2025 Crypto Crime Mid-year Update: Stolen Funds Surge as DPRK Sets New Records
Key findings
Stolen funds
With over $2.17 billion stolen from cryptocurrency services so far in 2025, this year is more devastating than the entirety of 2024. The DPRK’s $1.5 billion hack of ByBit, the largest single hack in crypto history, accounts for the majority of service losses.
By the end of June 2025, 17% more value had been stolen year-to-date (YTD) than in 2022, previously the worst year on record. If current trends continue, stolen funds from services could eclipse $4 billion by year’s end.
Personal wallet compromises now represent a growing share of total ecosystem theft, with attackers increasingly targeting individual users, making up 23.35% of all stolen fund activity YTD in 2025.
“Wrench attacks” — physical violence or coercion against crypto holders — show correlation with bitcoin price movements, suggesting opportunistic targeting during high-value periods.
Geographic trends
So far in 2025, significant concentrations of stolen fund victims have emerged in the U.S., Germany, Russia, Canada, Japan, Indonesia, and South Korea.
Regionally, Eastern Europe, MENA, and CSAO saw the most rapid H1 2024 to H1 2025 growth in victim totals.
Notable differences in the type of asset stolen have also emerged between regions, possibly reflecting the underlying pattern of regional adoption of crypto assets.
Laundering behavior
Some differences emerge in comparing the laundering of funds stolen from services vs. individuals. Overall, threat actors who have compromised services tend to exhibit higher levels of sophistication than those targeting personal wallets.
Stolen fund launderers consistently overspend to move funds, with average premiums fluctuating from 2.58x in 2021 to 14.5x YTD in 2025.
Interestingly, while the average cost in dollars to move stolen funds has declined over time, the multiple over the average cost to move funds on chain has increased.
Threat actors compromising personal wallets increasingly leave larger balances of stolen funds on-chain rather than immediately laundering stolen assets.
Thefts targeting personal wallets currently hold $8.5 billion in crypto on-chain, while funds taken from services amount to $1.28B.
The shifting illicit landscape
Illicit volumes thus far in 2025 are on track to meet or even exceed last year’s estimated $51 billion, despite significant changes to the illicit actor landscape. The closure of Garantex, a sanctioned Russian exchange, and the likely FinCEN Special Measures designation of Huione Group — a Cambodia-based Chinese language service that has processed over $70 billion in inflows — have reshaped how criminals move money through the ecosystem.
Amid this shifting landscape, stolen fund activity stands out as the dominant concern in 2025. While other forms of illicit activity have shown mixed trends YoY, the surge in cryptocurrency thefts represents both an immediate threat to ecosystem participants and a long-term challenge for the industry’s security infrastructure.
Funds stolen from services: A record-breaking trajectory
The cumulative trend in value taken from services paints a stark picture of 2025’s escalating threat environment. The orange line, which represents 2025’s YTD activity, shows a dramatically steeper trajectory into June than any previous year in our dataset, climbing past the $2 billion mark within the first half of the year.
Stolen funds
With over $2.17 billion stolen from cryptocurrency services so far in 2025, this year is more devastating than the entirety of 2024. The DPRK’s $1.5 billion hack of ByBit, the largest single hack in crypto history, accounts for the majority of service losses.
By the end of June 2025, 17% more value had been stolen year-to-date (YTD) than in 2022, previously the worst year on record. If current trends continue, stolen funds from services could eclipse $4 billion by year’s end.
Personal wallet compromises now represent a growing share of total ecosystem theft, with attackers increasingly targeting individual users, making up 23.35% of all stolen fund activity YTD in 2025.
“Wrench attacks” — physical violence or coercion against crypto holders — show correlation with bitcoin price movements, suggesting opportunistic targeting during high-value periods.
Geographic trends
So far in 2025, significant concentrations of stolen fund victims have emerged in the U.S., Germany, Russia, Canada, Japan, Indonesia, and South Korea.
Regionally, Eastern Europe, MENA, and CSAO saw the most rapid H1 2024 to H1 2025 growth in victim totals.
Notable differences in the type of asset stolen have also emerged between regions, possibly reflecting the underlying pattern of regional adoption of crypto assets.
Laundering behavior
Some differences emerge in comparing the laundering of funds stolen from services vs. individuals. Overall, threat actors who have compromised services tend to exhibit higher levels of sophistication than those targeting personal wallets.
Stolen fund launderers consistently overspend to move funds, with average premiums fluctuating from 2.58x in 2021 to 14.5x YTD in 2025.
Interestingly, while the average cost in dollars to move stolen funds has declined over time, the multiple over the average cost to move funds on chain has increased.
Threat actors compromising personal wallets increasingly leave larger balances of stolen funds on-chain rather than immediately laundering stolen assets.
Thefts targeting personal wallets currently hold $8.5 billion in crypto on-chain, while funds taken from services amount to $1.28B.
The shifting illicit landscape
Illicit volumes thus far in 2025 are on track to meet or even exceed last year’s estimated $51 billion, despite significant changes to the illicit actor landscape. The closure of Garantex, a sanctioned Russian exchange, and the likely FinCEN Special Measures designation of Huione Group — a Cambodia-based Chinese language service that has processed over $70 billion in inflows — have reshaped how criminals move money through the ecosystem.
Amid this shifting landscape, stolen fund activity stands out as the dominant concern in 2025. While other forms of illicit activity have shown mixed trends YoY, the surge in cryptocurrency thefts represents both an immediate threat to ecosystem participants and a long-term challenge for the industry’s security infrastructure.
Funds stolen from services: A record-breaking trajectory
The cumulative trend in value taken from services paints a stark picture of 2025’s escalating threat environment. The orange line, which represents 2025’s YTD activity, shows a dramatically steeper trajectory into June than any previous year in our dataset, climbing past the $2 billion mark within the first half of the year.
Post a comment
Request A Call Back
Ever find yourself staring at your computer screen a good consulting slogan to come to mind? Oftentimes.
0 Comments
No comments yet. Be the first to comment!