2025 marked a turning point for cybersecurity in the crypto industry: the largest DeFi attack in history on Bybit resulted in a $1.5 billion loss and exposed how vulnerable even major platforms can be. The operation was orchestrated by the North Korean Lazarus Group, which exploited a sophisticated supply chain vulnerability to compromise security elements of the exchange.
The Largest Hacker Attack on Bybit
The Bybit attack was executed through a vulnerability in a third-party component called Safe wallet — attackers turned a trusted subsystem into a channel for fund withdrawals. This operation stood out both in scale and technique, forcing the industry to rethink assumptions about the "immutability" and reliability of infrastructure.
In response, Bybit CEO Ben Zhou pledged full reimbursement of lost assets from the corporate treasury and announced a record $140 million bounty as part of a public campaign against the attack organizers. The exchange's reaction became one of the most notable examples of rapid response from a centralized platform following a major breach.
Other Significant Hacker Attacks in 2025
Total losses for crypto platforms in 2025 reached $3.5 billion; beyond Bybit, several major incidents significantly impacted the market. In May, attackers used AI-phishing and voice cloning to compromise Coinbase's support system, resulting in fund losses ranging from $180 million to $400 million; social engineering elements played a key role in the attack, as detailed in the materials on fraud protection on social engineering methods.
The DeFi sector was also hit hard: an exploit of the Cetus protocol caused a $231 million loss. Other notable incidents include a politically motivated attack on Iran's Nobitex (about $90 million) by the "Predatory Sparrow" group, compromise of internal credentials at Coindcx ($44 million), the Upbit hack ($36 million), and a supply chain attack via third-party tools at Bigone ($27 million).
Trends in Cryptocurrency Security
Chainalysis data shows a significant shift in theft patterns: the share of leaks from personal wallets sharply increased in previous years, reaching 44.4% in 2024, although in 2025 the share of personal wallets in total theft volume dropped to 20.6% for the year. Nevertheless, the tendency for private key and credential compromise remains one of the industry's main challenges.
In response, some blockchains and platforms have implemented the ability to freeze funds at the protocol level: this option is already available on 16 blockchains and is being discussed as a tool to halt large withdrawals in cases of obvious hacks. At the same time, interest is growing in joint initiatives for signal sharing and coordination — initiatives like SEAL 911 and projects related to zeroShadow aim to create operational bridges between ecosystem participants. For a broader view of threats and protection measures in Web3, see the article on Web3 security security in Web3.
Why This Matters
Even if you mine on a small number of devices, major hacks change the game: the rise in attacks on infrastructure and personal wallets increases risks of sudden liquidity losses and complicates fund withdrawals in critical situations. Additionally, the introduction of protocol-level freezes and enhanced controls means that protection and recovery mechanisms can affect the ability to quickly move or convert mined coins.
For miners in Russia, this means considering not only the security of home devices but also the reliability of platforms and services you interact with — from wallet providers to exchanges. Understanding threats like AI-phishing and supply chain attacks helps evaluate which services to use and which to avoid when withdrawing or storing large sums.
What to Do?
Below are practical steps relevant for miners with any number of devices, from a single home rig to a small pool of up to 1000 machines.
- Separate storage: keep significant reserves on cold storage devices and minimal amounts on exchanges; use multisignature solutions where possible.
- Protect access: use unique passwords, hardware keys, and two-factor authentication; regularly review permissions for all services and API keys.
- Monitor updates: update firmware and software, control sources of add-ons and third-party libraries to reduce supply chain attack risks.
- Evaluate counterparties: choose wallets and exchanges with transparent policies on responding to hacks and a history of prompt reimbursements or cooperation with threat response initiatives.
- Be prepared for incidents: keep backup plans for withdrawals and access recovery, as well as basic support contacts and emergency action instructions.
If you want to dive deeper into threats for Bitcoin holders and understand how they relate to your mining practice, the article on specific risks for Bitcoin owners threats for Bitcoin owners provides a detailed analysis of attack vectors and protection measures.
FAQ
What happened in 2025? In 2025, the largest DeFi attack in history targeted Bybit, resulting in a $1.5 billion loss; overall, platforms lost about $3.5 billion due to various hacks and exploits throughout the year.
Who was behind the Bybit hack? The North Korean Lazarus Group was behind the Bybit attack, using a supply chain exploit to compromise security components.
How did the exchange respond to the incident? Bybit CEO Ben Zhou guaranteed full reimbursement of affected assets and announced a $140 million bounty as part of efforts to track and deter the attack organizers.
What other attack vectors were notable in 2025? In May, attackers used AI-phishing and voice cloning against Coinbase support, enabling fund withdrawals between $180 million and $400 million.