Wave of Large-Scale Cyberattacks on Crypto Exchanges in 2025: Over $3 Billion Stolen, WOO X and Other Platforms in Crypto Hackers’ Crosshairs

WOO X Temporarily Halts Withdrawals After $14M Hack

Description of the incident

Cryptocurrency trading platform WOO X has introduced temporary restrictions on withdrawals following a large-scale cyberattack that resulted in the theft of $14 million from a limited number of user accounts. The incident occurred on Thursday and was quickly detected by the platform’s team: the attackers withdrew funds from nine accounts without authorization. According to WOO X representatives, the attack was quickly localized thanks to the coordinated work of a team of security specialists.

“The attack was quickly detected. As a precaution, we temporarily suspended withdrawals and blocked some transactions. We have already contacted the affected users and guarantee a full refund of all unauthorized charges,” WOO X reported.

All affected users have now been notified, and the platform has promised to fully compensate for damages from unauthorized charges.

Details of the incident

• Date of incident: Thursday, late July 2025.
• Amount of damage: $14 million.
• Number of affected accounts: Nine.
• WOO X measures:
  • Immediate suspension of withdrawals.
  • Blocking some suspicious transactions.
  • Communication with victims and guarantees of full compensation.

Cyberattacks are the main threat to the crypto industry

Cyberattacks remain a key issue for the digital asset space, causing billions in losses and hindering the widespread adoption of cryptocurrency tools and platforms. WOO X is not the only platform to experience leaks in July 2025.

A series of crypto platform hacks in recent weeks

According to open sources, at least three major incidents were recorded in the industry in the last two weeks of July 2025:

• Arcadia Finance (June 15): The decentralized finance platform was attacked via a vulnerability in the Arcadia Rebalancer smart contract. Attackers withdrew $3.5 million.
• BigONE (July 16): Major centralized exchange lost $27 million in targeted hot wallet attack. Investigation confirmed external interference. Exchange officially acknowledged the incident.
• CoinDCX (July 19): One of India’s largest crypto exchanges has reported that its internal liquidity account was hacked. The losses amounted to $44 million, but user assets remained intact, as CoinDCX CEO Sumit Gupta emphasized.

Assessing the extent of damage and the nature of attacks

• Total losses by 2025: More than $3.1 billion.
• Main reason for attacks: Most incidents involve access control exploits – vulnerabilities that allow attackers to bypass authentication mechanisms and gain unauthorized access to accounts and contracts.

Source: Hacken

Responses and initiatives

Cryptocurrency exchanges are starting to implement additional measures to improve security and community outreach. For example, CoinDCX has launched a White Hat Reward program: ethical hackers and security companies can return funds in exchange for a reward of up to 25% of the amount returned.

Such initiatives are aimed at reducing risks for users and motivating the community to actively participate in ensuring the security of the cryptocurrency ecosystem.

The WOO X incident thus became part of a worrying trend of large-scale thefts and attacks in the crypto industry. As the market grows and platforms become more complex, the role of cybersecurity is becoming more important for both companies and users of digital assets.

Let’s look at a selection of recent articles with detailed descriptions of the largest hacks of cryptocurrency platforms in 2025, similar to the WOO X incident:

1. The Greatest Bybit Hack: $1.4-1.5 Billion Stolen

In February 2025, crypto exchange Bybit suffered the largest theft in the history of the industry: hackers stole about $1.4-1.5 billion from the platform by taking advantage of a leak of private keys in the hot wallet system. The attack was carried out in a matter of minutes. International intelligence agencies were involved in the investigation of the incident, and the Bybit hack was followed by calls for a review of security standards for all centralized platforms 1 2 3 4 5 .

2. BigONE Hack: $27M Loss in July 2025

In July 2025, major centralized exchange BigONE announced the theft of $27 million after a targeted hack of its hot wallet. The official statement noted that the hackers used advanced social engineering techniques and were able to bypass internal control systems. The incident highlighted the vulnerability of quick access to the internal tools of platforms 4 5 6 .

3. Indian CoinDCX Hack: $44 Million via Internal Account

On the night of July 19, 2025, the Indian crypto exchange CoinDCX recorded an unauthorized withdrawal of funds from an account to ensure liquidity: hackers withdrew $44.2 million. Users’ funds were not affected, the company promised to reimburse the entire amount from reserves. Analysts emphasized that the attack affected internal wallets for inter-exchange liquidity – the infrastructural “Achilles heel” of centralized platforms 7 4 5 .

4. Nobitex Exchange Hack (Iran): $90 Million and Political Motivations

On June 18, 2025, Iran’s largest crypto exchange Nobitex suffered a politically motivated attack involving messages embedded in transactions. Hackers withdrew $90 million by compromising keys and quickly moved the funds through mixers to hide their tracks 8 9 .

5. Growing Number of Attacks and Trends in 2025

Hackers stole over $3.1 billion from various platforms in the first half of 2025. The main vulnerabilities were access control errors, hot wallet compromise, smart contract exploits in DeFi, and the development of AI-powered phishing schemes. Large attacks were accompanied by money laundering through cross-chain bridges and mixers, complicating the tasks of tracking transactions for security services 1 10 8 11 12 .

6. Other high-profile incidents in 2025

• Arcadia Finance – $3.5M hack via vulnerable Rebalancer smart contract.
• Cetus Protocol – Hackers stole $223 million and are bargaining for a reward to return part of the funds 6 .
• UPC Exchange – Price Oracle Vulnerability Attack and $70 Million Loss 10 .

This dynamic confirms that, despite the strengthening of security measures, the challenges facing the crypto industry are growing, and attackers are constantly improving their tactics. Centralized platforms and services remain victims of increasingly sophisticated attacks, where hacking hot wallets, political motives, and the use of insider information come to the fore 1 10 2 7 4 .

In February 2025, cryptocurrency exchange Bybit suffered the largest hack in the history of the crypto industry, with hackers stealing around $1.4-1.5 billion in digital assets using a sophisticated attack on the exchange’s cold multi-signature wallet system. The incident was a wake-up call for the entire industry and prompted a review of security standards for centralized platforms.

Timeline and details of the hack

• Date of attack: February 21, 2025.
• Amount of stolen funds: approximately $1.4–1.5 billion equivalent, including more than 401,000 ETH, approximately 113,000 synthetic ETH (cmETH, stETH, mETH) and approximately 90 USDT.
• Attack method: Attackers gained access to a cold multi-signature wallet – a highly secure storage facility that requires multiple signatures from responsible employees to manage funds.
• The attack was carried out in minutes using phishing techniques and UI spoofing: hackers tricked signatories into approving malicious transactions by disguising them as legitimate operations.
• Complex methods of exploiting smart contracts were used, in which the content of the signed transactions differed from that visible to the users’ addresses.
• As a result, the attackers gained control over the cold wallet, which allowed them to withdraw huge amounts of cryptocurrency to addresses they controlled.

Professional investigation and identification of perpetrators

• According to preliminary assessments, the attack was carried out by the North Korean hacker group Lazarus , known for its numerous major cyberattacks on banks and crypto exchanges.
• It is believed that malware and social engineering methods were used to compromise the exchange, gaining access to the computers of the exchange employees who manage the multi-signature wallet.
• Transactions required a majority of signatories to complete (six people had that authority), making the attack particularly complex and well-coordinated.

Bybit’s Consequences and Measures

• Approximately 0.42% of all Ethereum cryptocurrency in circulation was stolen, an amount greater than Ethereum founder Vitalik Buterin’s stake.
• Following the incident, Bybit stated that the exchange’s clients were not harmed as the funds were the property of the platform itself.
• Within a few days, the exchange had fully recovered the stolen amounts, demonstrating financial stability and responsibility to users.
• To prevent further distribution of the stolen funds, tracking measures were activated: key addresses of the attackers were blacklisted and cybersecurity was strengthened.
• The exchange announced cooperation with international intelligence agencies and cybersecurity companies to return funds and prevent similar incidents in the future.
• In response to the incident, there are plans to revise the security standards of centralized cryptocurrency platforms, strengthen the protection of cold wallets, and expand incentive programs for ethical hackers (white hats).

The significance of the incident for the crypto industry

• The Bybit hack was the largest single crypto theft in 2025 and showed that even multi-level multi-signature and cold storage do not guarantee absolute security.
• The attack forced the industry to strengthen internal security processes, pay more attention to employee training and supervision, and develop new technical means of protection.
• Increased cooperation between crypto exchanges, law enforcement agencies, and security experts was required to combat cybercriminals.

Thus, the Bybit theft was not only a record-breaking case in terms of the amount of damage, but also a lesson for the entire crypto industry, highlighting the importance of comprehensive cybersecurity methods and the need to constantly improve the protection of digital assets.

Cryptocurrency exchange BigONE was the victim of a targeted cyberattack in July 2025, which resulted in the theft of digital assets worth approximately $27 million from the platform’s hot wallet. The incident occurred on July 16 and became another loud signal about the continuing vulnerability of centralized cryptocurrency exchanges to advanced hacking methods.

Description of the incident

• Date of breach: July 16, 2025.
• Amount of damage: approximately $27 million in cryptocurrency, including Bitcoin (approximately 120 BTC), Ethereum (approximately 1,272 ETH), TRON (23.3 million TRX), Solana (approximately 2,625 SOL), and other tokens.
• Attack method: According to official data, the attackers used complex social engineering methods and were able to bypass internal control systems, gaining unauthorized access to the hot wallet – an active storage of funds that the exchange uses to ensure liquidity and conduct transactions.
• Detection and response: The abnormal movements of funds were detected by monitoring systems, allowing the incident to be quickly localized. The exchange immediately suspended trading, withdrawals, and began working with cybersecurity experts, in particular SlowMist, to track and monitor further movements of the stolen assets.

Consequences and measures of the BigONE platform

• BigONE representatives stated that the private keys controlling the rest of the exchange’s and users’ funds were not compromised, and all losses will be fully compensated from the company’s internal reserves.
• Deposits and trading on the platform have already been restored, however withdrawals remain temporarily suspended until the security measures are updated.
• According to experts, the attackers began moving the stolen assets between different blockchains, trying to make it more difficult to track them and return some of the funds.
• BigONE partners with analytics and cybersecurity companies to identify and freeze suspicious addresses, and with law enforcement to investigate the attack.

Technical details and attack assessment

• SlowMist analysts reported that the attackers changed the logic of the exchange’s servers, which are responsible for user accounts and risk control, which allowed them to gain immediate access to the hot wallet.
• Users’ private keys remain secure, eliminating direct mass impact on client assets.
• The incident qualifies as a supply chain attack, when hackers penetrate the infrastructure through vulnerabilities in third-party services or software packages used by the platform.

Context and significance of the incident

• The BigONE hack is part of a general trend of growing large-scale cyberattacks on crypto exchanges in 2025, with billions of dollars in assets stolen. The Bybit hack remains the leader in losses, with $1.4-1.5 billion in damages.
• Renowned blockchain researcher ZachXBT noted that BigONE has previously been linked to scams, raising debate about the role of such platforms in the crypto ecosystem.
• According to experts, the attack on BigONE highlighted the vulnerability of hot wallets, which, despite their convenience, pose a major risk to centralized platforms due to active access to large amounts of funds.

Results and Prospects

The BigONE incident demonstrated how critical comprehensive cybersecurity is for cryptocurrency exchanges, especially in terms of protection against sophisticated social engineering and infrastructure attacks. The platform’s rapid response, cooperation with security professionals, and promise of full compensation help minimize the negative impact on users and maintain market confidence.

However, this attack once again demonstrated the need to strengthen security measures, revise hot wallet access control systems, and increase the transparency of platforms’ actions to their clients.

On the night of July 19, 2025, the cryptocurrency exchange CoinDCX suffered a large-scale cyberattack, as a result of which the internal operational account used to provide liquidity on the partner platform was compromised, and the attackers were able to withdraw about $44.2 million in digital assets. At the same time, the platform users’ funds were not affected – they are stored separately in cold wallets, and the company promised to compensate for all losses from its own reserves.

Chronology and details of the incident

• The incident occurred on the night of July 19, 2025, when CoinDCX staff discovered unauthorized transactions from an internal liquidity account.
• The attack was classified as a complex server breach that affected the internal account for inter-exchange liquidity provision, and not client wallets.
• According to official statements from CoinDCX co-founders, including CEO Sumit Gupta, the hack was quickly localized: the affected segment was isolated from the rest of the infrastructure, which prevented further risks.
• CoinDCX promptly notified the National Cyber Incident Response Team and engaged information security specialists to thoroughly investigate and fix the vulnerabilities.

Attack mechanisms and technical details

• According to the analysis, the hack played on the vulnerability of the exchange’s internal infrastructure, especially related to liquidity management on partner exchanges.
• The attackers took advantage of technical holes or security errors in the servers that provide operational management of liquid assets.
• Experts have found that the stolen funds were quickly transferred through multiple cryptocurrency addresses and protocols, making them difficult to track and recover.
• Some of the stolen funds were laundered through cryptocurrency mixers and cross-chain tools, which is typical of modern schemes for concealing traces of cybercrime.

Countermeasures and consequences

• CoinDCX stated that all losses will be covered from the company’s internal reserves, which guarantees the safety and security of users’ assets.
• Trading operations, deposits and withdrawals on the exchange were not affected and continued as usual.
• The company announced its intention to strengthen infrastructure protection, conduct additional security audits and expand cooperation with cybersecurity experts.
• The exchange also works together with partner platforms and law enforcement agencies to block and return stolen assets.

The context of the incident and its significance

• CoinDCX is one of the largest crypto exchanges in India, serving over 16 million users, making the hack a significant blow to the industry in the region.
• The incident comes just a year after another Indian platform, WazirX, was hacked for around $235 million, highlighting the continuing security vulnerabilities of Indian crypto platforms.
• In 2025, there is an alarming trend of increasing large-scale cyberattacks on major crypto exchanges, with total losses exceeding $3 billion, including hacks of Bybit, BigONE and others.
• Experts warn that internal liquidity accounts remain the “Achilles heel” of centralized exchanges despite other security measures.

Thus, the CoinDCX hack became a vivid example of modern challenges in ensuring the security of crypto infrastructure: attacks are becoming increasingly complex, entailing multi-million dollar losses, but competent actions of exchanges and covering losses with reserves help maintain the trust of users and markets.

Cryptocurrency exchange Nobitex, the largest platform in Iran, fell victim to a massive and politically motivated cyberattack on June 18, 2025, in which the attackers stole approximately $90 million from its hot wallets and related infrastructure servers. The incident was not of a typical criminal nature – the hackers deliberately destroyed the stolen assets, using the funds to express political protest against the Iranian regime.

Timeline and details of the attack

• On the night of June 18, 2025, Nobitex representatives discovered unauthorized access to part of the infrastructure, including the hot wallet and reporting servers.
• Shortly after the hack was discovered, the platform was forced to shut down completely, with the site and services remaining unavailable for several days.
• The pro-Transparent hacker group Gonjeshke Darande (also known as Predatory Sparrow) claimed responsibility for the cyberattack , saying the goal was not to steal funds but to send a political message.
• The hackers promised to publish the source code and internal data of the exchange, which they subsequently did, as part of their pressure campaign against the Iranian authorities.

Mechanism and features of the attack

• The attackers gained access to private keys, which gave them control over Nobitex’s hot wallets and allowed them to withdraw about $90 million in cryptocurrency.
• Instead of cashing out or trying to keep the stolen goods, they transferred the funds to unique “vanity addresses” — crypto wallets with names containing political messages and insults against the Islamic Revolutionary Guard Corps (IRGC) and the Iranian regime.
• Such addresses are extremely difficult to guess and, more importantly, it is impossible to reveal the private keys to them, which effectively led to the destruction of the stolen funds.
• This made the attack not just a theft, but a kind of symbolic act of protest and sabotage of the financial infrastructure.

Political context and significance of the incident

• Nobitex serves as a key financial mechanism for the Iranian regime, enabling the circumvention of international sanctions and supporting IRGC-linked entities.
• The hacker group Gonjeshke Darande directly accuses the exchange of close ties to the authorities and calls it a tool for financing terrorist organizations.
• The attack reflects the escalation of geopolitical conflict in the Middle East and the use of cyber warfare as a tool of pressure.
• Experts assess the damage and consequences as a serious blow to Iran’s cryptocurrency ecosystem, destabilizing the ability to circumvent sanctions and necessitating a rethink of approaches to cybersecurity in the region.

Consequences and recovery

• In the first hours after the attack, Nobitex acknowledged the breach and took steps to block access to its systems, after which the service remained disconnected.
• The publication of source code and internal documents created additional security risks and raised concerns in the market.
• By June 30, 2025, Nobitex has begun a phased restoration of operations, including restoring access to user wallets and strengthening security systems.
• The hack has raised questions about the need to strengthen the protection of cryptocurrency platforms in countries with high political risks and a complex external sanctions environment.

The significance of the incident for the crypto industry

• The Nobitex case demonstrates a new quality of cyberattacks – the transition from the usual theft of funds to politically motivated destruction of digital assets.
• This highlights the growing role of cyberspace in international conflicts and the need to take into account the political component when analyzing the security threats to cryptocurrency platforms.
• The incident serves as a warning to all platforms that security is no longer limited to technical measures, but requires taking into account the geopolitical context and responding to complex, multi-layered threats.

Thus, the hack of the Iranian exchange Nobitex became not only one of the largest incidents of 2025 from a financial point of view, but also a striking example of the use of cyberattacks in the context of political struggle, significantly complicating the situation with cybersecurity in the crypto industry.

The attack on the Iranian crypto exchange Nobitex on June 18, 2025, was politically motivated and linked to the geopolitical standoff between Israel and Iran. The hacking was claimed by the hacker group Gonjeshke Darande (translated as “Predatory Sparrow”), which experts associate with Israeli intelligence and consider an anti-Iranian proactive group involved in cyber wars against Iranian state and para-state structures 1 2 3 .

Political Motivations Behind Nobitex Attack

• The hackers accused Nobitex of actively assisting the Iranian regime, accusing the exchange of being a key element in circumventing international sanctions against Iran and a tool for funding terrorist organizations , particularly the Islamic Revolutionary Guard Corps (IRGC) 1 5 .
• The hack involved transferring the stolen $90 million to “politically provocative” crypto addresses with offensive messages about the Iranian government and the IRGC, highlighting that the main goal was not to enrich themselves, but to deal a symbolic blow and undermine Nobitex’s reputation as a tool of the regime 1 2 .
• The attack is seen as part of a broader pressure campaign by Israel and its allies against Iranian infrastructure in the context of the ongoing conflict over Iran’s nuclear program and regional military actions (Israel’s Operation People Like a Lion and Iran’s Operation True Promise 3) 2 4 .
• Gonjeshke Darande has previously carried out cyber attacks on Iranian steel mills, a gas station chain, and the state-owned Sepah Bank, indicating that their activities are systematic and part of an anti-Iran hacking campaign 1 2 .

Who is behind Gonjeshke Darande

• Gonjeshke Darande is considered a pro-Israeli hacker group with close ties to Israeli intelligence and security services, as confirmed by international analysts and media 1 2 3 .
• The group operates as part of Israel’s cyber war against Iran, aimed at undermining the Iranian regime’s financial and infrastructural base and its military structures through hacking, destabilization operations, and public political statements in cyberspace 1 2 .
• The group’s goals go beyond purely financial crimes and include political destabilization, information campaigns, and influencing the course of regional conflicts 2 4 .

Thus, the attack on Nobitex is not just a theft of funds, but a strategic move within the framework of a geopolitical conflict aimed at weakening the Iranian regime and demonstrating the vulnerability of its digital infrastructure. Gonjeshke Darande is the embodiment of proactive anti-Iranian cyber operations, in close cooperation with Israeli political and intelligence structures.

The crypto industry has seen a sharp increase in cyberattacks in the first half of 2025, with total thefts of over $3.1 billion across various platforms. This alarming trend is driven by a number of vulnerabilities and new attacker schemes, reflecting the increasing sophistication of threats and the scale of the digital asset security problem.

The main reasons for the increase in the number of attacks

• Access control flaws and hot wallet compromise remain the main vulnerabilities. Centralized crypto exchanges store users’ funds in hot wallets, which allow for fast transactions, but these wallets also become easy targets for hackers due to their relative vulnerability 1 .
• Smart Contract Exploits in DeFi . Vulnerabilities in the code of decentralized financial platforms allow attackers to launch sophisticated attacks, stealing funds through manipulation of contract logic or errors in their design 1 4 .
• The development of artificial intelligence (AI)-based phishing schemes . Modern AI tools allow hackers to create more believable phishing messages and communication imitations, which significantly increases the success of attacks on employees and users of crypto platforms 1 4 .

Mechanisms and features of attacks in 2025

• Major thefts involve multi-stage money laundering using cross-chain bridges and mixers . Transferring stolen assets between different blockchain networks complicates tracking, and mixers cover their tracks, making the work of monitoring services and law enforcement agencies much more difficult 1 .
• In addition to technical vulnerabilities, hackers are increasingly using supply chain attacks , breaking into third-party services and libraries integrated into the infrastructure of crypto platforms 1 .
• Social engineering and compromise of crypto exchange employee accounts are common first steps in all major attacks, requiring increased monitoring and security training for staff 1 4 .

Statistics and scale of the problem

• During the first half of 2025, more than 63 thousand cyberattacks on Russian companies were registered, including those related to the crypto industry, which is 27% higher than the figures for the same period in 2024. Globally, an increase in the number of attacks is also recorded everywhere, especially on financial and crypto companies 2 3 9 .
• Analysts note that although the growth in the number of attacks is slowing, their quality and complexity are growing – hackers are increasingly conducting targeted, complex attacks with a high degree of disguise and adaptation to specific targets 2 .
• Among the types of attacks, the leading ones are various types of phishing, DDoS, exploitation of API vulnerabilities, hacking of hot wallets, and abuse of DeFi smart contracts 1 4 .

Forecasts and recommendations

• Cybercriminals will increase their use of AI to bypass security systems and create new deception schemes.
• Attacks on service providers and crypto exchange partners will increase, increasing the importance of supply chain monitoring.
• A comprehensive strengthening of measures is required: multi-level authentication, regular security audits, staff training, infrastructure segmentation, as well as active cooperation of platforms with experts and law enforcement agencies 4 .
• Bug bounty programs and active community feedback are becoming critical to the timely discovery and remediation of vulnerabilities.

Thus, 2025 represents a shift in the cryptocurrency industry’s cyber threat landscape, with attacks growing in both quantity and sophistication, using modern technologies and adaptive methods. Massive losses across platforms and increasingly complex laundering schemes require the industry to continually improve security and manage digital assets responsibly.

The crypto industry in 2025 faces a new wave of high-profile hacks and digital asset thefts, demonstrating growing security challenges and ever-evolving attacker tactics. Below is a detailed look at several notable incidents that have occurred in the first months of 2025, each illustrating distinct vulnerabilities in modern crypto platforms and hacker techniques.

Arcadia Finance: $3.5M hack via vulnerable Rebalancer smart contract

On June 15, 2025, the decentralized financial protocol Arcadia Finance , which runs on the Base blockchain, was the victim of a successful hacker attack, during which the attackers stole approximately $3.5 million .

• Attack mechanism : Hackers exploited a vulnerability in the Rebalancer smart contract , responsible for managing liquidity within the protocol. They were able to change arbitrary parameters swapData, which allowed them to conduct unauthorized swap transactions and withdraw assets from user accounts.
• Course of events : Within a minute, the attacker deployed a malicious contract, initiating an exploit and instantly stealing tokens – including about 2.3 million USDC and 227 thousand USDS, which were then converted into Wrapped Ethereum (WETH).
• Aftermath and Response : The Arcadia Finance team issued a notice of the breach, advised users to remove asset management permissions, and security researchers began analyzing and tracking transactions on the Ethereum network to try to locate the stolen funds.
• Significance of the incident : This incident highlighted the vulnerabilities of DeFi software, especially in complex smart contracts, and confirmed the need for stronger formal code reviews and security audits.

Cetus Protocol: $223 Million Theft and Ransom Negotiations

One of the largest hacks of 2025 was the Cetus Protocol incident , where hackers stole approximately $223 million .

• Circumstances : Attackers gained access to the system and withdrew a large amount of cryptocurrency, which caused shock in the community and called into question the security of one of the popular DeFi protocols.
• Next steps : Cetus Protocol representatives said they are negotiating with the hackers, who are demanding a reward for the return of some or all of the stolen funds.
• Context : This case illustrates a growing trend where attackers are using cyberattacks not only to steal but also to negotiate ransom, adding a new layer of complexity to incident management and legal aspects.

UPC Exchange: Price Oracle Vulnerability Attack Costs $70 Million in Losses

UPC Exchange has fallen victim to a sophisticated attack based on a vulnerability in its price oracle engine.

• Nature of the vulnerability : Price oracle is a system for transmitting up-to-date data on cryptocurrency prices, which is critical for the proper operation of decentralized platforms. Attackers were able to manipulate this component, which led to price distortions and erroneous transactions.
• Losses : As a result of the attack, the exchange suffered losses of about $70 million .
• Consequences : The incident demonstrated the need for strict control over Oracles and the use of multi-level data validation, since their compromise directly affects the financial security and trust of users.

General context and conclusions

Despite efforts to strengthen security measures by crypto platforms, the increased number and sophistication of attacks in 2025 indicate that attackers are constantly evolving their tactics. Centralized platforms, DeFi protocols, and services are increasingly becoming targets for hacks based on:

• Hacks of hot wallets with access to large amounts of assets;
• Exploits in smart contracts , such as Arcadia Finance and Cetus Protocol;
• Manipulation of infrastructure data such as price oracle in UPC Exchange;
• Political motivation and insider information , which makes it difficult to identify the attack and its consequences.

These facts highlight that a comprehensive, multi-layered approach to security—including technical improvements, auditing, and staff training—is critical to preventing financial losses and maintaining trust in the crypto industry.

In conclusion of the analysis of large-scale cyberattacks on cryptocurrency platforms in 2025, we can confidently say that this period has become a turning point for the crypto industry in terms of cybersecurity. Undoubtedly, the digital asset market continues to develop rapidly, attracting more and more participants and significant financial turnover, but along with the growth of the industry, the number and, most importantly, the technical complexity and sophistication of hacker attacks are also increasing sharply.

In the first six months of 2025, the total losses from hacks of cryptocurrency platforms exceeded the astronomical mark of $3.1 billion. The incidents that occurred on the largest centralized exchanges (Bybit with $1.4-1.5 billion, BigONE with $27 million, CoinDCX with $44 million and WOO X with $14 million) as well as decentralized protocols (Arcadia Finance, Cetus Protocol, UPC Exchange) illustrate a number of key vulnerabilities that remain in the spotlight of security experts.

Key vulnerabilities and attacker tactics

• Compromises of hot wallets and internal transaction accounts have proven to be the primary cause of major breaches. These highly liquid and privileged accounts are often poorly isolated and protected, making them easy targets.
• Errors in smart contract implementation and vulnerabilities in oracles continue to open windows for attacks. Particular attention should be paid to multi-stage liquidity management and price updating protocols, which directly affect the security of DeFi operations.
• Advances in social engineering and artificial intelligence have allowed attackers to bypass traditional security mechanisms, successfully manipulate employees and signatories, and create sophisticated phishing and targeted attacks.
• The laundering of stolen funds through multi-network bridges, mixers, decentralized exchanges, and the creation of meme tokens has greatly complicated the ability of law enforcement and cybersecurity companies to track and recover assets.
• Politically motivated attacks , such as the hack of Iranian exchange Nobitex that resulted in funds being withdrawn to crypto addresses containing offensive messages, highlight the need to consider the geopolitical context when building defense and crisis response strategies.

Measures and trends in response to threats

Companies and exchanges are actively responding to challenges:

• Programs to reward ethical hackers (bug bounty and White Hat Reward) are being developed and implemented to ensure timely detection of vulnerabilities.
• Infrastructure segmentation is being strengthened , multi-factor authentication, regular security audits and employee training are being introduced to minimize the role of the human factor.
• Collaboration with professional cybersecurity companies, analysts and law enforcement agencies is intensified to track, freeze and return stolen funds.
• Security standards for centralized and decentralized platforms are being rethought and updated , with an emphasis on multi-layered protection of critical assets and built-in anomaly monitoring.

Conclusion

The 2025 incidents have clearly demonstrated that in the world of cryptocurrency security, neither technical nor organizational aspects can be underestimated. Hacks are becoming more sophisticated, enterprising, and multi-layered, and the financial and reputational risks are colossal.

A consistent, comprehensive, and proactive approach to cybersecurity is needed to maintain industry trust, ensure the safety of user assets, and ensure the sustainability of the ecosystem. Without continuous improvements in security technologies, increased controls, greater transparency, and international cooperation, the crypto industry risks facing even larger crises that could negatively impact its development and mass adoption.

In summary, 2025 has become a powerful lesson for all market participants: cybersecurity is a universal and ongoing challenge that requires the integration of new technologies, human vigilance and coordinated efforts of the entire community.

If required, I am ready to prepare detailed recommendations on best security practices and analysis of new threats to cryptocurrency platforms.

1. https://happycoin.club/defi-platforma-arcadia-finance-podverglas-vzlomu-na-25-mln/
2. https://financefeeds.com/ru/Woo-X-%D0%BF%D1%80%D0%B8%D0%BE%D1%81%D1%82%D0%B0%D0%BD%D0%B0%D0%B2%D0%BB%D0%B8%D0%B2%D0%B0%D0%B5%D1%82-%D0%B2%D1%8 B%D0%B2%D0%BE%D0%B4-%D1%81%D1%80%D0%B5%D0%B4%D1%81%D1%82%D0%B2-%D0%BF%D 0%BE%D1%81%D0%BB%D0%B5-%D1%82%D0%BE%D0%B3%D0%BE—%D0%BA%D0%B0%D0%BA-14-%D 0%BC%D0%B8%D0%BB%D0%BB%D0%B8%D0%BE%D0%BD%D0%BE%D0%B2-%D0%BF%D0%BE%D0%BB %D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D0%B5%D0%B9-%D1%81%D1%8 2%D0%BE%D0%BB%D0%BA%D0%BD%D1%83%D0%BB%D0%B8%D1%81%D1%8C-%D1%81-%D1%83%D 1%82%D0%B5%D1%87%D0%BA%D0%BE%D0%B9-%D0%B4%D0%B0%D0%BD%D0%BD%D1%8B%D1%85/
3. https://dapp.expert/ru/news/arcadia-finance-soobshhaet-o-kraze-25-millionov-dollarov-v-rezultate-vzloma-1752575005-663051
4. https://www.block-chain24.com/news/novosti-bezopasnosti/woo-x-vremenno-ostanovila-vyvod-sredstv-posle-vzloma-na-14-mln
5. https://tgstat.ru/uz/channel/@easymarketcrypto
6. https://coinspot.io/world/woo-x-halts-withdrawals-after-14m-security-breach/
7. https://dapp.expert/ru/news/vzlom-arcadia-finance-kak-poteria-16-milliona-zatroula-ekosistemu-defi-1752584793-56693
8. https://ru.tradingview.com/ideas/%D0%BD%D0%BE%D0%B2%D0%BE%D1%81%D1%82%D0%B8/page-3/
9. https://tgstat.ru/en/channel/@easymarketcrypto
10. https://ru.tradingview.com/markets/cryptocurrencies/ideas/page-30/

Sources:
1 Increase in attacks on crypto companies: what to expect in 2025 and how to protect … (dtf.ru)
2 Russian companies in 2025 began to be subjected to cyber attacks more often (comnews.ru)
3 The number of cyber attacks in Russia and in the world – TAdviser
4 Cyber threats to the financial industry: forecast for 2025-2026 (ptsecurity.com)
9 Check Point Research presented a study of global cyber attacks for the second quarter of 2025 (itsec.ru)

1. https://dtf.ru/flood/3845488-rost-kiberatak-na-kriptokompaniji-2025
2. https://www.comnews.ru/content/240171/2025-07-15/2025-w29/1008/rossiyskie-kompanii-2025-g-stali-chasche-podvergatsya-kiberatakam
3. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%A7%D0%B8%D1%81%D0%BB%D0%BE_%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B0%D1%82%D0%B0%D0%BA_%D0%B2_%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B8_%D0%B8_%D0%B2_%D0%BC%D0%B8%D1%80%D0%B5
4. https://ptsecurity.com/ru-ru/research/analytics/kiberugrozy-finansovoi-otrasli—prognoz-na-2025-2026-g/
5. https://rt-solar.ru/analytics/reports/5626/
6. https://blog.cortel.cloud/2025/04/22/cyberattacks-2025-the-most-gromkie-inczidenty-i-utechki-pervogo-kvartala/
7. https://securelist.ru/malware-report-q1-2025-pc-iot-statistics/112821/
8. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-iv-kvartal-2024-goda-i-kvartal-2025-goda/
9. https://www.itsec.ru/news/check-point-research-p%D0%B8%D0%B1%D0%B5%D1%80%D0%B0%D1%82%D0%B0%D0%BA-%D0%B7%D0%B0-2025-predstavil-issledovaniye-mirovih-cyberatak-za-vtoroy-kvartal-2025
10. https://ddos-guard.ru/blog/daidzhest-kiberbezopasnosti-2025-Q1

Sources:
1 24 Channel — “Hackers made fun of Iranian crypto exchange Nobitex”
2 Forbes — “Pro-Israeli hackers withdrew more than $90 million from Iranian crypto exchange”
3 MoneyTimes — “Nobitex crypto exchange on fire: who stole millions and why…”
4 RBC — “Hackers stole $2 billion from crypto services in 2025. Who is behind the attacks”
5 MoneyTimes — “Nobitex crypto exchange on fire: $48 million disappeared, and hackers make fun of…”

1. https://24tv.ua/economy/ru/nobitex-atakovali-hakery-skolko-poterjala-iranskaja-kriptobirzha-jekonomika_n2849858
2. https://www.forbes.ru/finansy/539915-proizrail-skie-hakery-vyveli-bolee-90-mln-s-iranskoj-kriptovalutnoj-birzi
3. https://www.moneytimes.ru/news/iran-crypto-restrictions/67434/
4. https://www.rbc.ru/crypto/news/685ea64c9a7947de65e03d13
5. https://www.moneytimes.ru/news/crypto-exchange-hack/65360/
6. https://oxu.az/ru/v-mire/hakery-ukrali-2-mlrd-dollarov-iz-kriptoservisov-v-2025-godu-kto-stoit-za-atakami
7. https://www.ukr.net/ru/news/details/world/111952839.html
8. https://minfin.com.ua/2025/06/29/153734990/
9. https://www.tbank.ru/invest/stocks/1/pulse/
10. https://forklog.com/glavnoe-za-mesyats-vyzovy-dlya-bitkoina-aktualnaya-kiberbezopasnost-i-militarizatsiya-ii

Sources: Forbes, Elliptic, BleepingComputer, CoinDesk, SecurityLab, Bits.Media.

1. https://www.forbes.ru/finansy/539915-proizrail-skie-hakery-vyveli-bolee-90-mln-s-iranskoj-kriptovalutnoj-birzi
2. https://securitymedia.org/news/90-millionov-dollarov-v-ogon-khakery-unichtozhili-kriptovalyutu-krupneyshey-birzhi-irana.html
3. https://www.coindesk.com/ru/business/2025/06/18/why-pro-israel-group-s-usd90m-crypto-hack-could-be-a-hammer-blow-for-iran-s-regime
4. https://bits.media/iranskaya-kriptobirzha-nobitex-vozobnovlyaet-rabotu-posle-vzloma-na-90-mln/
5. https://www.coindesk.com/ru/markets/2025/06/18/iranian-crypto-exchange-nobitex-hacked-for-47m-by-suspected-israeli-group
6. https://www.securitylab.ru/news/560531.php
7. https://yellow.com/ru/news/%D0%B8%D1%80%D0%B0%D0%BD%D1%81%D0%BA%D0%B0%D1%8F-%D0%B1%D0%B8%D1%80%D0%B6%D0%B0-nobitex-%D0%BF%D0%B5%D1%80%D0%B5%D0%B 7%D0%B0%D0%BF%D1%83%D1%81%D0%BA%D0%B0%D0%B5%D1%82%D1%81%D1%8F-%D0%BF%D0% BE%D1%81%D0%BB%D0%B5-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0-%D0%BD%D0%B0-90 -%D0%BC%D0%BB%D0%BD-%D0%BF%D1%80%D0%B5%D0%B4%D1%83%D0%BF%D1%80%D0%B5%D0% B6%D0%B4%D0%B0%D0%B5%D1%82-%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0 %B0%D1%82%D0%B5%D0%BB%D0%B5%D0%B9-%D0%BE-%D1%80%D0%B8%D1%81%D0%BA%D0%B0% D1%85-%D1%81-%D0%BA%D0%BE%D1%88%D0%B5%D0%BB%D1%8C%D0%BA%D0%B0%D0%BC%D0%B8
8. https://ru.investing.com/news/cryptocurrency-news/article-2811287
9. https://frankmedia.ru/206567
10. https://news.bitcoin.com/ru/iranskaya-kriptobirzha-nachinaet-vosstanovlenie-koshelkov-posle-vzloma-na-90-mln/

Sources: SecurityLab 1 , CoinDesk 2 , ForkLog 6 , Binance Square 4 9 , Cryptopolitan 7 , Bits.Media 8 .

1. https://www.securitylab.ru/news/561592.php
2. https://www.coindesk.com/ru/web3/2025/07/19/indian-crypto-exchange-coindcx-suffers-44m-hack
3. https://phemex.com/ru/news/article/coindcx-suffers-442m-hack-tied-to-tornado-cash-laundering_13186
4. https://www.binance.com/ru/square/post/27164133406601
5. https://cryptorank.io/news/feed/058a1-coindcx-%D0%BD%D0%B5-%D0%BE%D0%B1%D1%8A%D1%8F%D0%B2%D0%BB%D1%8F%D0%BB-%D0%BE-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B5-%D0%BD%D0%B0-44-%D0%BC%D0%B8%D0%BB%D0%BB%D0%B8%D0%BE%D0%BD%D0%B0-%D0%B4%D0%BE%D0%BB
6. https://forklog.com/news/bitkoin-birzha-coindcx-poteryala-44-mln-v-rezultate-vzloma
7. https://www.cryptopolitan.com/ru/coindcx-losses-44-2-million-to-hackers/
8. https://bits.media/vzlomshchiki-indiyskoy-kriptobirzhi-coindcx-vyveli-44-mln/
9. https://www.binance.com/ru/square/post/27400130771001
10. https://coinedition.com/ru/%D0%B3%D0%B5%D0%BD%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9-%D0%B4%D0%B8%D1%80%D0%B5%D0%BA%D1%82%D0%BE%D1%80-coindcx-%D0%BE%D0%BF%D1%80%D0%BE%D0%B2%D0%B5%D1%80%D0%B3%D0%B0%D0%B5%D1%82-%D0%BE/

1. https://ru.beincrypto.com/vzlom-birzhi-bigone-ukradeno-27-mln-dollarov/
2. https://www.binance.com/ru/square/post/27385309783098
3. https://www.coindesk.com/ru/markets/2025/07/16/crypto-exchange-bigone-confirms-27m-hack-vows-full-user-compensation
4. https://bits.media/slowmist-cryptoexchange-bigone-lost-27-mln-due-to-hack/
5. https://www.securitylab.ru/news/561492.php
6. https://incrypted.com/bigone-bank-lost-27-mln-yz-due-to-hacker-attacks/
7. https://phemex.com/ru/news/article/bigone-to-restore-services-after-27-million-hot-wallet-attack_12816
8. https://cryptorank.io/news/feed/90590-%D1%85%D0%B0%D0%BA%D0%B5%D1%80%D1%8B-%D1%83%D0%BA%D1%80%D0%B0%D0%BB%D0%B8-27-%D0%BC%D0%B8%D0%BB%D0%BB%D0%B8%D0%BE%D0%BD%D0%BE%D0%B2-%D0%B4%D0%BE%D0%BB%D0%BB%D0%B0%D1%80%D0%BE%D0%B2-%D1%83-%D0%B1%D0%B8
9. https://cisoclub.ru/hakery-vyveli-kriptovaljutu-na-27-mln-dollarov-posle-ataki-na-birzhu-bigone/
10. https://www.okx.com/ru/news/article/bigone-hacked-hacker-steals-over-27-million-worth-crypto-49746338045984

1. https://amlcrypto.io/ru/blog/chronology-of-the-events-of-the-bit-hack
2. https://rg.ru/2025/02/26/legkie-dengi.html
3. https://www.fontanka.ru/2025/02/21/75139949/
4. https://www.finam.ru/publications/item/kak-vzlomali-bybit-20250223-1604/
5. https://www.gate.com/ru/learn/articles/the-bybit-hacking-incident-analysis-security-challenges-of-cex/6709
6. https://ru.investing.com/news/cryptocurrency-news/article-2726859
7. https://habr.com/ru/news/884788/
8. https://www.tbank.ru/invest/social/profile/T-Journal/cf1209e3-1bdd-4ec8-9e7c-9eb2ae67454a/
9. https://www.binance.com/ru/square/post/02-21-2025-bybit-hack-slowmist-unveils-technical-details-behind-bybit-s-1-4-billion-hack-20616182934770
10. https://www.anti-malware.ru/news/2025-02-24-114534/45354

1. https://www.chainalysis.com/blog/2025-crypto-crime-mid-year-update/
2. https://crystalintelligence.com/investigations/the-10-biggest-crypto-hacks-in-history/
3. https://thehackernews.com/2025/02/thn-weekly-recap-from-15b-crypto-heist.html
4. https://www.ainvest.com/news/bitcoin-news-today-crypto-exchanges-lose-1-5-billion-july-2025-cyberattacks-2507/
5. https://www.ainvest.com/news/cryptocurrency-exchanges-lose-1-5-billion-july-2025-hacks-2507/
6. https://www.bleepingcomputer.com/news/cryptocurrency/
7. https://www.cisoplatform.com/profiles/blogs/cisoplatform-breach-intelligence-july-20-2025-microsoft-sharepoin
8. https://www.ccn.com/education/crypto/crypto-hacks-exploits-full-list-scams-vulnerabilities/
9. https://www.trmlabs.com/resources/blog/irans-largest-crypto-exchange-targeted-in-90m-hack
10. https://dig.watch/updates/crypto-hacks-soar-in-2025-as-security-gaps-widen
11. https://www.infosecurity-magazine.com/news/crypto-hack-losses-half-exceed-2024/
12. https://www.cnbc.com/2025/07/17/crypto-theft-hits-record-in-2025.html
13. https://www.investopedia.com/investors-have-lost-nearly-usd2-5b-on-crypto-scams-hacks-11764561
14. https://www.mariblock.com/crypto-theft-soared-to-all-time-high-in-h1-2025-chainalysis/
15. https://cybernews.com/crypto/crypto-hackers-getting-sophisticated
16. https://cryptodnes.bg/en/crypto-platform-suffers-12-million-exploit-across-multiple-blockchain-networks/
17. https://cybernews.com/crypto/crypto-hackers-getting-sophisticated/
18. https://www.reuters.com/business/crypto-sector-breaches-4-trillion-market-value-during-pivotal-week-2025-07-18/
19. https://coinpedia.org/news/crypto-hack-weekly-report-2-2-billion-stolen-in-2024-centralized-exchanges-hit-hard/
20. https://www.analyticsinsight.net/cryptocurrency-analytics-insight/top-cryptocurrency-hacks-of-2025-what-shook-the-blockchain-world