Crypto Exchange Hacks and Security Statistics 2026: Cyber Risk Trends

In the high-stakes world of cryptocurrency, security has become a defining challenge. These hacks have not only caused massive financial losses but also intensified the demand for tighter, more reliable security protocols in the industry. As the digital landscape grows, the value and vulnerability of crypto assets rise, compelling exchanges to invest heavily in cutting-edge security measures to prevent a single vulnerability from leading to substantial losses.

Editor’s Choice

• In 2025, crypto hacks caused global losses exceeding $2.55 billion, with Bybit suffering a single theft of $1.5 billion in February.​
• Bitcoin’s price fluctuated between approximately $109,000 and $125,000 in October 2025, based on weekly trading averages across major exchanges.
• As of October 2025, the Nomad Bridge hack from 2022 has yet to recover more than $41 million of the original $190 million stolen, with partial compensation launched.​
• North Korean hackers accounted for over $2 billion in stolen crypto by October 2025, representing more than 60% of all exchange thefts globally.​
• In January 2025, Moby Trade on Arbitrum lost $2.5 million due to a leaked key, with only $1.5 million rapidly recovered by a whitehat MEV bot.​

Overview of Crypto Exchange Hacks

• In H1 2025, crypto hacks caused losses exceeding $2.37 billion, an increase of approximately 66% over H1 2024.​
• Centralized exchanges accounted for 79% of all reported platform breaches in H1 2025, making them the primary targets.​
• DeFi platforms saw a 44% rise in attacks, driven by persistent smart contract vulnerabilities.​
• Phishing attacks were responsible for 48% of exchange breaches, remaining the top social engineering tactic.​
• Malware-based intrusions climbed by 26% in 2025, predominantly affecting smaller exchanges with weaker defenses.​
• SIM-swapping represented 19% of major hacks in H1 2025, highlighting ongoing flaws in SMS-based authentication.​
• A global survey in 2025 reported 63% of exchanges raised cybersecurity budgets, but 31% still suffered at least one breach this year.​

High-Profile Crypto Exchange Hacks

• In February 2025, CoinEx suffered a $165 million loss from a zero-day exploit that bypassed multi-layer authentication.​
• Binance was hit in March 2025, with a $90 million breach that triggered temporary withdrawal suspensions on key tokens.​
• KuCoin faced a DNS hijack in 2025 that intercepted login credentials and led to losses totaling $52 million.​
• A European DeFi exchange lost $26 million in a weekend social engineering attack targeting hot wallets.​
• In July 2025, a Coinbase breach exposed sensitive data of over 250,000 users, sparking fresh debates on user data protection.​
• Gemini endured a massive DDoS attack in May 2025, causing hours-long outages but no confirmed financial losses.​

Bitcoin ATM Growth by Region

• Global installations rose from 37,722 to 38,726, marking a +1,004 increase or +2.7% growth in the first half of 2025.
• Europe saw a significant uptick, climbing from 1,652 to 1,801 ATMs, a +149 increase or +9.0% growth, driven by wider adoption across the EU.
• USA remained the dominant market, expanding from 30,119 to 30,447 ATMs, with a +328 increase or +1.1% rise in H1 2025.
• Canada experienced steady growth, adding 245 ATMs to reach 3,621, reflecting a +7.3% increase year to date.
• Australia recorded the strongest regional surge, jumping from 1,385 to 1,876 ATMs, a +491 increase or +35.5% growth, showcasing rapid expansion in Oceania.

Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

Get the Weekly Briefing - it's free!

✅ Join readers from Visa, Vanguard, and the FDIC.

Types of Cryptocurrency Hacks

• Social engineering attacks now account for 33% of exchange breaches in 2025, targeting human error over technical flaws.​
• Phishing scams surged by 40% in early 2025, with fake exchange sites and emails responsible for the majority of stolen credentials and private keys.​
• Malware and spyware infections rose significantly in 2025, especially threatening users on platforms lacking robust two-factor authentication.​
• Hot wallet breaches made up about 62% of stolen crypto funds in 2025, highlighting the risks of always-online storage.​
• Smart contract exploits in DeFi led to more than $263 million in protocol asset losses, driven by persistent unchecked vulnerabilities.​
• Zero-day exploits were used in 19% of major 2025 attacks, exploiting flaws unknown to developers or security teams.​

Hacks of Centralized Exchanges

• Hot wallet breaches remain the leading threat, causing 82% of all CEX-related losses over the past five years.​
• In 2025, API vulnerabilities accounted for 17% of CEX hacks, exposing transaction flows and user metadata.​
• Unauthorized account access was involved in 29% of CEX breaches, often due to weak password practices and a lack of 2FA.​
• Internal fraud and employee collusion contributed to 11% of all CEX attacks, reflecting gaps in insider risk controls.​
• Unregulated CEXs saw at least one major breach in 43% of cases, revealing the dangers of lax compliance frameworks.​
• Server-side attacks like DDoS disrupted CEX availability but rarely led to losses, though they eroded user trust significantly.​
• The average detection time for CEX hacks in 2025 is 68 hours, with faster response linked to lower financial damage.​

DeFi Hacks and Protocol Vulnerabilities

• Smart contract flaws caused 67% of DeFi losses in 2025, mostly due to unchecked code and poor audit coverage.​
• Cross-chain bridge exploits resulted in over $1.5 billion in stolen funds by mid-2025, making bridges the primary interoperability risk.​
• Flash loan attacks surged again in 2025, accounting for over $92 million in losses in April alone through token price manipulation schemes.​
• Oracle manipulation triggered an estimated $115 million in losses in 2025 by exploiting inaccurate or delayed off-chain data feeds.​
• Reentrancy attacks made up 17% of DeFi breaches in 2025, draining funds via recursive smart contract calls.​
• Liquidity pool drains led to $103 million in stolen assets in 2025, often caused by vulnerable protocol logic and unaudited contracts.​
• Lack of audits remains critical, with 52% of DeFi platforms reporting a security breach within their first operational year.​

Largest Crypto Exchange Hacks by Amount Stolen

• Bybit tops the list as the largest crypto hack ever, with losses totaling $1.5 billion, underscoring the scale of 2025’s most devastating breach.
• Poly Network follows with $611 million stolen, highlighting the continuing risks in cross-chain bridge protocols.
• BSC Token Hub suffered a $582 million hack, reflecting persistent vulnerabilities in DeFi interoperability systems.
• Ronin Network lost $540 million, a reminder of the massive Axie Infinity exploit that shocked the gaming blockchain sector.
• Coincheck experienced a $532 million breach, one of the most notable in Japan’s crypto history.
• FTX recorded $482 million in stolen assets during its collapse, mixing internal chaos and external exploitation.
• Mt. Gox, one of the earliest exchange hacks, saw $470 million stolen, setting the tone for future crypto security failures.
• DMM faced a $325 million attack, reflecting vulnerabilities in centralized exchange wallet systems.
• Wormhole lost $308 million in a high-profile DeFi bridge exploit, further exposing smart contract risks.

Wallet Hacks and Social Engineering

• SIM-swapping attacks caused over $320 million in losses in 2025, letting hackers bypass SMS-based two-factor authentication.
• Fake wallet apps stole more than $500 million from crypto users in 2025, targeting MetaMask, Trust Wallet, and Coinbase.
• Cold wallet security stayed strong in 2025, with only a few physical breaches in high-adoption regions.
• Phishing via email spoofing and malicious links caused 20% of wallet hacks in 2025, exploiting trusted brand names.
• Vulnerable browser extensions led to 6% of wallet data leaks in 2025, mainly affecting browser-based wallets.
• Malware attacks on exchanges accessing users’ hot wallets caused over $200 million in losses in 2025, underscoring storage risks.​

Common Vulnerabilities in Crypto Exchanges

• Outdated 2FA systems led to a 32% rise in account takeovers in 2025, especially on platforms still relying on SMS-based verification.​
• Weak API security caused 27% of centralized exchange breaches in 2025, allowing attackers to bypass authentication protocols.​
• Unencrypted user data resulted in 17% of crypto data breaches this year, exposing users to identity theft and fund loss.​
• Poor internal access controls enabled unauthorized employee access in 11% of exchange hacks during 2025.​
• Lack of smart contract audits caused over $540 million in DeFi losses in 2025, mainly due to unverified or reused code.​
• Third-party service flaws, like misconfigured cloud storage, contributed to 24% of infrastructure-related breaches in 2025.​
• Insufficient phishing awareness among users led to 43% of phishing incidents ending in direct monetary theft this year.​

Smart Contract and Exchange Code Vulnerabilities

• Unverified smart contracts caused over $630 million in DeFi losses in 2025, mainly from unchecked bugs and copied code.
• Lack of automated testing led to 16% of DeFi platforms launching with critical vulnerabilities undetected.
• Upgradability flaws caused $270 million in damages, mostly in projects without multi-signature governance.
• Oracle manipulation made up 13% of DeFi exploits in 2025, as attackers tampered with external data feeds.
• Reentrancy bugs led to $325 million in stolen assets in 2025, especially from older or forked contracts.
• Infrequent audits left 52% of DeFi protocols exposed in 2025, with over six months between code reviews.
• Cross-chain flaws caused 22% of DeFi hacks in 2025, with insecure bridges and messaging tools compromising assets.​

Governmental Efforts Against Crypto Threats

• The US Treasury rolled out a 2025 compliance rule requiring real-time breach disclosure and tighter surveillance for crypto exchanges.​
• The EU’s MiCA regulation now covers DeFi and stablecoins, enforcing security audits and transparency across all 27 member states.​
• Japan’s FSA mandates quarterly cybersecurity audits and annual compliance certifications for all licensed domestic exchanges.​
• South Korea’s enhanced AML laws led to a 33% decline in crypto-linked fraud in 2025, driven by tighter KYC and reporting rules.​
• Singapore expanded its white-hat bounty program in 2025, offering up to $150,000 in rewards for finding vulnerabilities before exploitation.​

Recent Developments in Exchange Security

• On January 23, 2025, Phemex suffered a breach, stealing about $85 million in crypto assets from its hot wallet.
• In February 2025, zkLend was hacked, losing around $9.5 million in digital assets due to a smart contract flaw.
• In June 2025, Coinswitch filed to recover $10.2 million tied to the $230 million WazirX cyberattack, aided by a user relief fund.
• The U.S. CFPB proposed 2025 rules requiring crypto firms to refund users for hack-related losses.
• The European ESMA pushed for mandatory third-party cybersecurity audits under MiCA before its December 2025 rollout.​

Frequently Asked Questions (FAQs)

Conclusion

Cryptocurrency exchanges continue to confront formidable security challenges. While hackers are developing more sophisticated tactics, the industry is responding with advanced security technologies, regulatory improvements, and collaborative initiatives. From increased government oversight to innovative AI-driven threat detection, the focus on robust, multi-layered security is crucial. As crypto exchange security evolves, users, developers, and regulators must work together to protect this fast-growing digital frontier and instill confidence in the future of digital asset exchanges.