Crypto Hacks 2025: Full List Of Scams, Exploits And Vulnerabilities Including ByBit, AdsPower, & Phemex – CCN.com

Crypto Hacks 2024: Full List Of Scams, Exploits And Vulnerabilities
Key Takeaways
As 2025 unfolds, the cryptocurrency world continues to be a dynamic battlefield where evolving technologies are met with equally sophisticated threats. This year, the crypto world is already witnessing a new wave of hacks and scams that reflect emerging vulnerabilities in blockchain protocols, smart contracts, and decentralized finance platforms. 
With cybercriminals adapting to advanced security measures, every breach serves as an important reminder of the need for ongoing innovation in cybersecurity.
In 2025, the stakes are higher than ever as both established and emerging entities navigate these risks. 
In this article, learn about the latest security breaches and exploits, ensuring that you remain well-informed in an ever-changing digital landscape.

The decentralized finance (DeFi) sector remains one of the most vulnerable areas in the crypto ecosystem, with hackers continually exploiting its open architecture and complex smart contract systems. 
In previous years, DeFi platforms witnessed a series of high-profile hacks and scams that highlighted weaknesses in protocol design, private key management, and governance models. From flash loan attacks to phishing schemes targeting liquidity providers, the landscape of DeFi crime is evolving rapidly. 
Let’s learn about hacks and scams happening in 2025 to stay updated on security vulnerabilities to secure your crypto assets.
Below table summarizes significant incidents in 2025, beginning with the dramatic events surrounding the Moby hack.
On February 21, 2025, hackers stole approximately $1.46 billion in cryptoassets from Bybit, a Dubai-based exchange. Investigators believe malware tricked the platform into approving unauthorized transactions, sending funds to the attacker.
Elliptic continues working with Bybit, crypto service providers, and investigators to track the funds and prevent North Korea from profiting.
In January 2025, specifically between January 21st and 24th, AdsPower, a company specializing in anti-detect browser technology, suffered a cyberattack resulting in the theft of $4.7 million in cryptocurrency. 
The attackers compromised AdsPower’s distribution system, replacing a legitimate browser plugin used for managing crypto wallets with a malicious version. 
For those three days, users who downloaded or updated the plugin unknowingly installed malware. This malware allowed the attackers to steal mnemonic phrases and private keys, giving them full access to users’ crypto wallets. 
Five wallets were ultimately compromised. This attack highlights the danger of off-chain vulnerabilities, even when software is downloaded from seemingly legitimate sources. It reinforces the importance of robust private key security practices such as cold storage and multi-signature wallets for protecting substantial crypto holdings.
On Jan. 23, 2025, the Phemex cryptocurrency exchange was the victim of a significant security breach. Attackers exploited a vulnerability in Phemex’s hot wallet system, resulting in the theft of over $85 million in cryptocurrency. 

Phemex immediately responded by suspending deposits and withdrawals, and initiated an investigation with third-party security experts and law enforcement. 
While initially estimated to be lower, the scale of the theft was progressively revised upwards by security firms and analysts. Phemex CEO Federico Variola described the attack as “sophisticated” but refrained from naming any specific threat actors. 
To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon.
Phemex and the development team apologize for the disruption.… https://t.co/Gsqp2Fx7HP
— Phemex (@Phemex_official) January 23, 2025

Although the investigation is ongoing, large-scale crypto thefts are often attributed to North Korean hacking groups. Phemex has since implemented a more secure system and is gradually restoring withdrawal functionality for various cryptocurrencies and networks. They have also cautioned users to avoid using old deposit addresses.
The DeFi space experienced its first major hack of 2025 when attackers exploited Moby (on 8 Jan), an options platform on the Arbitrum network, stealing $2.5 million in USDC, WETH, and WBTC. The breach was caused by a leaked private key, allowing hackers to activate an emergency withdrawal function. 
On January 8, 2025, Moby experienced an incident involving the leakage of a private key, which affected some LP assets within certain protocols. However, we promptly addressed the situation based on our team’s swift efforts and support from partners.
We want to emphasize that it…
— Moby (@Moby_trade) January 8, 2025

However, in a dramatic twist, whitehat hacker Tony Ke from Solayer Labs/Fuzzland recovered $1.5 million in USDC by exploiting a flaw left in the attacker’s replacement contract. This helped decrease total losses by 60%.
Moby assured users that it would reimburse affected traders and liquidity providers, while $1 million of stolen funds in WETH and WBTC remains unrecovered. 
This incident underscores the ongoing risks within DeFi and highlights the critical role of whitehat hackers in mitigating damage. 
The Chainalysis 2025 Crypto Crime Report highlights critical trends shaping the evolving landscape of illicit activity in the digital asset space. As cybercriminals adopt increasingly sophisticated methods, the insights below reveal the strategies, challenges, and opportunities for combating crypto crime. These findings emphasize the importance of vigilance and advanced blockchain intelligence in safeguarding the cryptocurrency ecosystem.
In 2024, the cryptocurrency landscape continued to face significant security challenges despite advancements in blockchain technologies. 
The table below summarizes the major hacks and scams of 2024, highlighting the targets, dates, and estimated losses. These incidents underscore the persistent vulnerabilities within the space and the critical need for robust security measures.
January 03, 2024
$4.5 Million
Reflecting on the year 2023, it was marked by several high-profile security breaches in the cryptocurrency space. 
The following table presents an overview of the major incidents from 2023. These events not only had substantial financial consequences but also served as important lessons for enhancing cybersecurity within the industry.
The ever-evolving nature of cryptocurrency technology continues to push boundaries, but it also invites sophisticated threats. Hacks and scams targeting centralized exchanges, DeFi protocols, and individual users highlight vulnerabilities that require constant vigilance.
As seen in 2025 so far, cybercriminals are becoming more innovative, exploiting smart contracts, private keys, and user errors. At the same time, whitehat hackers and blockchain intelligence providers play a crucial role in recovering stolen funds and mitigating damage.
Protecting the crypto ecosystem demands proactive security measures, collaboration across sectors, and ongoing user education. Whether you are a platform operator, trader, or casual investor, staying informed and adopting robust security practices is vital.
This article will continue to be updated as new incidents unfold. Stay tuned for the latest developments and insights into how the cryptocurrency industry is tackling these challenges and working toward a more secure future.

The growing adoption of cryptocurrencies, combined with their pseudonymous nature and high liquidity, makes them an attractive target for cybercriminals. Weaknesses in protocols, user errors, and the allure of decentralized systems amplify the risk.
Hackers exploit vulnerabilities such as smart contract flaws, phishing scams, private key compromises, flash loan attacks, and malware to steal funds from platforms and individual users.
Crypto exchanges can be targeted for hacks due to their vast amounts of assets, vulnerabilities, inadequate security measures, or internal malpractices that may lead to unauthorized withdrawals, data breaches, or other exploitations.
Users can secure crypto wallets by using hardware wallets for significant amounts, employing solid and unique passwords, enabling two-factor authentication, and being vigilant against phishing attempts and malicious software.
Users should secure their wallets with strong passwords, use hardware wallets, enable two-factor authentication, avoid suspicious links, and conduct thorough research before engaging with crypto platforms or projects.
The crypto industry can minimize risks by enhancing regulatory compliance, conducting regular audits, adopting real-time monitoring tools, and fostering collaboration between platforms, whitehat hackers, and blockchain intelligence providers.

source