
Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Sarah Gooding
March 3, 2025
Record-breaking losses have shaken the crypto ecosystem in the wake of the $1.46 billion Bybit attack, which currently ranks as the largest digital heist ever recorded. The cryptocurrency industry started 2025 with devastating financial losses, according to the latest report from blockchain security platform Immunefi. In just the first two months of this year, crypto projects have lost a staggering $1.6 billion to security breaches—already surpassing the entire 2024 total of $1.49 billion.
This represents an alarming 8x increase compared to the same period last year, when losses totaled approximately $200 million.
February 2025 alone accounted for $1.53 billion in losses across nine specific hacking incidents, marking an 18x increase from February 2024 ($81.6 million) and a 20x surge from January 2025 ($73.9 million).
The majority of these losses were concentrated in two high-profile attacks:
The Bybit attack alone represents 95.5% of February's total losses and has delivered a major blow to the centralized finance (CeFi) sector.
February's attack pattern reveals an interesting dynamic between centralized and decentralized finance platforms:
While DeFi has historically been considered more vulnerable to attacks, this massive CeFi breach demonstrates that no sector of the crypto ecosystem is immune to sophisticated threat actors.
Security experts and intelligence agencies have attributed the Bybit attack to the notorious Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the Bybit attack. This represents a concerning escalation in their operations, successfully targeting one of the world's largest cryptocurrency exchanges.
The group's involvement aligns with their recent pattern of increasingly sophisticated attacks. In January 2025, our security researchers uncovered a Lazarus operation targeting developers through a malicious npm package called "postcss-optimizer." This package contained BeaverTail malware designed to steal credentials and cryptocurrency wallet information from developers' systems. The attack specifically targeted private keys from various crypto wallets including MetaMask, Phantom, Binance Wallet, and Coinbase Wallet.
Using malware-infected npm packages is nothing new for this group, as they've repeatedly leveraged the open source ecosystem to target developers with access to valuable cryptocurrency infrastructure and codebases. These diverse activities across the cryptocurrency ecosystem—from supply chain attacks on developers to major exchange breaches like Bybit—demonstrate the group's persistent focus on cryptocurrency theft as a means of generating revenue for the North Korean regime. While these appear to be separate campaigns, they demonstrate the breadth of Lazarus Group's targeting within the crypto sector.
In her assessment of the incident, security researcher Taylor Monahan highlighted a critical vulnerability in the cryptocurrency industry's security posture: even the most well-funded organizations within the crypto ecosystem remain insufficiently prepared to defend against determined adversaries like the Lazarus Group.
She specifically identified the persistent issue of "blind-signing" as a fundamental flaw that makes such attacks predictable. This practice, where cryptocurrency users authorize transactions without comprehensively examining their details, creates an exploitable gap that attackers can target—exactly as demonstrated in the Bybit incident.
Hackers continue to focus their efforts on established blockchain networks:
Beyond the major Bybit and Infini breaches, several other projects experienced significant losses:
The unprecedented scale of losses in early 2025 signals a worrying trend for cryptocurrency security. With state-backed hackers setting an aggressive tone for the year, experts anticipate continued attacks targeting crypto infrastructure.
These major breaches highlight the urgent need for stronger security measures across the industry. As attacks grow more sophisticated—including not just technical exploits but also social engineering and insider threats—crypto platforms must prioritize comprehensive security strategies that address the full spectrum of potential vulnerabilities.
The surge in successful attacks—particularly against a major exchange like Bybit—raises serious questions about the industry's security readiness. With $1.6 billion lost in just two months, investor confidence may face significant headwinds throughout 2025.
The involvement of state-backed actors like the Lazarus Group signals a troubling escalation in threat sophistication. Their successful targeting of one of the largest exchanges demonstrates that even well-funded platforms with substantial security resources remain vulnerable.
As the Trail of Bits analysis concludes, these attacks reveal an escalating pattern, with each compromise building on the last. The progression from the WazirX Exchange ($230M, July 2024) to Radiant Capital ($50M, October 2024) and finally to Bybit ($1.5B, February 2025) demonstrates an alarming evolution in both scale and sophistication.
"In each case, the attackers didn’t exploit smart contract or application-level vulnerabilities," the Trail of Bits team wrote. "Instead, they compromised the computers used to manage those systems using sophisticated malware to manipulate what users saw versus what they actually signed."
These high-profile incidents could accelerate regulatory scrutiny in 2025. The unprecedented scale of the Bybit hack in particular may prompt regulators to revisit existing frameworks for cryptocurrency exchange security.
As the cryptocurrency market continues to mature, the tension between innovation and security remains unresolved. These record-breaking losses may ultimately serve as a catalyst for industry-wide security standards that have thus far remained elusive.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.