β‘ Key Highlights
- Hackers stole $2.72 billion in crypto in 2025, making it the costliest year on record (TRM Labs, Chainalysis). North Korean actors alone took $2 billion, roughly 74% of the total
- The 10 largest hacks of 2025 accounted for $2.2 billion of the total, meaning the damage was heavily concentrated in a handful of massive incidents
- Not a single one of the top 5 incidents in 2025 was a smart contract exploit. All were operational failures: compromised private keys, phishing, social engineering, and bribed insiders
- Only $387 million (13.2%) of stolen funds was recovered or frozen across 18 major incidents. The remaining 86.8% was permanently lost
- The critical crypto insurance lessons from 2025: crime/specie insurance would have covered the largest losses, cyber insurance would have covered the data breaches, and most companies had neither
- Bybit survived a $1.5B hack without insurance by using massive reserves. Step Finance died after a $40M hack with no insurance and no reserves. The difference was not skill, it was financial cushion
- War exclusions in insurance policies could have denied coverage for 74% of 2025’s total losses because North Korean state actors were responsible
$2.72 Billion Stolen in 2025: The Crypto Insurance Lessons Every Founder Needs
The crypto insurance lessons from 2025 are written in stolen billions. Hackers took $2.72 billion in crypto last year, according to both Chainalysis and TRM Labs, making 2025 the costliest year on record for digital asset theft. North Korean state-sponsored hackers alone accounted for at least $2 billion of that total, an industrial-scale operation that has now extracted roughly $6 billion since 2017.[TechCrunch]
Yet 89% of the crypto industry remains uninsured. Most of the companies and protocols that lost money in 2025 had no insurance coverage at all. Of the handful that did, many held the wrong type of policy, one that would not have covered the attack that actually happened.
This article analyzes the 10 largest crypto hacks of 2025, maps each one against the insurance coverage that would (or would not) have helped, and extracts the crypto insurance lessons that every founder, CTO, and treasury manager needs before the next breach.
The 10 Largest Crypto Hacks of 2025: What Was Stolen and How
| # | Target | Date | Amount | Attack Type | Outcome |
|---|---|---|---|---|---|
| 1 | Bybit | Feb 21 | $1.4B | Multisig wallet compromise (DPRK Lazarus) | Survived. Covered losses from reserves |
| 2 | Cetus | May 22 | $223M | Spoof token exploit (asset validation flaw) | Paused operations, investigating |
| 3 | Balancer | Nov 3 | $128M | Composable stable pools rounding exploit | Pools frozen, post-mortem released |
| 4 | Bitget | Apr 20 | $100M | Market-maker bot exploit (price manipulation) | Covered losses from treasury |
| 5 | Nobitex | Jun 18 | $90M | Hot wallet hack (geopolitically motivated) | Funds destroyed in vanity addresses |
| 6 | Phemex | Jan 23 | $85M | Private key exposure (hot wallet) | Paused withdrawals, cold storage safe |
| 7 | UPCX | Apr | $70M | Compromised private key | Token price collapsed, limited recovery |
| 8 | BtcTurk | Jun | $55M | Hot wallet key compromise | Binance froze portion, cold storage safe |
| 9 | CoinDCX | Jul 19 | $44M | Server breach (API/credential compromise) | Covered from treasury, no customer loss |
| 10 | GMX (V1) | Jul 9 | $42M | Reentrancy exploit (GLP pool) | V1 paused, bounty offered, V2 unaffected |
Sources: The Block, TRM Labs, Chainalysis, CryptoSlate, Blockchain Reporter[The Block]
Crypto Insurance Lessons: Mapping Each Hack to the Coverage That Was Needed
The most important crypto insurance lessons from 2025 come from mapping each incident to the specific type of insurance that would have responded. The pattern is revealing.
| Incident | Insurance Needed | Would Cyber Insurance Cover It? | War Exclusion Risk? |
|---|---|---|---|
| Bybit ($1.4B) | Crime/specie | No | Yes (DPRK) |
| Cetus ($223M) | Smart contract cover | No | No |
| Balancer ($128M) | Smart contract cover | No | No |
| Bitget ($100M) | Crime/specie | No | No |
| Nobitex ($90M) | Crime/specie | No | Yes (state actor) |
| Phemex ($85M) | Crime/specie | No | Unknown |
| Figure Technology (data breach) | Cyber liability | Yes | No |
| Step Finance ($40M) | Crime/specie | No | Unknown |
π The Core Crypto Insurance Lessons from This Data
Lesson 1: Cyber insurance would not have covered any of the top 10 hacks. Every single one of the largest incidents in 2025 involved theft of digital assets, not data breaches. Standard cyber insurance for crypto companies covers data breach response, ransomware, and business interruption, but explicitly excludes digital asset theft. The coverage most crypto companies actually need is crime/specie insurance, which covers theft of custodied assets.
Lesson 2: Smart contract cover would have helped for only 2 of the top 10. Despite the narrative that DeFi hacks dominate, only the Cetus and Balancer exploits were true smart contract vulnerabilities. The other eight were all operational failures: compromised keys, phishing, social engineering, and insider access.
Lesson 3: War exclusions could void coverage for 74% of total losses. North Korean actors stole at least $2 billion of the $2.72 billion total. Any policy with a war or nation-state exclusion clause could deny coverage for these attacks. This is the single largest gap in the crypto insurance market today.
Lesson 4: Companies that survived did so through reserves, not insurance. Bybit covered $1.4 billion from its balance sheet. Bitget covered $100 million from its treasury. CoinDCX covered $44 million from its treasury. Step Finance, which had neither insurance nor sufficient reserves, shut down permanently. The crypto insurance lessons here are brutal: without insurance, survival depends entirely on how deep your pockets are.
Crypto Insurance Lessons: The Attack Vector Shift That Changes Everything
One of the most important crypto insurance lessons from 2025 is the fundamental shift in how attackers operate. As TRM Labs noted, attacks in 2025 were “even more organized and professionalized” with operations that were “faster, better coordinated, and far easier to scale.”[Yahoo Finance/Decrypt]
The shift breaks down into three categories:
From “hacking in” to “logging in.” The era of brute-force smart contract exploits is giving way to credential theft, social engineering, and insider compromise. Attackers are stealing private keys through phishing, bribing employees (as in the Coinbase data breach), and compromising supply chains. This makes crime insurance and operational security more important than smart contract audits alone.
From financial motivation to geopolitical warfare. The Nobitex hack ($90M) was attributed to a pro-Israeli hacking group targeting Iran’s largest exchange. Funds were not laundered but destroyed in vanity addresses with anti-government messages. This represents a category of attack that no insurance policy currently covers: ideologically motivated destruction of assets.
From isolated incidents to industrial-scale operations. North Korea’s Lazarus Group has industrialized crypto theft. With $6 billion stolen since 2017, they operate like a professional hedge fund, with IT workers infiltrating companies, sophisticated social engineering at scale, and advanced laundering through mixers and cross-chain bridges. This is not opportunistic hacking. It is state-sponsored financial warfare.
Crypto Insurance Lessons for Founders: The 5-Point Action Plan
Based on the crypto insurance lessons from 2025, here is what every crypto founder and treasury manager should do now.
π‘οΈ The 5-Point Crypto Insurance Action Plan
1. Get crime/specie insurance, not just cyber insurance. The data is unambiguous: 8 of the 10 largest hacks in 2025 involved digital asset theft. Cyber insurance does not cover this. You need a separate crime or specie policy from providers like Evertas, Munich Re, or through Marsh’s facility. If you can only afford one policy, crime insurance protects against the losses that actually kill crypto companies.
2. Negotiate your war exclusion explicitly. Do not sign any policy without understanding exactly how the war/nation-state exclusion is worded. Ask your broker: if North Korea’s Lazarus Group steals our assets, is this covered? If the answer is no (and it probably is), push for a narrower exclusion or a specific carve-out. This is now the most important clause in any crypto insurance contract.
3. Build reserves as insurance of last resort. Bybit, Bitget, and CoinDCX survived because they had treasury reserves large enough to cover losses. Until the crypto insurance market matures enough to offer large-scale crime coverage at reasonable premiums, reserves remain the ultimate backstop. A general guideline: maintain reserves equal to at least 10% to 20% of assets under custody.
4. Layer your coverage. No single policy covers everything. Build a program that includes crime/specie insurance (digital asset theft), cyber liability (data breaches, ransomware, regulatory fines), D&O coverage (executive liability), and smart contract cover from on-chain providers like Nexus Mutual for DeFi interactions. See our complete crypto insurance guide for a full coverage framework.
5. Invest in operational security to lower premiums and prevent claims. Every one of the top 10 hacks in 2025 could have been mitigated or prevented with stronger operational controls: hardware security keys for all signers, device separation for treasury operations, continuous security monitoring, and employee training against social engineering. These controls also reduce insurance premiums by 20% to 50%.
Crypto Insurance Lessons: Bybit vs Step Finance, the Case Study That Tells the Whole Story
The starkest crypto insurance lessons from 2025 come from comparing two companies that faced similar attacks with drastically different outcomes.
| Bybit | Step Finance | |
|---|---|---|
| Amount stolen | $1.4 billion | $40 million |
| Attack vector | Multisig wallet UI compromise | Device compromise, treasury drain |
| Insurance? | No | No |
| Reserves? | Yes (massive) | No |
| Outcome | Survived | Shut down permanently |
| Lesson | Without insurance, survival depends on reserves. Small and mid-sized firms cannot self-insure a major hack. | |
Bybit lost 35 times more money than Step Finance but survived because it had the balance sheet to absorb a $1.4 billion hit. Step Finance lost $40 million and died. The crypto insurance gap is not just about large companies. It is existential for small and mid-sized protocols that cannot self-fund a recovery. Insurance is the equalizer.
The Recovery Problem: Why 86.8% of Stolen Crypto Is Gone Forever
Of the $2.72 billion stolen in 2025, only approximately $387 million (13.2%) was recovered or frozen across 18 major incidents. The remaining 86.8% was permanently lost. This recovery rate underlines why insurance matters more than post-hack forensics.[CryptoSlate]
Why recovery rates are so low: attackers in 2025 used instant token swaps, cross-chain bridges, and privacy mixers like Tornado Cash to launder funds within minutes of theft. In some cases (Nobitex), funds were deliberately destroyed rather than laundered. North Korean operations convert stolen crypto to Bitcoin and route it through dozens of wallets across multiple chains before cashing out through complicit exchanges.
The crypto insurance lessons are clear: you cannot count on recovering stolen funds. Insurance is risk transfer before the event, not damage control after it.
Crypto Insurance Lessons: Frequently Asked Questions
π° More on CryptoNewsBytes
- Crypto Insurance in 2026: Why the Industry’s Biggest Problem Is Not Hackers, It Is Having No Safety Net
- Crypto in 2026: $16B Market Coming, But 90%+ Still Uninsured
- Cyber Insurance for Crypto Firms: What’s Covered, What’s Not, and How to Lower Your Premiums
- Best Crypto Insurance Providers in 2026: Evertas, Nexus Mutual, Marsh and More Compared
- Step Finance Hack: $40M Stolen, Platform Shuts Down Permanently
- Figure Technology Data Breach: Hackers Dump 2.5GB Stolen Records
Sources: TechCrunch | The Block | CryptoSlate | Yahoo Finance/Decrypt | DeepStrike | Blockchain Reporter | Crystal Intelligence | CoinLaw
Disclaimer: This article is for informational purposes only and does not constitute insurance, financial, or legal advice. All analysis is based on publicly available information at the time of writing. This is not sponsored content. CryptoNewsBytes has no affiliation, partnership, or financial relationship with any insurance provider mentioned. Consult a licensed insurance broker with crypto-specific expertise for advice tailored to your business.
