In the first six months of 2025, the total losses from hacker attacks on cryptocurrency platforms reached $3.01 billion. According to analysts at Global Ledger, 119 major incidents were recorded during this period, which is a 55% increase compared to all losses from the previous year. Only 4.6% of the stolen assets were recovered.
This is reported by Finway
Dynamics of Attacks and Speed of Money Laundering
Criminals act extremely quickly: the fastest transfer of stolen funds occurred just four seconds after the hack, and the entire money laundering process was completed in less than three minutes (2 minutes 57 seconds). In one-third of the cases, money laundering was completed within the first day after the hack.
The average time interval between the attack and the first movement of funds is 15 hours. Announcements about incidents appeared on average 37 hours after the event, giving hackers about 20 hours of advantage to hide their actions from monitoring services and law enforcement.
In 84% of cases, hacks were recorded on the day of the incident, but in 68.1% of attacks, the funds had already been transferred by the time of public disclosure. In over 64% of cases, the movement of assets began within the first day.
Main Targets of Attacks and Channels for Laundering Cryptocurrencies
Centralized exchanges remain the most vulnerable to hackers, accounting for 54.26% of total losses. The second category with the most losses was token contracts, totaling $517.8 million (17.2%), followed by personal wallets ($351.3 million or 11.67%).
The majority of stolen funds were laundered through cross-chain bridges — over $1.5 billion, accounting for 50.1% of the total amount. Another 15.1% of funds were transferred through centralized exchanges, 11.3% through mixers, and 5.6% through DeFi platforms.
The largest losses were caused by attacks using malicious approvals. There were a total of eight such incidents, but the loss amount reached $1.46 billion (almost half of the total), including one that occurred on the Bybit exchange.
“Among the common types of attacks: exploits of smart contracts totaling $365.5 million, compromise of private keys ($650.05 million), and rug pulls — six cases totaling $514.07 million.”
Analysts highlight the main methods used by criminals: exploits of smart contracts, compromise of private keys, and fraudulent rug pull schemes.
How to Reduce Risks and Enhance Security
To counter such attacks, experts recommend implementing real-time transaction monitoring using artificial intelligence, employing device fingerprinting technologies, and analyzing user behavior. It is also important to create a very short response window — 10-15 minutes for virtual asset service providers (VASP) — and to organize rapid information exchange with law enforcement through formalized channels.
Legal restrictions also remain a problem: exchanges can hold assets for no longer than seven days, while police often need 30 days or more to go through official procedures.
In June 2025, the total losses from hacker attacks in the crypto sector amounted to nearly $112 million.