Crypto theft totaled $73 million in January 2025, a 44% drop compared to $133 million in January 2024, according to Immunefi.
However, losses skyrocketed from December’s $3.8 million, marking a ninefold monthly increase.
The biggest breach targeted Singapore-based exchange Phemex, resulting in $69 million in losses, while Moby Trade suffered a $2.5 million attack. CeFi platforms accounted for 93% of all stolen funds, while DeFi hacks amounted to just $4.8 million across 18 incidents.
Immunefi CEO Mitchell Amador warned that CeFi remains the top target for hackers, mainly due to private key compromises, which often lead to massive fund withdrawals. DeFi, on the other hand, faces more frequent but less severe losses due to its smart contract vulnerabilities.
CeFi platforms are also exposed to phishing attacks and human error, highlighting the need for stronger security practices. Amador stressed the importance of enhanced key management, reducing reliance on single private keys, and staff training to prevent breaches.
Immunefi is actively supporting security enhancements, offering $181 million in bug bounties to ethical hackers to help protect over $190 billion in crypto assets.
Avraham Eisenberg, known for orchestrating the 2022 Mango Markets exploit, has been handed a 52-month prison sentence—but not for his crypto-related activities.
Loopscale, a decentralized finance platform built on Solana, was forced to pause its lending operations after a major security breach led to losses of around $5.8 million.
Alex Mashinsky, co-founder and former CEO of the defunct crypto lending platform Celsius, is scheduled to be sentenced on May 8, 2025, following his guilty plea to two federal criminal charges late last year.
A decentralized exchange targeted in a multi-million-dollar exploit has recovered its losses just days after the incident, thanks to an unexpected twist involving the hacker themselves.