2025 Sets Records for Crypto Hacks and Wrench Attacks Worldwide

The year 2025 closed as one of the most turbulent in cryptocurrency security history. Hackers, scammers, and even physical assailants found new ways to breach the digital and physical defenses of crypto participants. Industry researchers, including TRM Labs, recorded unprecedented activity from organized crime and state-linked operators. Alongside those exploits, a wave of so-called “$5 wrench attacks” added a real-world danger to crypto ownership.

2025 marks record levels of hacks and exploitation

According to data published by TRM Labs, cybercriminals stole over $2.72 billion from the crypto sector in 2025. The first blow came in February, when hackers linked to North Korea targeted centralized exchange Bybit, making off with about $1.5 billion worth of digital assets.

Investigators later determined that a developer’s computer at Safe, a multi-signature wallet provider, had been compromised.

The year also saw high-profile incidents affecting major exchanges and decentralized platforms. Coinbase revealed that corporate subcontractors had been bribed to hand over customer information, exposing addresses and personal details. According to the company, the ensuing fallout could cost up to $400 million in damages and remediation, though no user funds had been stolen.

DeFi was not spared. Cetus Protocol lost $223 million through a vulnerability that enabled attackers to manipulate smart contracts using spoof tokens. The protocol managed to recover around $162 million and resumed operations after 17 days. Similar events struck UPCX for $70 million and BtcTurk for $48 million.

The Nobitex exchange in Iran was hit for $90 million by a hacker group identifying itself as pro-Israeli. Compliance experts at Crystal Intelligence said that retail investors bore the brunt of the losses despite the attackers’ claims that they targeted the Iranian government.

Further south, Upbit in South Korea lost $36 million from its Solana wallet in November in an attack attributed once again to North Korean Lazarus Group actors.

“Wrench attacks” expose physical threats to crypto holders

Beyond the growing sophistication of online exploits, 2025 also saw a disturbing rise in physical coercion cases, known as “$5 wrench attacks.”

Ari Redbord, head of policy at TRM Labs, said that “2025 was a record year for wrench attacks,” with about 60 documented cases. “The true number is likely significantly higher,” he added, as many victims do not report assaults specifically as crypto-related crimes.

According to a log maintained by Jameson Lopp, security expert and long-time Bitcoin advocate, the number could reach 70 attacks worldwide. This would mark an increase from 41 incidents in 2024 and 36 in 2021.

In one notable case in France, Interior Minister Bruno Retailleau acknowledged in early 2025 that roughly a third of global crypto-related assaults occurred within French territory, including the high-profile kidnapping of Ledger co-founder David Balland and his spouse.

Security professionals connected the increase to excessive online visibility. Nick Bax, founder of Ump.eth and member of SEAL, cited “poor privacy” and corporate data leaks as prime risk factors.

According to Have I Been Pwned, more than 17 billion email accounts have been exposed globally, affecting major crypto companies and service providers.

Rising security demands and expert advice

The combination of digital breaches and physical attacks forced experts to revisit personal operational security. Redbord from TRM Labs said that the best mitigation steps include “reducing exposure and strengthening key management, limiting public signals of crypto ownership on social media, using multisignature or passphrase-protected wallets, and separating everyday wallets from long-term holdings.”

Pablo Sabbatella, co-founder of Opsek, advised that users must employ layered wallet structures: long-term funds in time-locked, multisig wallets and transactional funds in separate accounts.

“You can’t have direct access to long-term funds,” he explained. “Design systems that do not allow you to move your long-term funds alone.”

He also urged adopting whitelisted addresses and creating protocols for emergencies. Another expert, Odysseas from Phylax, suggested decoy wallets with minor holdings to satisfy attackers during a coercive event.

Sabbatella further recommended that crypto holders undergo physical security training and practice drills to simulate possible threats.

“There is no such thing as perfect security, only better security, and it always comes at a cost,” said Tor Bair, CEO of Hybrid Minds Advisory and former president of the Secret Foundation.

Outlook

2025 revealed a maturing criminal landscape where network hackers, insider threats, and physical attackers operate in parallel. As markets recover and asset values rise, the crypto industry faces a dual challenge: protecting technology infrastructure and safeguarding individuals whose digital wealth can make them real-world targets.

The Largest Cryptocurrency Hacks of All Time | HODL FM

Crypto’s biggest hacks ever! From Mt. Gox to Ronin, here’s how…

HODL FM: The Wildest Ride in the Crypto MarketHODL Team

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.