used to move Ethereum to another location, most likely coupled with phishing attacks to access control and download malware."
Following the attack, about $1.5 billion in Ethereum was stolen by the hackers. Some say that this is the largest amount ever stolen in the history of cryptocurrency, till date.
But if this was by far the biggest cryptocurrency heist, 2025 saw other exchanges and wallets also get hacked.
Exchanges and wallets that got hacked
ByBit wasn't the only exchange that was impacted. Even some of the most used wallets and other notable exchanges were hacked. Here are a few of them.
Trust wallet
The Trust Wallet hack was actually a browser extension vulnerability. When BNB shutdown the BEP2/BEP8(BNB Beacon Chain) network, in December of 2024, Trust wallet ended support for token activities on the Beacon Chain network.
On its website, Trust Wallet gave BEP2/BEP8 token holders, the necessary steps to take, in order to transfer their assets. The guideline explained how users could migrate their assets from BNB Beacon Chain to the newly adopted BNB Smart Chain-BSC.
The transition meant that if you had assets in BEP2/BEP8, you could,
1-swap your assets directly from the app if the swap feature was available or,
2-install the Trust wallet browser extension, on your web browser. Making the transfer was then possible, through the BNB Beacon Chain token recovery dApp.
However on Christmas day, according to a Nominis article,
Trust Wallet suffered a supply-chain security incident affecting its official Chrome browser extension.
When the incident occurred Trust Wallet issued a statement on its X(Twitter) page stating,
We've identified a security incident affecting Trust Wallet Browser Extension version 2.68 only. Users with Browser Extension 2.68 should disable and upgrade to 2.69.
Due to the security incident, Trust wallet confirmed,
that approximately $7M has been impacted and we will ensure all affected users are refunded.
Following the incident, Trust Wallet issued the,
Trust Wallet-Browser extension Reimbursement Claim Form,
to be filled out by affected users so they could be refunded.
The CoinBase Hack
If you have ever received an email demanding ransom in Bitcoins so, "your naughty pictures won't be posted on social media," this is a ransom demanding attack.
This type of attack is usually common when an attacker tries to scam a potential victim using for example, the adult porn strategy. In this type of scam, the attacker sends an email to the potential victim.
In the email, the attacker goes to length to explains that they have in their possession, compromising photos of the potential victim, while they were watching online porn.
The attacker threatens to release those photos on social media but then the potential victim is given a chance to prevent the photos from being made public.
And that is to transfer an X amount of money in Bitcoins, so the photos won't be released. The attacker then leaves a Bitcoin address at the end of the mail.
In May of 2025, Coinbase suffered a data breach where customer details were stolen. The attackers then sent a letter to Coinbase demanding a $20 million ransom.
Here is how Coinbase described the breach on their website.
"Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks.
These insiders abused their access to customer support systems to steal the account data for a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched."
The insider data breach that Coinbase was referring to, came from a customer support staff in southeast Asia that involved a local Texas outsourcing firm.
Following the ransom demand, Coinbase responded with a $20 million reward fund saying,
"Instead of paying the $20 million ransom, we're establishing a $20 million reward fund for information leading to the arrest and conviction of the attackers."
Attackers are getting sophisticated
The above mentioned data breaches on Trust Wallet and Coinbase, are just a few losses that occurred in 2025. However the year in question, according to a Yahoo Finance article, was the most profitable for attackers.
Losses amounted to a total of about $4-$5 billion with at least $3 billion in the first six months alone. Such losses can only point to the fact that attackers are becoming more and more sophisticated in what they do.
And data breaches, scam, and cryptocurrency heists, are becoming more prevalent than ever. They are turning into becoming normal administration, like a daily walk in the park, or going to your favorite coffee shop for a cappuccino.
The biggest losers
For wallets and exchanges that were compromised and the funds stolen,2025 was a rough year for them. Both centralized and decentralized, cold and hot wallets were compromised.
And there were top loser such as
- Nobitex exchange of Iran where roughly $81 million was stolen
- Libra Token where investors suffered losses amounting to about $251 million and
- BTCTurk where it is reported that approximately $48 million was stolen from their hot wallet.
These figures are alarming for the fact that they signal an increase in the number of crypto theft that occur. And analyst are worried that even though measures are being taken to strengthen the security, attackers will seek ways to by pass these security.
Already the start of 2026 has seen the first big hit on a cryptocurrency exchange with $26 million stolen from the Truebit platform. This is just the beginning of the New Year. If funds are stolen at this rate, then 2026 might surpass 2025 in crypto losses.