Crypto users lost $2bln to hacks in Q1

Over $2 bln was lost to crypto hacks in Q1 2025, with Bybit's $1.46 bln exploit leading the surge in access control attacks.

According to a report by crypto cybersecurity firm Hacken, in Q1 2025, over $2 bln in user funds was lost to access control exploits, rug pulls, phishing scams and smart contract vulnerabilities.

The hidden cost of access

As Web3 continues to evolve, one threat stands above the rest in both scale and impact: access control exploits. In the first quarter of the year, these vulnerabilities were responsible for over $1.6 bln in losses - making them the most pressing security issue facing the industry today.

For three consecutive quarters, the largest hacks in crypto have all involved Safe multisig wallets - not because of flaws in the smart contracts themselves, but due to weak operational security. The most notable example was Bybit, which suffered the largest hack in crypto history on Feb. 21, with a staggering $1.46 billion stolen, although all user losses were fully covered by the exchange.

Some reports indicate that the North Korean hackers behind the $1.46 bln Bybit hack control over 11,000 cryptocurrency wallets used to launder stolen funds. The growing involvement of North Korean state actors underscores the rising sophistication and scale of these operations.

These incidents underscore a growing crisis around how access and authority are managed in Web3 teams. Extractor, Hacken’s on-chain threat detection engine, reveals just how vulnerable many setups remain - and how much could be done to prevent these kinds of attacks with stronger processes and monitoring.

DeFi holding strong, CeFi faltering

While DeFi platforms have kept losses relatively contained, CeFi projects have apparently borne the brunt of recent damage. Bybit and Phemex alone accounted for more than $1.5 bln in losses, driven by compromised signer workflows and breakdowns in access control. For more on how DeFi platforms have performed vs. CeFi in terms of security last year, check out this blog post.

Social engineering strikes again

Beyond technical failures, social manipulation continues to be a major vector for attacks. The LIBRA token rug pull, which drained nearly $300 mln, shocked the community with its mix of political hype and insider trading. Meanwhile, phishing scams led to almost $100 mln in stolen funds, capitalizing on poor user security habits and increasingly sophisticated bait tactics.

Smart contract exploits still costly

Though smart contract bugs accounted for less than 2% of the total losses, they still caused $29 mln in damage. Projects like zkLend experienced breaches that highlight ongoing issues with code quality and maintenance.

Overall, it appears that attackers aren’t just stealing more:they’re getting better at hiding the loot. New laundering methods are emerging, including the use of perpetual exchanges and fake sandwich attacks to wash stolen funds and evade detection.

Stay safe, stay smart

1inch has always taken the security of its users very seriously. Since the very beginning, we’ve introduced a range of sophisticated tools designed to keep user funds safe, and we’ve ensured that all 1inch smart contracts undergo rigorous auditing.

That said, the fast-moving world of crypto can be tricky to navigate — and even seasoned users can slip up. That’s why we’ve put together a detailed guide to help you protect your funds and stay ahead of potential risks.

Navigate the crypto space safely with 1inch!