--- title: "Cryptocurrency Security and Fraud Statistics 2026: Big Threats" date: 2026-04-22 author: "Barry Elad" featured_image: "https://coinlaw.io/wp-content/uploads/2026/04/cryptocurrency-security-and-fraud-statistics.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "Statistics" url: "/tag/statistics.md" --- # Cryptocurrency Security and Fraud Statistics 2026: Big Threats The FBI’s Internet Crime Complaint Center recorded **$11.36 billion** in [cryptocurrency fraud losses](https://coinlaw.io/cryptocurrency-fraud-trends-statistics/) in 2025, a 22% increase from the year before. Hackers stole another **$3.4 billion** through direct exploits, with North Korean state actors responsible for **$2.02 billion** of that total. Combined, these figures represent the worst year on record for cryptocurrency security. The data below covers [cryptocurrency security statistics](https://coinlaw.io/cybersecurity-in-cryptocurrency-statistics/) across hacking, fraud, scams, ransomware, DeFi exploits, and regulatory enforcement, drawn from the FBI, Chainalysis, TRM Labs, and other primary sources. ## Key Takeaways - The FBI recorded **$11.36 billion in crypto fraud losses** in 2025, up 22% year over year, with [investment scams](https://coinlaw.io/pig-butchering-scam-statistics/) accounting for **$7.23 billion** of that total. - Off-chain attacks (compromised credentials, social engineering, supply chain manipulation) caused **76% of all hack losses** ($2.2 billion), marking a clear shift from code-based exploits to human targeting. - North Korean hackers stole **$2.02 billion** in 2025, a 51% increase, and accounted for **76% of all service compromises** worldwide. - Ransomware payments dropped **8% to $820 million** in 2025, even as claimed attacks rose 50%, suggesting improved victim resilience. - Q1 2026 hack losses fell **88% year over year** to $168.6 million, though a single large exploit could reverse that trend. - Law enforcement recovered roughly **$2.4 billion** in 2024, while illicit crypto addresses received **$158 billion** in 2025, a ratio that highlights the scale gap between enforcement capacity and criminal activity. ## Editor’s Choice - Total cryptocurrency hack losses reached **$3.4 billion** in 2025, the worst year on record for direct theft. - Illicit crypto addresses received **$158 billion** in 2025, a 145% increase from 2024, though this represented only **1.2%** of total on-chain volume. - Crypto scam losses hit an estimated **$17 billion** in 2025, with AI-enabled schemes showing roughly **500%** higher profitability than traditional scams. - The Bybit hack in February 2025 resulted in **$1.5 billion** stolen, the largest single crypto theft in history. - The crypto security market reached **$6.79 billion** in 2026, projected to grow to **$26.92 billion** by 2032. - Carnegie Mellon researchers identified **270 million** [address poisoning attempts](https://coinlaw.io/address-poisoning-scam-statistics/) targeting **17 million** potential victims. - The FBI logged **181,565** cryptocurrency-related fraud complaints in 2025, averaging **$62,604** per complaint. ## Recent Developments - Chainalysis released its **2026 Crypto Crime Report** in **February 2026**, finding that illicit cryptocurrency addresses received at least **$154 billion** in 2025, a **162%** year-over-year increase. - Crypto theft reached **$3.4 billion** in 2025 per Chainalysis, with the **February 2025** Bybit exchange hack alone accounting for **$1.5 billion** of the annual total. - In **February 2026**, Chainalysis reported that **DPRK-linked** actors stole **$2.02 billion** in cryptocurrency during 2025, responsible for **76%** of all service compromises. - Impersonation scams showed **1,400%** year-over-year growth in 2025 per Chainalysis, with total scam and fraud losses reaching **$17 billion**. - **TRM Labs** published its **2026 Crypto Crime Report** in **March 2026**, documenting illicit flow typologies and reinforcing that nation-state actors drove the largest single-source compromise category. ## Cryptocurrency Hack Losses by Year - Hackers stole **$3.4 billion** in cryptocurrency during 2025, up from **$2.2 billion** in 2024, a 55% year-over-year increase. - The top 3 hacks in 2025 accounted for **69%** of all service losses, showing how a small number of large exploits drive annual totals. - North Korean state-sponsored groups were behind **$2.02 billion** of the 2025 total, their highest annual figure ever. - Hack totals remain highly volatile because one or two [mega-exploits](https://coinlaw.io/most-expensive-crypto-exchange-hacks/) can set records for any given year. - The 2025 figure surpassed the previous record of **$3.8 billion** set in 2022 during the Terra/Luna and FTX era. - TRM Labs tracked nearly **150 incidents** in 2025, with an average loss of **$19.5 million** per incident and a median of **$1.3 million**. - The top 10 incidents in 2025 represented **81%** of annual losses, an extreme concentration of damage. - CoinLaw’s data-first approach reveals a pattern that narrative coverage often misses: annual hack totals tell less about systemic security than the ratio of large-to-small incidents, which has grown steadily since 2021. YearTotal Hack LossesNotable IncidentIncident Count2019$0.29 billionCryptopia ($16M)112020$0.52 billionKuCoin ($280M)152021$3.2 billionPoly Network ($611M)250+2022$3.8 billionRonin Bridge ($625M)220+2023$1.7 billionMixin Network ($200M)180+2024$2.2 billionDMM Bitcoin ($305M)160+2025$3.4 billionBybit ($1.5B)~150*Source: Chainalysis, TRM Labs* ## Crypto Fraud Losses in the United States - The FBI’s IC3 recorded **$11.36 billion** in cryptocurrency-related fraud losses in 2025, up **22%** from $9.3 billion in 2024. - Investment fraud generated **$7.23 billion** in losses, the largest single category, with complaints rising **48%** year over year. - Recovery scams (impostors offering to retrieve stolen funds) added **$1.4 billion** in losses, often re-targeting previous victims. - Americans aged 60 and older lost **$4.43 billion** across **44,555 complaints**, the highest of any age group. - The average loss per complaint reached **$62,604**, reflecting the high-value nature of crypto fraud schemes. - Crypto-related [ATM fraud](https://coinlaw.io/atm-fraud-statistics/) generated **$389 million** in losses across **13,460 complaints**, a 58% increase in dollar losses. - FBI’s Operation Level Up notified **8,000 potential victims** and prevented over **$500 million** in losses, including $225.9 million in 2025. - Crypto fraud accounted for more than half of the FBI’s total **$20.877 billion** in reported cybercrime losses for 2025. YearFBI Reported Crypto LossesComplaintsTop Category2021$1.6 billion34,202Investment fraud2022$2.57 billion52,089Investment fraud2023$5.6 billion69,468Investment fraud2024$9.3 billion122,803Investment fraud2025$11.36 billion181,565Investment fraud*Source: FBI Internet Crime Complaint Center* ## Types of Cryptocurrency Attacks - Infrastructure attacks (compromised keys, supply chain manipulation) caused **$2.2 billion** in losses, representing **76%** of all hack-related damage in 2025. - [Smart contract exploits](https://coinlaw.io/malware-in-crypto-smart-contracts/) accounted for the remaining **24%**, a reversal from 2021 when code-based bugs drove the majority of losses. - The Bybit hack exploited a supply chain vulnerability in Safe{Wallet}’s signing infrastructure rather than any flaw in Bybit’s own smart contracts. - Off-chain incidents made up **56.5%** of all DeFi attacks historically, per Halborn’s analysis of the top 100 hacks. - Input verification failures caused **34.6%** of direct smart contract exploitation cases. - Compromised account credentials led to **47%** of total historical DeFi losses. - The “people, not code” shift is the defining trend of 2025: crypto’s largest vulnerability is no longer software but human operators. Our coverage of [crypto exchange market data](https://coinlaw.io/crypto-exchange-statistics/) shows a similar pattern, with the largest exchanges investing heavily in operational security over smart contract audits. - AI-powered social engineering amplified the human attack vector, with [deepfake impersonation tactics](https://coinlaw.io/synthetic-identity-fraud-statistics/) showing **1,400%** year-over-year growth. ![Types Of Cryptocurrency Attacks](https://coinlaw.io/wp-content/uploads/2026/04/types-of-cryptocurrency-attacks.jpg "Types of Cryptocurrency Attacks") > **By the numbers:** According to TRM Labs, infrastructure attacks targeting compromised keys, social engineering, and supply chain manipulation caused $2.2 billion in crypto losses during 2025, representing 76% of all hack-related damage. This marks a reversal from 2021, when code-based smart contract bugs drove the majority of exploits. Attackers now target human operators over protocol code. ## DeFi Exploit Statistics - Total DeFi hack losses from the top 100 incidents between 2014 and 2024 reached **$10.77 billion**, per Halborn’s analysis. - Only **20%** of hacked DeFi protocols had undergone security audits, yet audited protocols accounted for just **10.8%** of total value lost. - Flash loan attacks made up **83.3%** of eligible exploits in 2024, up from lower levels in prior years. - Just **19%** of exploited protocols used multi-signature wallets, and only **2.4%** relied on cold storage solutions. - DeFi security showed signs of improvement in late 2025: total value locked recovered from 2023 lows, but hack losses did not follow, suggesting better protocol-level defenses. - The Cetus Protocol exploit in May 2025 drained **$223 million** through a mathematical error in liquidity calculations. - Market manipulation attacks dominated 2021 at **32.1%** of incidents, while governance attacks comprised **5.6%** of exploits in 2024. - [DeFi market statistics](https://coinlaw.io/decentralized-finance-market-statistics/) show TVL has rebounded above $100 billion, yet the improved security posture suggests the industry is maturing beyond its “move fast and break things” phase. ![Top Crypto Attack Vectors (Flash Loan Exploits Analysis)](https://coinlaw.io/wp-content/uploads/2026/04/top-crypto-attack-vectors-flash-loan-exploits-analysis.jpg "Top Crypto Attack Vectors (Flash Loan Exploits Analysis)") ## Crypto Exchange Security Breaches - Approximately **39%** of cryptocurrency exchanges experienced a data breach in 2024, primarily from inadequate security protocols. - The global average cost of a data breach in the crypto sector reached **$5.3 million**, a 15% increase from 2023. - The Bybit hack in February 2025 (a **$1.5 billion** loss) stands as the largest exchange security failure in history, accomplished through compromised signing infrastructure rather than a direct network breach. - Only **40%** of crypto exchange users enable two-factor authentication on their accounts, leaving the majority vulnerable to credential theft. - Wallets secured with multi-factor authentication show a **62%** lower incidence of compromise compared to unprotected accounts. - Phishing attacks targeting exchange users led to over **$1.1 billion** in wallet-related thefts in 2025. - The top 3 exchange hacks in 2025 accounted for **69%** of all service losses, demonstrating how concentrated the risk remains among a small number of incidents. - Exchange cold wallet reserves and proof-of-reserves reporting increased throughout 2025, with major platforms publishing attestation reports quarterly. ![Top Exchange Hacks in Crypto History](https://coinlaw.io/wp-content/uploads/2026/04/top-exchange-hacks-in-crypto-history.jpg "Top Exchange Hacks in Crypto History") ## Phishing and Address Poisoning Statistics - Carnegie Mellon CyLab researchers identified **270 million** address poisoning attempts targeting **17 million** victims between July 2022 and June 2024, with confirmed losses of **$83.8 million**. - Blockaid flagged over **65.4 million** address poisoning transactions since January 2025, averaging more than **160,000** per day. - Poisoning attempts surged from **628,000** in November 2025 to **3.4 million** in January 2026, a 5.5x increase. - A single address poisoning attack in December 2025 resulted in **$50 million** in USDT losses when a victim copied a spoofed address just 26 minutes after a test transaction. - In January 2026, a crypto holder lost **4,556 ETH** (approximately **$12.4 million**) after an attacker dusted their wallet for over two months. - Sophisticated attackers now monitor the mempool for “test” transactions, the exact security practice users are taught to follow, and plant poisoned addresses in response. - Overall, crypto phishing attack volume dropped **83%** in 2025 by some measures, though the per-incident damage grew substantially. - Social platform phishing (fake moderator accounts, impersonation of support staff) became the primary entry vector for exchange-related credential theft. PeriodPoisoning AttemptsConfirmed LossesNotable IncidentJul 2022 – Jun 2024270 million$83.8 millionMultiple wallet drainsJan 2025 – Dec 202565.4 million+ (flagged)$50 million (single)$50M USDT theft (Dec 2025)Nov 2025628,000N/ABaseline before spikeJan 20263.4 million$12.4 million (single)4,556 ETH stolen*Source: Carnegie Mellon CyLab, Blockaid* ## Cryptocurrency Scam Statistics - Chainalysis estimated crypto scam losses at **$17 billion** in 2025, while TRM Labs recorded **$23 billion** in verified fraud and an additional **$12 billion** in community complaints. - Pig butchering scams extracted **$2.1 billion** in the first half of 2025 alone, with the average scam payment rising **253%** to **$2,764**. - Impersonation scam tactics grew **1,400%** year over year, often leveraging AI-generated deepfakes of exchange CEOs and crypto influencers. - AI-enabled scam operations proved roughly **500%** more profitable than traditional schemes, per Chainalysis estimates. - [Stablecoins dominated](https://coinlaw.io/stablecoin-market-share-by-chain-statistics/) illicit transactions, accounting for **84%** of verified fraud proceeds in 2025, up from roughly 70% in 2024. - Investment scams remained the single largest fraud category, generating **$7.23 billion** in FBI-reported losses in the United States alone. - Over **62%** of meme coins launched in 2025 were flagged as potential rug pulls within 30 days of creation. - Americans aged 60 and older were the most affected demographic, losing **$4.43 billion** to crypto scams and fraud in 2025. Scam Type2025 Losses (Est.)YoY ChangeKey MetricInvestment fraud$7.23 billion (US)+25%48% more complaintsPig butchering$2.1 billion (H1)Rising$2,764 avg paymentImpersonationN/A (subset)+1,400%AI deepfakesRecovery scams$1.4 billion (US)RisingRe-targets prior victimsAI-enabled schemesN/A (subset)+500% profitabilityDeepfake-driven*Source: Chainalysis, FBI IC3, TRM Labs* ## Ransomware and Cryptocurrency Payments - Total on-chain ransomware payments fell **8% to $820 million** in 2025, the second consecutive year of payment stagnation. - Claimed ransomware attacks rose **50%** year over year, the most active year on record, yet fewer victims paid the ransom. - The median ransom payment grew **368%** to approximately **$60,000**, indicating attackers are demanding more per victim. - The divergence between rising attacks and falling payments suggests improved backup strategies, incident response plans, and organizational resilience. - Ransomware groups increasingly demanded payment in [privacy coins](https://coinlaw.io/privacy-coins-vs-regulatory-compliance-statistics/) and stablecoins rather than Bitcoin, complicating tracking efforts. - Law enforcement takedowns of major ransomware groups in late 2024 disrupted several prominent gangs, contributing to the payment decline. - The pattern we’ve documented across 18 regulatory events holds here too: major ransomware incidents (Colonial Pipeline in 2021, Change Healthcare in 2024) trigger policy responses within months. - Despite the payment decline, the economic damage from ransomware (including downtime, recovery costs, and reputation losses) remained substantial. YearRansomware PaymentsClaimed Attacks (YoY)Median Payment2021$765 millionBaseline$12,000 (est.)2022$457 million+35%$18,000 (est.)2023$1.1 billion+45%$15,0002024$890 million+30%$12,8002025$820 million+50%$60,000*Source: Chainalysis* ## Rug Pull and Exit Scam Data - Rug pull incidents fell **66%** in early 2025, with only **7 major incidents** compared to 21 in the same period of 2024. - Total rug pull losses surged despite fewer incidents, driven by larger individual events and the OM token collapse. - The average amount stolen per rug pull rose to roughly **$510,000** in 2025, reflecting a shift toward bigger, more sophisticated schemes. - [Hard rug pulls](https://coinlaw.io/rug-pulls-amp-ponzi-schemes-in-crypto-statistics/) (where developers remove liquidity and disappear) made up **55%** of cases, while soft rug pulls (gradual abandonment) accounted for **45%**. - Soft rug pulls grew **35%** between 2024 and 2025, outpacing hard rug pulls in growth rate. - Over **62%** of meme coins launched in 2025 were flagged as potential rug pulls within their first 30 days. - Improved smart contract vetting tools and community due diligence have contributed to the decline in incident count, though the remaining schemes are harder to detect. - Industry experts project rug pulls will account for less than **40%** of all crypto scams by 2027 as auditing and on-chain monitoring tools mature. YearMajor Rug PullsTotal LossesLargest Incident2021100+$2.8 billionSquid Game Token202285+$2.1 billionFTX (debated)202345+$1.3 billionVarious DeFi202421 (H1)$0.8 billionVarious20257 (H1)$0.5 billion+MetaYield Farm ($290M)*Source: DappRadar, Chainalysis* ## Crypto Theft Recovery Rates - Recovery rates vary drastically by theft size: small wallet compromises see **60 to 80%** recovery, while large exchange hacks achieve recovery rates below **1%**. - FBI’s Operation Level Up has prevented over **$500 million** in losses to date, with **$225.9 million** saved in 2025 alone by notifying **8,000** potential victims. - Law enforcement seizures totaled **$2.4 billion** in 2024, a 17% increase from the prior year. - The UK Metropolitan Police secured convictions leading to the world’s largest confirmed crypto seizure: over **61,000 Bitcoin** (valued at roughly $5 billion). - Interpol’s Operation HAECHI VI resulted in **1,800 arrests** and **$439 million** in recoveries across multiple countries. - China shut down **3,200 crypto fraud networks** in 2025, reclaiming approximately **$2.1 billion**. - The recovery paradox is stark: illicit crypto addresses received **$158 billion** in 2025 while global enforcement recovered roughly **$2.4 billion** in the prior year, a ratio of roughly $1 recovered for every $65 lost. - Reporting within **24 to 72 hours** of a theft dramatically increases recovery chances, as delays allow funds to move through mixers and cross-chain bridges. Recovery ChannelAmount Recovered/PreventedPeriodSuccess MetricFBI Operation Level Up$500 million prevented2023-20258,000 victims notifiedGlobal law enforcement seizures$2.4 billion202417% YoY increaseUK Met Police (Wen Jian case)61,000 BTC (~$5 billion)2025Largest confirmed seizureInterpol HAECHI VI$439 million20251,800 arrestsChina fraud network shutdowns$2.1 billion20253,200 networks closed*Source: FBI, Interpol, Chainalysis* > **Key finding:** According to Chainalysis, illicit crypto addresses received $158 billion in 2025 while global law enforcement recovered roughly $2.4 billion in 2024, a ratio of about $1 recovered for every $65 lost. This gap highlights the scale mismatch between criminal inflows and enforcement capacity, though early victim reporting within 72 hours improves recovery odds substantially. ## North Korea and State-Sponsored Crypto Theft - North Korean hackers stole **$2.02 billion** in cryptocurrency in 2025, a **51%** increase from 2024, pushing their all-time total to **$6.75 billion**. - DPRK-linked attacks accounted for **76%** of all service compromises worldwide, making North Korea the dominant state-level crypto threat actor. - The February 2025 Bybit hack (**$1.5 billion**) was executed by the Lazarus Group using a supply chain attack on Safe{Wallet}’s signing infrastructure after socially engineering a developer. - The FBI designated this campaign “TraderTraitor,” describing North Korea’s approach of embedding IT workers inside crypto companies and impersonating executives to gain access. - North Korean groups show clear preferences for Chinese-language money laundering services, with a typical **45-day laundering cycle** following major thefts. - The US government identified Cambodia-based Huione as a critical laundering node, processing at least **$4 billion** in DPRK-linked crypto between 2021 and 2025. - North Korea achieved larger thefts with fewer incidents in 2025, a pattern of “big game hunting” that targets centralized services with the highest asset concentrations. - [Crypto adoption rates by country](https://coinlaw.io/cryptocurrency-adoption-by-country-statistics/) data show that the countries most targeted by DPRK hackers tend to have the largest centralized exchange user bases. YearDPRK Crypto Theft% of Global HacksNotable Target2021$0.43 billion14%Various DeFi2022$1.65 billion43%Ronin Bridge ($625M)2023$1.0 billion59%Various exchanges2024$1.34 billion61%DMM Bitcoin ($305M)2025$2.02 billion76%Bybit ($1.5B)*Source: Chainalysis, FBI, TRM Labs* ## Crypto Crime by Geographic Region - California led all US states with **$2.099 billion** in crypto-related fraud losses in 2025, followed by Texas at **$1.016 billion** and Florida at **$914.5 million**. - New York reported **$593.4 million** in crypto fraud losses, placing it fourth nationally. - Total US crypto fraud losses (**$11.36 billion**) represented approximately **33%** of the estimated global total. - TRM Labs tracked **$158 billion** in illicit crypto flows globally in 2025, with sanctioned entities accounting for the largest share. - Chinese escrow and money laundering services processed **$103 billion** in crypto in 2025, up from $123 million in 2020. - Iran’s total crypto activity reached approximately **$10 billion** in 2025, with **$580 million** (5.9%) tied to illicit activity. - The geographic concentration of crypto crime mirrors the concentration of crypto adoption: the US, East Asia, and Europe account for both the highest legitimate volumes and the highest fraud losses. - State-level enforcement varies widely across the US, with California, New York, and Texas leading in both complaints filed and investigative capacity. ![Crypto Fraud Losses by Region and State](https://coinlaw.io/wp-content/uploads/2026/04/crypto-fraud-losses-by-region-and-state.jpg "Crypto Fraud Losses by Region and State") ## Regulatory Enforcement Actions - The SEC reported total monetary penalties of **$17.9 billion** in fiscal year 2025, though crypto-specific enforcement declined sharply under new leadership. - Beginning in February 2025, the SEC dismissed **7 major crypto enforcement cases**, including actions against Coinbase, Consensys, Binance, and Kraken (Payward). - The DOJ issued its “Ending Regulation by Prosecution” memo in April 2025, announcing it would focus on prosecuting individuals who victimize digital asset investors rather than imposing regulatory frameworks through enforcement. - Globally, **21 crypto-related sanctions designations** were issued across the US, UK, and EU in 2025, with **16** including specific cryptocurrency addresses. - Tornado Cash became the first sanctioned crypto entity to be delisted in March 2025, following legal challenges and policy review. - FinCEN and DOJ took parallel enforcement actions against Paxful, a peer-to-peer trading platform, assessing a **$3.5 million** penalty for AML program failures. - The EU’s [Markets in Crypto-Assets](https://coinlaw.io/eu-mica-regulations-statistics/) (MiCA) regulation entered full enforcement in December 2024, creating the first comprehensive crypto regulatory framework in a major jurisdiction. - The regulatory pivot from enforcement-first to legislation-first represents what we’ve documented across 18 regulatory events: the crisis-to-license pattern, where enforcement surges after major failures and then transitions to licensing frameworks. Agency/BodyActionYearImpactSECDismissed 7 crypto cases2025Ended “regulation by enforcement”DOJ“Ending Regulation by Prosecution” memo2025Focus shifted to victim protectionEUMiCA full enforcement2024-2025First comprehensive crypto frameworkFinCEN/DOJPaxful enforcement2025$3.5M penalty for AML failuresUS/UK/EU21 sanctions designations202516 included crypto addressesOFACTornado Cash delisted2025First crypto sanctions reversal*Source: SEC, DOJ, European Council* ## Cryptocurrency Security Market Size - The crypto security market reached an estimated **$6.79 billion** in 2026, up from **$5.42 billion** in 2025. - Industry projections place the market at **$26.92 billion** by 2032, with a compound annual growth rate of **25.7%**. - The blockchain security market specifically was valued at **$5.38 billion** in 2025, with projections reaching **$128.19 billion** by 2032 at a 57.3% CAGR. - Institutional custody requirements from traditional financial firms (BlackRock, Fidelity, ICE) entering the crypto market have driven enterprise-grade security spending. - MiCA’s enforcement in the EU created mandatory security compliance requirements for all crypto asset service providers operating in Europe. - Venture capital investment in crypto security startups remained strong through 2025, with firms focusing on transaction monitoring, wallet security, and [on-chain forensics](https://coinlaw.io/blockchain-forensics-and-illicit-transactions-statistics/). - The growth in security spending reflects a market reality: as the total value secured in crypto grows, the incentive for both attackers and defenders increases proportionally. - [Bug bounty programs](https://coinlaw.io/smart-contract-bug-bounties-statistics/) across major protocols exceeded **$100 million** in total payouts cumulatively, creating financial incentives for white-hat researchers. YearCrypto Security MarketBlockchain Security MarketKey Driver2024$4.3 billion (est.)$3.4 billionETF institutional demand2025$5.42 billion$5.38 billionMiCA enforcement, exchange hacks2026$6.79 billion$7.1 billion (est.)Institutional custody standards2030$18 billion (est.)$60 billion (est.)Global regulatory frameworks2032$26.92 billion$128.19 billionFull market maturity*Source: company filings, public data* ## Frequently Asked Questions (FAQs) **How much cryptocurrency was stolen in 2025?**Hackers stole <strong>$3.4 billion</strong> in cryptocurrency through direct exploits in 2025, per Chainalysis. The FBI separately recorded <strong>$11.36 billion</strong> in crypto fraud losses reported by US victims. Combined global losses from scams, hacks, and fraud are estimated at <strong>$17 billion</strong>. **What is the most common type of crypto attack?**Infrastructure attacks (compromised private keys, social engineering, and supply chain manipulation) caused <strong>76%</strong> of hack losses in 2025. Smart contract code exploits, once the dominant attack vector, now represent a smaller share as attackers target human operators rather than protocol code. **How much cryptocurrency has North Korea stolen?**North Korean state-sponsored hackers have stolen a cumulative <strong>$6.75 billion</strong> in cryptocurrency. In 2025 alone, DPRK-linked groups stole <strong>$2.02 billion</strong>, including the <strong>$1.5 billion</strong> Bybit hack attributed to the Lazarus Group by the FBI. **What percentage of stolen crypto is recovered?**Recovery rates depend heavily on theft size. Small wallet compromises see <strong>60 to 80%</strong> recovery, while large exchange hacks typically recover less than <strong>1%</strong> of stolen funds. Globally, law enforcement seized approximately <strong>$2.4 billion</strong> in crypto assets in 2024. **Are crypto hacks increasing or decreasing?**Annual hack totals fluctuate based on whether a mega-exploit occurs. Q1 2026 losses fell <strong>88%</strong> year over year to <strong>$168.6 million</strong>, but a single large hack could reverse that trend. The long-term pattern shows improving DeFi security alongside growing state-sponsored threats. ## Conclusion The FBI’s **$11.36 billion** in reported crypto fraud losses for last year underscores the scale of the security challenge facing the cryptocurrency industry. Hackers stole **$3.4 billion** through exploits, scammers extracted an estimated **$17 billion**, and North Korean state actors continued to escalate their operations to **$2.02 billion** in a single year. The data reveals two defining patterns. First, crypto security’s primary vulnerability has shifted from code to people: off-chain attacks, social engineering, and compromised credentials caused **76%** of hack losses, a trend that no amount of smart contract auditing alone can address. Second, the recovery paradox persists, with law enforcement recovering roughly **$1 for every $65 lost** to crypto crime, though early reporting and improved blockchain forensics are narrowing that gap. Crypto investors, exchange operators, security professionals, and regulators can use these statistics to benchmark risks, allocate security budgets, and shape policy. Q1 this year data (an **88% decline** in hack losses) offers cautious optimism that improved auditing, proof-of-reserves reporting, and institutional-grade custody standards are producing measurable results. Whether that trend holds through the rest of this year will depend on whether the industry can address its most persistent weakness: the humans who operate the systems. Definition of Blockchain. Link to full glossary entry follows the description.**Blockchain**A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security. [Read more](https://coinlaw.io/glossary/blockchain/) Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of DeFi. Link to full glossary entry follows the description.**DeFi**Decentralized finance leverages blockchain protocols and [smart contracts](https://coinlaw.io/glossary/smart-contract/) to enable lending, trading, and borrowing without banks or traditional intermediaries. [Read more](https://coinlaw.io/glossary/defi/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/) Definition of Cold Wallet. Link to full glossary entry follows the description.**Cold Wallet**A cold wallet is an offline crypto storage method that keeps private keys disconnected from the internet, reducing the risk of hacking and unauthorized access. [Read more](https://coinlaw.io/glossary/cold-wallet/)