Crypto theft totaled $73 million in January 2025, a 44% drop compared to $133 million in January 2024, according to Immunefi.
However, losses skyrocketed from December’s $3.8 million, marking a ninefold monthly increase.
The biggest breach targeted Singapore-based exchange Phemex, resulting in $69 million in losses, while Moby Trade suffered a $2.5 million attack. CeFi platforms accounted for 93% of all stolen funds, while DeFi hacks amounted to just $4.8 million across 18 incidents.
Immunefi CEO Mitchell Amador warned that CeFi remains the top target for hackers, mainly due to private key compromises, which often lead to massive fund withdrawals. DeFi, on the other hand, faces more frequent but less severe losses due to its smart contract vulnerabilities.
CeFi platforms are also exposed to phishing attacks and human error, highlighting the need for stronger security practices. Amador stressed the importance of enhanced key management, reducing reliance on single private keys, and staff training to prevent breaches.
Immunefi is actively supporting security enhancements, offering $181 million in bug bounties to ethical hackers to help protect over $190 billion in crypto assets.
A malicious open-source project on GitHub disguised as a Solana trading bot has compromised user wallets, according to a July 2, 2025, report by cybersecurity firm SlowMist.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.