**Episode Description:**The first half of 2025 has witnessed an unprecedented surge in cyberattacks against cryptocurrency exchanges, leading to billions of dollars in stolen digital assets [1-3].
In this episode of "Upwardly Mobile," we delve into the alarming statistics from CertiK's latest report and dissect the most significant incidents, including the Coinbase data breach and the Bybit hack [1, 2, 4]. Discover the evolving tactics employed by sophisticated attackers—from insider threats and social engineering to supply chain attacks and wallet compromises—and explore the critical security measures and technologies platforms are implementing to safeguard user funds and rebuild trust in the volatile Web3 landscape [5-11].
Key Takeaways:
• Record-Breaking Losses in H1 2025: Approximately $2.47 billion in cryptocurrency was stolen through hacks, scams, and exploits in the first half of 2025, already surpassing the total amount lost in all of 2024 [1-3]. According to CertiK, when accounting for confirmed, unrecovered losses, the net figure stands at $2.29 billion, exceeding last year's adjusted total of $1.98 billion [3].
• Major Incidents Driving Losses: Two significant events accounted for nearly $1.78 billion of the total losses in H1 2025 [3]:
◦ Bybit Breach (February 2025): Hackers stole an estimated $1.4 billion from the Dubai-based exchange in an attack linked to Lazarus, a state-sponsored North Korean APT group [1]. This incident largely contributed to wallet compromise being the costliest attack vector [6].
◦ Cetus Protocol Incident: This decentralized exchange (DEX) on Sui lost $225 million due to hackers using spoofed tokens and price manipulation [6].
• Coinbase Under Attack:
◦ May 2025 Data Breach (Insider Threat/Social Engineering): Hackers bribed and coerced a small group of overseas customer support agents to steal sensitive customer data, including names, dates of birth, partial Social Security numbers, masked bank account numbers, addresses, phone numbers, and emails [4]. While no login credentials or private keys were obtained, this data was used for social engineering attacks [4]. Coinbase refused a $20 million extortion attempt and instead established a $20 million reward fund for information leading to the attackers' arrest [12]. The estimated financial impact for Coinbase is between $180 million and $400 million, including voluntary customer reimbursements for funds lost to social engineering [12]. This incident highlighted the critical risk of insider threats and the need for enhanced real-time endpoint security and data loss prevention (DLP) [5, 7].
◦ March 2025 GitHub Action Supply Chain Attack: Coinbase was an initial target of a supply chain attack on GitHub Action, exploiting a public continuous integration/continuous delivery flow [5]. Coinbase successfully detected and mitigated this issue [5].
• Evolving Attack Vectors:
◦ Social Engineering and Phishing: These tactics remain highly lucrative, with scammers evolving methods to trick victims into revealing sensitive information or transferring funds [6, 13]. Phishing was the most costly attack vector in Q2 2025, with over $395 million lost, surpassing previous periods [14].
◦ Wallet Compromise: This has been the costliest attack vector overall in H1 2025 due to major incidents like the Bybit hack [6].
◦ Infrastructure-Level Breaches: More than 80% of stolen funds in 2025 have resulted from breaches where hackers gain significant access to core infrastructure [7].
◦ Targeting Employees/Contractors: The Coinbase incident specifically illustrates a growing trend of cybercriminals bribing or coercing individuals with legitimate system access [7].
◦ Supply Chain Attacks: Exploiting vulnerabilities in third-party tools or service providers, often through weak APIs or compromised software updates [10].
◦ Malware Attacks: Including Advanced Persistent Threats (APTs) and keylogging for credential theft [15].
• Strengthening Defenses: Crypto exchanges are implementing comprehensive security frameworks and multi-layered approaches to build resilience [11]:
◦ Advanced Wallet Technologies: Utilizing Multi-Party Computation (MPC) Wallets to eliminate single points of failure by never reconstructing private keys in full [9, 16], alongside robust hot-warm-cold storage architectures [16].
◦ Enhanced Security Protocols: Implementing Multi-Fac
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Clay Travis and Buck Sexton Show
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.