Cyber Theft Declines but Risks Persist

Cryptocurrency hacks saw a significant decline of 44% year-on-year in January 2025, according to a report by blockchain security firm Immunefi. Despite the drop, centralised finance (CeFi) platforms continue to bear the brunt of cyberattacks, accounting for 93% of total losses.

Hackers stole more than $73 million worth of digital assets across 19 incidents in January, marking a sharp decrease from the $133 million stolen in the same period in 2024. However, the figure represents a substantial ninefold increase from December 2024, when only $3.8 million in cryptocurrency was lost to hackers.

CeFi Platforms Take the Hardest Hit

The largest single incident in January was the attack on Singapore-based crypto exchange Phemex, which resulted in losses exceeding $69 million. The second-largest theft targeted the options trading platform Moby Trade, with hackers stealing $2.5 million.

Top 10 losses in January. Source: Immunefi
Top 10 losses in January. Source: Immunefi

Despite the overall decline in January, the broader trend in 2024 showed an increase in cyber theft, with $2.3 billion lost across 165 incidents—40% higher than in 2023, when hackers stole $1.69 billion.

CeFi Expected to Remain Top Target in 2025

Mitchell Amador, founder and CEO of Immunefi, warned that CeFi platforms would likely remain the main targets for hackers throughout 2025. “The largest volume of losses will likely come from CeFi, as hackers are targeting infrastructure, particularly through private key compromises. CeFi doesn’t generally suffer the highest number of successful attacks, but when a breach occurs, it typically leads to catastrophic losses,” he said.

Amador explained that private key compromises are particularly dangerous because they enable hackers to withdraw vast sums of money instantly. In contrast, decentralised finance (DeFi) hacks tend to involve more frequent but smaller losses, often leading to partial rather than total fund depletion.

Human Error and Phishing Threats in CeFi

CeFi infrastructure remains vulnerable to human errors, such as phishing attacks, further exacerbating the risk. Amador stressed the importance of a multi-layered security strategy for CeFi platforms to mitigate threats.

Crypto losses, January 2025, breakdown. Source: Immunefi
Crypto losses, January 2025, breakdown. Source: Immunefi

“CeFi platforms must adopt a multi-layered security approach that includes enhancing key management, such as reducing reliance on single private keys,” he said. He also emphasised the need for improved operational security (OpSec) practices, including regular security training for employees.

To bolster security, Amador suggested implementing bug bounty programmes and real-time threat detection tools. Immunefi currently offers over $181 million in bug bounties for ethical hackers, also known as white hat hackers, to help safeguard the crypto ecosystem, which holds over $190 billion in user funds.

While the overall decrease in crypto theft in January is a positive development, industry experts caution that ongoing threats, particularly to CeFi platforms, demand constant vigilance and enhanced security measures.

Related Posts