Dr. Khaled Walid Mahmoud
The record-breaking surge in cyber thefts targeting the cryptocurrency sector in 2025 signals a qualitative shift in the nature of digital threats—not only in terms of scale, but also in structure, tools, and actors. Reported losses exceeded $2.7bn, according to estimates by companies specialising in blockchain tracking, making 2025 the worst year on record for stolen digital assets. This escalation cannot be viewed in isolation from broader transformations in cyberspace, where artificial intelligence is increasingly reshaping the balance of power between attackers and defenders within a digital economy fundamentally built on trust and technical transparency.
Recent data indicate that cyberattacks are no longer limited to the theft of individual wallets or the exploitation of rudimentary vulnerabilities. Instead, they have come to target the core infrastructure of the cryptocurrency economy itself, ranging from centralised exchanges to decentralised finance (DeFi) protocols and Web3 technologies. The breach of the Bybit platform and the theft of nearly $1.4bn in cryptocurrencies exemplify this transformation. Beyond being the largest known theft in the sector’s history, the attack reflected a high level of planning and a deep, systematic understanding of key management mechanisms, signature systems, and operational architecture. This marks a shift from isolated technical hacks to what can be described as “financial cyber engineering,” capable of striking at the system’s structural foundations.
Within this context, artificial intelligence has emerged as a powerful risk multiplier. Machine learning algorithms are now widely used to analyse smart contract code and identify patterns of weakness at speeds far exceeding traditional human auditing capabilities.
These tools also enable attackers to simulate platform behaviour and test multiple breach scenarios before execution. AI-driven automation has further accelerated reconnaissance, execution, and obfuscation phases, including laundering proceeds through complex transaction networks. Meanwhile, many cryptocurrency projects continue to rely on conventional defensive tools or under-resourced security teams, widening the gap between offensive and defensive cyber capabilities.
Figures released by Chainalysis and TRM Labs underscore the depth of this structural imbalance. Both firms estimate total cryptocurrency losses in 2025 at approximately $2.7bn, a figure that extends beyond major platform breaches to include thefts from individual digital wallets. This indicates that risk now permeates the entire ecosystem, from infrastructure to end users. The same estimate is confirmed by De.Fi, a Web3 security firm that operates the REKT database, reinforcing the credibility of these numbers and highlighting a recurring pattern rather than isolated incidents.
This landscape also transcends the technical domain, assuming an increasingly dangerous geopolitical dimension. North Korea has emerged, according to published data, as the single largest beneficiary of recent crypto-related cyberattacks. Estimates by Chainalysis and Elliptic suggest that hackers linked to Pyongyang stole at least $2bn in cryptocurrencies in 2025 alone, bringing the cumulative total to roughly $6bn since 2017. These proceeds are believed to fund North Korea’s nuclear program, which remains under strict international sanctions. As a result, cryptocurrencies have effectively become an alternative strategic financing channel outside the traditional global financial system, placing the blockchain economy squarely within the realm of national security and international conflict.
Other major attacks throughout the year further illustrate the expanding scope and diversity of targets. These include the breach of the decentralised Cetus platform, resulting in losses of $223m; an attack on the Ethereum-based Balancer protocol causing $128m in losses; and the hacking of the Phemex exchange, with more than $73m stolen. This diversity, spanning both centralised and decentralized platforms, points to shared vulnerabilities in design and governance models. Reliance on similar codebases and shared libraries, combined with weak oversight and delayed response mechanisms, amplifies the impact of any single exploit.
A temporal comparison reveals a clear upward trajectory. Stolen cryptocurrency assets amounted to approximately $2bn in 2023, rose to $2.2bn in 2024, and then surged to $2.7bn in 2025. This persistent increase suggests that the evolution of offensive tools—particularly those powered by artificial intelligence is outpacing the development of defensive and regulatory mechanisms. As a result, the digital asset sector faces a fundamental test of resilience and trust.
Ultimately, the data from 2025 indicate that the cryptocurrency economy is confronting a structural impasse that cannot be resolved through piecemeal technical fixes. The challenge is no longer about patching individual vulnerabilities, but about redefining the cyber governance and security architecture underpinning the entire ecosystem. The sector now faces a stark choice: either transition toward a new phase of intelligent cybersecurity-integrating AI-driven defence, stronger governance, and international cooperation capable of addressing the geopolitical dimensions of these threats or continue as a high-risk environment, exposed to invisible cyber wars that steadily erode confidence. In a world where algorithms increasingly intersect with politics, the question is no longer whether cryptocurrencies are vulnerable to cyberattacks, but whether their current architecture can survive the next generation of intelligent threats.
— The writer is a researcher specialising in cyber politics, holding a PhD on the topic of “Cyberspace and Power Shifts in International Relations.”
The writer is a researcher specializing in cyber politics, holding a PhD on the topic of “Cyberspace and Power Shifts in International Relations.”
