February 2025 saw one of the worst months for cryptocurrency security breaches, with approximately $1.5 billion lost to exploits, hacks, and scams, according to blockchain security firm CertiK.
Notably, the most significant incident was the Bybit exchange breach, marking the largest recorded exploit since the 2022 Ronin Bridge hack, which was linked to the North Korean Lazarus Group.
Breakdown of Major Crypto Losses
The largest single attack in February was the Bybit exploit, which resulted in a loss of over $1.4 billion. Other notable breaches included:
- OxlInfinity: $49.5 million
- zkLend: $9.5 million
- Ionic: $8.6 million
- Cardex: $400,000
These incidents collectively contributed to one of the most financially damaging months in recent crypto history.
CertiK Report: Types of Crypto Attacks
CertiK’s analysis categorizes February’s losses by attack type. Wallet compromises accounted for the most substantial losses at $1.5 billion, followed by code vulnerabilities ($20.3 million), phishing ($1.9 million), and access control exploits ($668,232).
From a broader perspective, the losses by type of platform were:
- Centralized exchanges: $1.49 billion
- Decentralized finance (DeFi) platforms: $19.1 million
- Address poisoning scams: $1.47 million
- Meme coins: $559,137
- Wallet drainer malware: $483,399
Attack Methods: Flash Loans and Phishing
Flash loan attacks, a method where attackers borrow large amounts of uncollateralized funds to manipulate markets, resulted in a notable loss increase compared to previous months.
February’s losses from this attack type exceeded $2 million, marking a growing trend in DeFi vulnerabilities.
In addition, phishing attacks, where scammers deceive users into revealing private keys or signing malicious transactions, caused over $1.9 million in losses.
Market-Wide Impact of the Crypto Losses
CertiK’s February report highlights the vulnerabilities that continue to plague the cryptocurrency sector. With Bybit’s breach ranking among the worst in history, security experts emphasize the need for enhanced measures, including:
- Strengthened exchange security protocols
- Increased user awareness on phishing scams
Read: CZ Warns of Multi-Sig Cold Storage Vulnerabilities After Bybit Hack
Despite these losses, no funds were reported as recovered in February 2025 per CertiK Alert’s report, raising concerns about the effectiveness of current anti-hack responses.
