Crypto Sector Experiences Most Negative Quarter According to Immunefi Report
Largest Ever Quarterly Losses in Crypto Sector from Hacker Attacks, Report Shows
The first quarter of 2025 witnessed a significant surge in cybercrime-related losses for cryptocurrency projects, according to a report by Immunefi. The study revealed that hackers stole $1.64 billion across 40 incidents, marking a stark 4.7-fold increase compared to the same period last year.
These lossesively surpassed the total amount lost in all of 2024. In Q1 2024, thefts amounted to over $348.3 million, all of which occurred within the decentralized finance (DeFi) sector. By comparison, Q1 2025 has seen losses exceeding $1.7 billion by the end of April alone.
The most severe blow was inflicted on the Bybit exchange in February, which suffered a $1.46 billion loss due to a suspected attack by the North Korean Lazarus Group. Centralized platforms were not immune to attacks, as DeFi projects bore the brunt of the attacks, accounting for 38 out of 40 incidents. However, total losses in the sector decreased by 69% compared to last year, amounting to just $106.8 million.
Recovery efforts have had limited success, with only $6.5 million (or 0.4% of stolen assets) being retrieved. This is in stark contrast to a year ago, when the recovery rate was 21.2%.
BNB Chain was the most targeted network in Q1, experiencing 19 attacks, followed by Ethereum with 15 incidents. The majority of losses were concentrated on centralized exchanges, which remain attractive targets for hackers.
Immunefi's report also highlighted their ongoing bug bounty program, having paid over $112 million to security researchers and ethical hackers, contributing to the security of $25 billion in user funds.
On March 21, the real-world asset (RWA) restaking protocol Zoth was attacked, resulting in approximately $8.4 million in crypto losses. This incident underscores the ongoing security challenges that the rapidly evolving cryptocurrency sector faces.
Enrichment Data Relevant Details:- In Q1 2024, total losses due to hacks and scams were over $300 million, with all losses occurring exclusively within the DeFi sector. Ethereum was the main blockchain affected, accounting for 51% of losses during that period.- In April 2025, hackers stole over $92 million through 15 separate hacking incidents, marking a 124% increase from March 2025's $41 million losses. Reports indicate that crypto losses surged as much as 1,163% from March to April 2025, reaching $364 million due to a massive single Bitcoin phishing attack worth $331 million.- Noteworthy attacks included the open-source DeFi platform UPCX, which suffered over $70 million in losses, and KiloEx, a decentralized exchange that lost $7.5 million. Attackers manipulated smart contract vulnerabilities in Infini to steal $50 million and drained liquidity pools in zkLend through a $9.5 million flash loan attack.- The April 2025 Bitcoin heist (phishing attack) targeted an elderly U.S. individual, resulting in the theft of 3,520 Bitcoins worth about $331 million. Advanced social engineering techniques were used instead of exploiting software vulnerabilities, emphasizing the evolving nature of crypto threats.- Ethereum and BNB Chain accounted for approximately 60% of blockchain-related losses in April 2025. Other networks affected included Arbitrum, Solana, Sonic, and ZKsync, each suffering single attack incidents.
The surge in cybercrime within the cryptocurrency sector, as reported in Q1 2025 by Immunefi, shows that hackers stole $1.7 billion, primarily targeting Ethereum and BNB Chain, with most losses occurring on centralized platforms. This marks a significant increase from Q1 2024, where all of the $348.3 million in losses were reported within the decentralized finance (DeFi) sector using technology, underscoring the ongoing need for enhanced cybersecurity in the finance-focused uses of the Ethereum network.
