Cybersecurity in Cryptocurrency Statistics 2026: Hack Totals - SQ Magazine

This report has been updated 3 times. Last updated on May 28, 2026 May 2026: Refreshed all theft totals to year-end 2025 figures from the Chainalysis December 2025 update and February 2026 Crypto Crime Report, replacing prior early-2025 estimates with $3.4 billion in stolen funds. May 2026: Added the Bybit $1.5 billion mega-breach as the central February 21, 2025 anchor, with FBI and Elliptic attribution to DPRK Lazarus Group. May 2026: Added a section on personal-wallet compromise with network-level victimization data covering 158,000 incidents across Ethereum, Tron, and Solana per 100,000 wallets. May 2026: Added Coinbase May 2025 breach data sourced directly from SEC Form 8-K (69,461 affected customers, $180 to $400 million remediation). May 2026: Updated wallet-drainer phishing to the 2025 Scam Sniffer figures showing an 83% year-over-year drop and the emergence of EIP-7702 post-Pectra attacks. May 2026: Refreshed ransomware-in-crypto data with the Chainalysis $820 million 2025 total, 28% payment rate, and $59,556 median payment. May 2026: Extended FBI IC3 coverage to include both the 2024 final report ($9.32 billion crypto-nexus losses) and the April 2026 release of 2025 figures ($11 billion). SEE ALL UPDATES The latest cybersecurity in cryptocurrency statistics show theft totaled over $3.4 billion in 2025, with the Bybit breach in February alone accounting for approximately $1.5 billion of that figure, per Chainalysis. The top three hacks in 2025 accounted for 69% of all service losses, and the ratio between the largest hack and the median incident crossed the 1,000x threshold for the first time – a concentration shift the industry has not seen before. Crypto security today looks different from any prior year, and the broader cybersecurity statistics tell a parallel story: aggregate theft is up because of one catastrophic event, personal-wallet compromises are spreading wider but draining less per victim, and the attacker pool has industrialized at both the nation-state and retail-fraud tiers. The data below covers theft totals, the Bybit incident, DPRK Lazarus activity, exchange breaches, self-custody compromise, wallet drainers, DeFi exploits, ransomware, and US-specific FBI IC3 fraud losses. Key Takeaways Cryptocurrency theft reached over $3.4 billion in 2025, one of the worst years on record outside the 2022 peak. DPRK attacks accounted for a record 76% of all service compromises in 2025. Personal-wallet compromise incidents surged to 158,000 in 2025, affecting 80,000 unique victims, nearly triple that of 2022. Wallet-drainer phishing losses fell to $83.85 million across 106,106 victims, down 83% year-over-year. Centralized-service breaches drove 88% of Q1 2025 losses, a record concentration of risk. Only approximately 40% of crypto exchange users enable two-factor authentication, leaving the majority exposed. Ransomware actors received approximately $820 million in on-chain payments in 2025, an 8% decline year-over-year. Editor’s Choice The Bybit hack on February 21, 2025, saw approximately $1.5 billion stolen – the largest single crypto heist in history. North Korea’s Lazarus Group stole at least $2.02 billion in 2025, a 51% year-over-year increase. DPRK’s all-time crypto theft now sits at a lower-bound estimate of $6.75 billion. The FBI’s 2024 IC3 report recorded $9.3 billion in US crypto-nexus losses across 149,686 complaints, up 66% from 2023. The 2025 FBI IC3 release counted 181,565 crypto complaints totaling more than $11 billion in US losses. Ransomware median payments climbed 368% year-over-year to $59,556 in 2025. Coinbase disclosed in a May 14, 2025, SEC filing that approximately 69,461 customers had personal information compromised, with remediation costs estimated at $180 to $400 million. Recent Developments February 26, 2026: Chainalysis published its 2026 Crypto Crime Report ransomware section, reporting approximately $820 million in on-chain ransomware payments for the calendar year. April 6, 2026: The FBI released its 2025 Internet Crime Report, showing nearly $21 billion in total internet-crime losses and more than $11 billion in cryptocurrency-related losses. December 18, 2025: Chainalysis released its 2025 stolen-funds analysis, confirming over $3.4 billion in theft and at least $2.02 billion attributed to North Korea. December 2025: Scam Sniffer’s 2025 wallet-drainer report logged $83.85 million in losses across 106,106 victims, an 83% decline year-over-year. Q1 2026: The FBI launched Operation Winter SHIELD, building on Operation Level Up, which has surpassed 8,000 total victims notified and reduced losses by more than $500 million. Cybersecurity in Cryptocurrency Statistics: Theft Totals and Year-over-Year Trends Cryptocurrency theft in 2025 totaled over $3.4 billion from January through early December, according to Chainalysis. The top three hacks alone accounted for 69% of all service losses in 2025. The ratio between the largest hack and the median incident crossed the 1,000x threshold for the first time, surpassing the 2021 bull market peak. Centralized services drove 88% of Q1 2025 losses through advanced attacks on private-key infrastructure. Illicit cryptocurrency addresses overall received at least $154 billion in 2025, a 162% year-over-year increase, but still under 1% of attributed crypto transaction volume. Sanctions-evasion volume jumped 694% to over $104 billion in 2025, the single largest illicit category. Scams and fraud were estimated at roughly $17 billion across the year. Crime Category (2025) Volume Sanctions evasion over $104 billion Scams and fraud ~$17 billion Stolen funds (hacks) $3.4 billion Ransomware payments ~$820 million Total illicit over $154 billion Source: Chainalysis 2026 Crypto Crime Report By the numbers: Per Chainalysis, illicit crypto volume reached $154 billion in 2025, but $104 billion of that sat with sanctioned entities, $17 billion with scams, and $3.4 billion with outright hacks. Stolen funds are a tenth of the illicit picture – and yet they drive most of the headlines, because they hit identifiable victims fast. Bybit Hack and the Era of Mega-Breaches On February 21, 2025, Bybit lost approximately $1.5 billion in cryptoassets in what Elliptic calls the largest theft of any kind in history. SQ Magazine maintains separate Bybit hack statistics coverage for ongoing developments. The attack exploited the multisignature cold-wallet system, with attackers manipulating the user interface to disguise malicious transactions during the signing process. The FBI formally attributed the Bybit hack to North Korean threat actors, specifically the cluster the agency refers to as TraderTraitor, which overlaps with Lazarus Group activity. Within two hours of the hack, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. Around 15% of the stolen assets had been moved through laundering services by the following day. The Bybit incident was a single event so large that the DPRK service-compromise share would have been 37% rather than 76% if it weren’t for the outsized impact of the Bybit attack. Year Largest Single Hack Amount Attribution 2025 Bybit $1.5 billion DPRK (TraderTraitor / Lazarus) 2024 DMM Bitcoin ~$305 million DPRK 2022 Ronin Bridge $625 million DPRK (Lazarus) 2021 Poly Network $611 million Unidentified 2014 Mt Gox ~$460 million Long-running internal theft Source: Chainalysis, Elliptic, FBI public attributions The Bybit event sits in a class of its own. Cumulative crypto cyber threats have produced large incidents before, but the 1,000x outlier ratio reset the cybersecurity in cryptocurrency statistics baseline – most years see the largest hack sit 50x to 200x above the median. North Korea (DPRK) Crypto Theft Statistics North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase. DPRK attacks accounted for a record 76% of all service compromises in 2025. The lower-bound cumulative DPRK theft estimate now sits at $6.75 billion all-time. DPRK laundering concentrates slightly over 60% of volume below a $500,000 transfer value, in contrast to other actors who send most funds in larger tranches. Following major DPRK theft events, stolen funds follow a structured laundering pathway over approximately 45 days across three distinct waves. The DPRK’s 45-day laundering window unfolds in three waves. Wave 1 covers days 0-5: DeFi protocols see the most dramatic increase at +370% in stolen fund flows, serving as the primary entry point. Wave 2 covers days 6-10: exchanges with limited KYC (+37%) and centralized exchanges (+32%) begin receiving flows as integration begins. Wave 3 covers days 20-45: no-KYC exchanges (+82%) and Chinese-language platforms like Huione (+45%) serve as final conversion points toward fiat or other assets. Key finding: Per Chainalysis, DPRK laundering shows a +355% to +1,000%+ preference for Chinese-language money-movement services, +97% for cross-chain bridges, and +100% for mixing services compared to other actors. The pattern persists across multiple years, indicating operational constraints rather than tactical choice. Centralized Exchange Breach Statistics Coinbase disclosed in a May 14, 2025, SEC Form 8-K that approximately 69,461 customers had personal information compromised. SQ Magazine tracks the broader crypto exchanges landscape for ongoing context. The threat actor demanded a $20 million payment in exchange for not making the information public. Compromised data included names, dates of birth, partial Social Security numbers, partial bank account numbers, addresses, phone numbers, email addresses, government-ID images, and account-balance snapshots. Coinbase estimated remediation costs would range from approximately $180 million to $400 million. The company offered a $20 million reward for information leading to the arrest and conviction of the threat actor. Login credentials and 2FA codes were not accessed, and no customer funds were lost as a result of the breach. Centralized exchanges accounted for 88% of Q1 2025 service losses, driven by attacks on private-key infrastructure and signing flows. Exchange Date Customers / Funds Impact Vector Bybit Feb 21, 2025 $1.5 billion stolen Multisig UI manipulation Coinbase May 11, 2025 (disclosed May 14) 69,461 customers PII Bribed third-party support agents Various exchanges 2024-2025 Various DPRK IT worker infiltration Source: SEC EDGAR Form 8-K (Coinbase), Chainalysis Personal Wallet and Self-Custody Compromise Statistics Personal-wallet compromise incidents surged to 158,000 in 2025, nearly triple the 54,000 recorded in 2022. Unique victims rose from 40,000 to at least 80,000 over the same window, per Chainalysis. Total USD stolen from individual victims declined from $1.5 billion to $713 million year-over-year in 2025. Personal-wallet compromise share of total stolen value fell from 44% to 20% in 2025, distorted by the outsized Bybit event. Solana had by far the largest number of personal-wallet incidents at approximately 26,500 victims in 2025. Ethereum and Tron show the highest theft rates per 100,000 active personal wallets, while Base and Solana sit lower in victimization rate. Worth noting: Per Chainalysis, the personal-wallet paradox is real – attackers reached more users in 2025 but stole less per victim. Average loss per personal-wallet incident dropped sharply, which suggests phishing infrastructure scaled while individual takings shrank. The risk surface widened; the per-victim severity contracted. Wallet Drainer and Phishing Loss Statistics Total signature-phishing losses fell to $83.85 million across 106,106 victims in 2025, down 83% from 2024’s $494 million. SQ Magazine covers the broader phishing email statistics landscape in detail. Victim counts dropped 68% from 332,000 in 2024 to 106,106 in 2025. The largest single 2025 theft was $6.5 million via a Permit signature in September, down 88% from the 2024 record of $55.48 million. Q3 2025 saw phishing totals reach $31.04 million during the strongest ETH rally of the year. August and September together accounted for 29% of yearly phishing losses. 11 large cases (each over $1 million) totaled $22.98 million, or 27% of yearly losses. Permit and Permit2 signatures accounted for 38% of large-case losses. EIP-7702 exploitation emerged shortly after the Pectra upgrade, with two August cases producing $2.54 million in losses. The Pectra upgrade introduced EIP-7702, letting externally owned accounts act with smart-contract behavior via temporary delegation – attackers bundle multiple malicious operations into a single signature. Average loss per victim fell from $1,488 in 2024 to $790 in 2025, reflecting the wider spread of low-take phishing alongside the new attack class. Crypto-targeted AI cyber attacks have lowered the cost of producing convincing phishing pages. DeFi Exploit and Smart Contract Vulnerability Statistics DeFi protocols served as the primary entry point for DPRK laundering in 2025, seeing the most dramatic increase at +370% in stolen fund flows during the first wave of post-hack movement. Q1 2025 was an outlier on the centralized side: centralized-service breaches accounted for 88% of Q1 losses, shrinking the DeFi-specific share. Personal-wallet incidents related to DeFi protocol usage surged to 158,000 total in 2025 across networks, with Solana leading in raw count. DPRK post-hack Wave 1 laundering shows DeFi protocols see the most dramatic increase at +370% in stolen fund flows, showing DeFi remains the primary first-stop for stolen funds. The Bybit incident, while exchange-targeted, leveraged multisignature cold-wallet user-interface manipulation during the signing process. DeFi Risk Category (2025) Pattern Smart contract exploits Down year-over-year despite higher TVL Cross-chain bridge attacks Continuing target for DPRK laundering Front-end / UI manipulation Primary vector in Bybit and Safe{Wallet} cases Personal-wallet drain via DeFi sign-in Active across Solana, Ethereum, Tron Source: Chainalysis Crypto Ransomware Payment Statistics Total on-chain ransomware payments fell to approximately $820 million, an approximately 8% decline year-over-year from $892 million. SQ Magazine maintains dedicated ransomware statistics coverage with deeper sector breakdowns. Claimed ransomware attacks rose 50% year-over-year, marking the most active year on record per eCrime.ch data. The share of ransoms paid potentially reached an all-time low at 28% in 2025. Median ransom payment climbed 368% year-over-year from $12,738 to $59,556. Some analyses track as many as 85 active extortion groups in the ransomware ecosystem after the fragmentation of major Ransomware-as-a-Service operations. One of 2025’s costliest events, the cyberattack on Jaguar Land Rover, inflicted an estimated £1.9 billion (approximately $2.5 billion) in economic damage. Healthcare ransomware remained acute – DaVita Inc. saw almost 2.7 million patient records exposed in 2025. Metric 2025 2024 YoY Change Total on-chain payments $820 million $892 million -8% Claimed victims record high baseline +50% Payment rate 28% ~32% -4 pts Median payment $59,556 $12,738 +368% Active extortion groups ~85 fewer fragmented Source: Chainalysis 2026 Crypto Crime Report (ransomware section) FBI IC3 US Crypto Fraud Losses The FBI’s 2024 IC3 Annual Report logged 149,686 cryptocurrency-nexus complaints totaling $9.3 billion in losses, a 66% increase year-over-year. The 2024 total internet-crime losses reached a record $16.6 billion across all categories. The 2025 IC3 release (issued April 2026) reported 181,565 crypto complaints totaling more than $11 billion in US losses. In 2025, total internet crime losses jumped to nearly $21 billion across 1,008,597 complaints. Americans 60 and older reported approximately $7.7 billion in losses, up 37% from the prior year. Investment fraud remained dominant – nearly 49% of all scam-related losses came from investment schemes. Crypto Investment Fraud and Romance Scam Statistics Crypto investment fraud in 2024 generated 41,557 complaints and $5.82 billion in losses, up 29% in complaint volume and 47% in losses from 2023. Americans over 60 lost $1.6 billion to crypto investment fraud across 8,043 complaints in 2024. Romance and confidence scams with a crypto nexus drew 3,811 complaints and $237 million in losses in 2024. Government impersonation fraud with a crypto nexus accounted for 3,585 complaints and over $146 million in losses in 2024. Tech-support fraud with crypto involvement reached 11,129 complaints and $962 million in losses in 2024. Personal-data-breach crime with a crypto nexus produced 11,644 complaints and $1.12 billion in losses in 2024. Crypto ATM and Kiosk Fraud Statistics Crypto ATM and kiosk fraud generated 10,956 complaints and $246.7 million in 2024 losses, a 99% jump in complaint volume and 31% jump in losses from 2023. Americans over 60 carried 2,674 ATM/kiosk complaints with $107 million in losses in 2024 – roughly 44% of the dollar total. Tech-support scams were the leading crime type associated with crypto ATM use, with 3,037 complaints and $107 million in losses. Government-impersonation tactics via crypto ATMs produced 1,786 complaints and $44.6 million in losses. Extortion via crypto ATM reached 4,189 complaints and $5.6 million in losses. The takeaway: Crypto ATMs and kiosks have become an elder-fraud lever rather than a retail-trading convenience. Per the FBI’s 2024 IC3 report, over $107 million of the $246.7 million in ATM-channel losses came from victims 60 and older. Operators of these machines are a regulatory pressure point that few jurisdictions have addressed. Wallet and Exchange Security Adoption Statistics Only approximately 40% of crypto exchange users enable two-factor authentication on their accounts. Wallets secured with multi-factor authentication show a 62% lower incidence of compromise compared to unprotected accounts. Over 99.9% of compromised accounts lack Multi-Factor Authentication per Microsoft. Approximately 39% of cryptocurrency exchanges experienced a data breach in 2024, primarily from inadequate security protocols. The global average cost of a crypto-sector data breach reached $5.3 million, a 15% increase from 2023. Security Behavior Adoption / Effect 2FA enabled on exchange account ~40% of users MFA-protected wallet compromise rate 62% lower than unprotected Compromised accounts lacking MFA over 99.9% Crypto exchanges with 2024 data breach ~39% Average crypto-sector breach cost (2024) $5.3 million Source: Security.org 2026 Cryptocurrency Adoption Report (cites Microsoft), industry compilations Most crypto holders sit on the wrong side of a binary: protected accounts have MFA, drained accounts do not. Common Questions Is cryptocurrency safe from hackers? Cryptocurrency is not inherently safe from hackers. The 2025 cybersecurity in cryptocurrency statistics show that over $3.4 billion was stolen, and total illicit on-chain volume reached $154 billion across all categories. Hardware wallets and MFA-protected exchange accounts reduce, but do not eliminate, risk. Self-custody leaves no recovery path if private keys are compromised, while exchange custody concentrates risk in the platform’s security posture. Are crypto wallets insured? Crypto wallets are generally not insured the way bank deposits are. SIPC and FDIC do not cover digital-asset holdings on most platforms. Some exchanges maintain private insurance for hot-wallet balances, but coverage limits, exclusions, and claims processes vary widely. After the Coinbase incident in May 2025, affecting approximately 69,461 customers, the exchange offered voluntary reimbursement, not formal insurance recovery. Conclusion The 2025 cybersecurity in cryptocurrency statistics tell a single story: cryptocurrency theft reached over $3.4 billion, anchored by a single Bybit hack at $1.5 billion and a DPRK haul of $2.02 billion that lifted North Korea’s all-time take to $6.75 billion. The structural shift – a 1,000x ratio between the largest hack and the median incident – changed the security calculus for centralized custodians, while personal-wallet compromise spread to 158,000 incidents across an 80,000-victim base. Looking ahead, three forces shape the coming year: DPRK’s continued industrialization of crypto theft via IT-worker infiltration and recruiter impersonation, the emergence of EIP-7702 as a post-Pectra attack class for wallet drainers, and a stubborn 2FA adoption gap where 60% of exchange users remain exposed. Protective behavior moves more slowly than attacker innovation, and the data through April 2026 reporting suggests the gap will define 2026 as much as it defined 2025.