According to blockchain security firm PeckShield, crypto hacks in the first quarter of 2025 resulted in losses exceeding $1.63 billion, marking a 131% increase compared to the same period last year. The Bybit breach alone accounted for 92% of the total losses.
PeckShield reported that January 2025 saw crypto hacks causing over $87 million in damages. However, this figure skyrocketed to $1.53 billion in February, primarily due to the attack on Bybit—one of the largest crypto heists to date.
Apart from the Bybit incident, February also recorded a series of other attacks, leading to total losses of $126 million. Notable cases included a $50 million exploit targeting Infini, a $9.5 million hack on zkLend, and an $8.5 million loss from the Ionic platform.
However, the situation improved significantly in March, with total hack-related losses dropping by 97% compared to the previous month, down to $33 million. Some stolen funds were even recovered, helping mitigate damages for users and protocols.
A 131% Year-over-Year Surge
PeckShield recorded over 60 crypto hacks in Q1 2025, with total losses amounting to $1.63 billion—a sharp 131% increase from the $706 million lost in Q1 2024.
The largest hack in March was an attack on the decentralized finance (DeFi) protocol Abracadabra.Money, resulting in a $13 million loss. According to PeckShield, the attacker drained 6,260 Ether from the protocol on March 25.
Another significant incident was an $8.4 million hack targeting Zoth, a real-world asset (RWA) restaking protocol. On March 21, security firm Cyvers flagged a suspicious transaction from Zoth, revealing that an attacker had withdrawn $8.4 million from the protocol’s wallets before converting the assets into stablecoins and transferring them to another address.
Although millions were lost in March, some cases saw the return of stolen assets. Notably, on March 7, a hacker who stole $5 million from the decentralized exchange (DEX) 1inch returned 90% of the funds.
The hacker had exploited a vulnerability in 1inch’s smart contract. To recover the stolen assets, the exchange offered a 10% bounty—equivalent to $500,000—if the hacker returned the remaining funds. Eventually, the attacker accepted the deal and sent back $4.5 million to 1inch.
