On April 2, 2025, the cryptocurrency industry faced a major shock when hacks reached a record $2 billion in Q1, a 96% increase compared to the same period last year. The $1.4 billion hack at Bybit, carried out by North Korean hackers, exposed the industry’s 'Achilles' heel': access control attacks. Can the crypto industry fix this vulnerability, or will it continue to be a 'target' for cybercriminals?
Record $2 Billion Stolen: Access Control Attacks Rise
According to the Web3 Security report, cryptocurrency hacks in Q1 2025 took $2 billion – an increase of 96% compared to Q1 2024 ($1.02 billion). Notably, 83% of the stolen funds came from access control attacks, marking the third consecutive quarter that this type of attack has dominated. This is a concerning trend, indicating the increasing sophistication of cybercriminals.
The largest hack occurred at Bybit in February 2025, with $1.4 billion stolen by North Korean hackers – considered the largest financial theft in history and a 'national security emergency', according to security experts. The hackers targeted Bybit's infrastructure, specifically the Amazon Web Services, to infiltrate cryptocurrency wallets and withdraw assets in just a few seconds.
Access Control Attacks: The 'Achilles' Heel' of the Crypto Industry
Access control attacks exploit vulnerabilities in the infrastructure of projects, such as web hosting services or multi-signature wallets. For example, in the Bybit incident, North Korea infiltrated the web hosting of Safe Wallet – the most popular multi-signature wallet provider – and injected malware. This code replaced Bybit's normal transactions with a malicious transaction, transferring control of Bybit's wallet to the hacker.
Yehor Rudytsia, an on-chain security researcher at Hacken, told DL News: 'These attacks often occur due to poor operational security practices in projects.' Multi-signature wallets, designed to enhance security by requiring multiple parties to approve transactions, become useless when hackers control the infrastructure and trick users into 'blind-signing' malicious transactions.
Safe Wallet is the 'main victim', with major hacks involving this wallet for three consecutive quarters. In October 2024, Radiant Capital lost $55 million after the Safe Wallet was attacked. In July 2024, North Korean hackers used social engineering techniques to seize the Safe Wallet of WazirX (India), taking away $235 million. Hacken emphasized: 'This is not a weakness of multi-signature wallets, but a warning to improve the design and infrastructure around it.'
Solution: Improve Security and Transaction Identification
Hacken suggests that projects need to update their infrastructure and alert users when transactions are replaced by malicious ones. One solution is to implement distinct transaction signatures, allowing users to verify transaction details before approval, reducing the risk of blind signing. Additionally, companies need to enhance operational security, such as conducting regular infrastructure audits and training staff on social engineering.
New Money Laundering Techniques: More Sophisticated Than Ever
With a large amount of money stolen, hackers are testing new money laundering methods to conceal the origins and convert it into cash. A prominent trend is using leveraged trading on decentralized exchanges (perpetual futures). Hackers use stolen cryptocurrency to open large leveraged positions, then bet against it on another exchange using clean capital. When the leveraged position is liquidated, the dirty money 'disappears', while profits from the opposite position are retained as clean capital, making the money appear legitimate.
Another method is to pretend to be a 'bad trader', intentionally losing for trading bots to mix dirty money into normal DeFi arbitrage activities. Rudytsia stated: 'This way, the attacker can evade traditional detection patterns of exchanges and compliance systems.' These techniques are increasingly necessary due to the effectiveness of blockchain analysis tools and anti-money laundering features (such as Railgun's Private Proofs of Innocence).
Impact on the Crypto Market
Bybit: Lost $1.4 billion, trust in the exchange significantly decreases (trading volume dropped 30% after the hack, according to CoinMarketCap).
Crypto market: Market cap decreased by 11.65% ($2.88 trillion), trust in security weakened (Ethereum down 45%, Bitcoin down 12% Q1 2025).
Security industry: Companies like Hacken are calling for improvements in infrastructure (Safe Wallet lost $1.7 billion over three quarters).
Conclusion: Is the Crypto Industry Facing a 'Storm' of Hacks?
A record $2 billion stolen in Q1 2025, with a $1.4 billion hack at Bybit, has exposed a significant vulnerability in the crypto industry: access control attacks. Hackers are becoming increasingly sophisticated, targeting multi-signature wallets and infrastructure, while new money laundering techniques make tracing more difficult. If security is not improved, the crypto industry may continue to be a 'target' for cybercriminals. Will solutions like distinct transaction signatures be enough to protect investors? As hackers continue to evolve, the crypto industry faces its greatest challenge yet.
Risk warning: Crypto investment carries high risks due to price volatility and the threat of hacks. Please use secure wallets and carefully check transactions.