Cryptocurrency crime is surging in 2025, with total crypto losses for the first half of the year already exceeding the 2023 total and on track to set a new record, according to a new report by American blockchain analysis firm Chainalysis.
This surge is being driven by thefts from cryptocurrency services, and personal wallet compromises.
Total crypto losses reached approximately US$2.8 billion in H1 2025, 12% higher than the 2023 total of about US$2.5 billion and equivalent to roughly 88% of 2023’s US$3.3 billion. At the current pace, losses could surpass US$4 billion by year-end, exceeding the previous record set in 2022.
Crypto services as prime targets
This year, cryptocurrency services continue to bear the brunt of thefts, with over US$2.17 billion stolen in H1 2025. The figure is 17% higher than in 2022, previously the worst year on record. If current trends continue, thefts from services could exceed US$4.3 billion this year, Chainalysis predicts.
The US$1.5 billion hack of ByBit in February 2025 accounted for the majority of service losses in H1 2025 and marked the largest crypto theft in history.
Hackers linked to North Korea’s Lazarus Group allegedly breached one of ByBit’s suppliers and altered a digital wallet address used for transferring 401,000 ethers.
Previously, the Lazarus Group hackers targeted banks, but have, in the last five years, specialized in attacking cryptocurrency companies, an industry that’s less protected with fewer mechanisms in place to prevent money laundering.
Notable past incidents include the 2019 hack of US$42 million from South Korean crypto exchange Upbit; the 2020 theft of US$275 million from crypto exchange KuCoin; the 2022 Ronin Network attack which netted more than US$600 million in crypto; and the 2023 theft of over US$100 million from the Atomic Wallet service. In 2024, North Korea-related crimes accounted for at least US$1.3 billion in losses, according to Chainalysis, underscoring the growing sophistication of state-sponsored actors in the crypto space.
Personal wallet compromises on the rise
Personal wallet compromises are also becoming more significant, with attackers increasingly targeting individual users. In H1 2025, such incidents accounted for 23.35% of all stolen fund activity year-to-date (YTD) in 2025, a decline from roughly 44% in 2024, but more than double their 10% share in 2022.
This trend reflects improved security practices at major service providers, pushing attackers towards less-protected individuals, as well as the growing accessibility of sophisticated targeting individual-targeting techniques, including artificial intelligence (AI). Rising crypto prices have also increased the value of crypto held in personal wallets, making them more attractive targets.
Data show that bitcoin theft continued to represent a significant portion of stolen value in H1 2025. However, stablecoins are gaining in prominence, overtaking ether as the second most stolen crypto during the period.
Data also reveal that the average loss resulting from compromised personal wallets storing bitcoin is increasing over time. This suggests that attackers are deliberately targeting higher-value individual holdings.
Attacks are also increasing on altcoin wallets, particularly on non-bitcoin and non-Ethereum virtual machine (non-EVM) chains like Solana.
The rise of “wrench attacks”
One disturbing development this year is the rise of so-called “wrench attacks”. In these attacks, criminals use physical violence or coercion against individuals to access their crypto holdings.
In 2025, wrench attacks are on pace to double the highest previous annual total, a surge which correlates with bitcoin’s price outlook and which suggests that perceived future gains may encourage more such crimes.
Several high-profile cases have made headlines in the past year. On January 21, 2025, David Balland, a co-founder of French crypto firm Ledger, and his wife were kidnapped from their home in central France. Ledger is one of France’s most successful tech startups, valued at US$1.47 billion, according to CB Insights.
The kidnappers demanded a crypto ransom, part of which was paid. Balland and his wife were rescued in a police operation, and at least nine suspects have since been detained.
In May, the father of a crypto-millionaire was abducted, with kidnappers demanding a ransom of between EUR 5 million (US$5.7 million) and EUR 7 million (US$7.9 million), France24 reported. A source close to the investigation said that one of the father’s fingers had been chopped off. Police arrested seven suspects.
That same month, the daughter and grandson of a French cryptocurrency entrepreneur narrowly escaped a kidnap attempt by armed men in Paris. According to video footage, three masked men jumped out of a van and tried to force the woman and her child into the vehicle. The attackers fled in the vehicle, which was found close by. The woman is the daughter of the CEO and co-founder of Paymium, a French crypto exchange platform.
Crypto laundering patterns
The Chainalysis report also examines laundering behavior, noting significant differences between personal wallet compromises and service attacks.
In 2024 and 2025, threat actors targeting services mainly used cross-chain bridges as a means of laundering funds by chain hopping. Cross-chain bridges allow different blockchains to securely share data, allowing users to transfer funds between blockchains that would otherwise be unable to communicate.
Mixers are also more predominantly used by thieves targeting services. A crypto mixer is a service that collects, pools and pseudo-randomly shuffles the cryptocurrencies deposited by many users to obfuscate the origins and owners of the funds.
By contrast, funds stolen from personal wallets tend to interact more with token smart contracts, suggesting a swap. These funds would also flow into sanctioned entities like Garantex, suggesting a Russian perpetrator intersection, or they would move to centralized exchanges, implying less sophisticated laundering techniques.
Featured image by andranik.h90 on Freepik
