The number of hacking incidents and the amount of damage to virtual asset platforms increased this year compared to last year. In particular, the damage from hacking of centralized exchanges (CEX) due to private key breaches has increased significantly. Since assets stolen through hacking are difficult to trace after going through money laundering, public and private companies need to cooperate to build preventive measures.
Blockchain analysis firm Chainalysis released a '2025 Virtual Asset Crime Report' with this content on the 19th. According to the report, the funds stolen through virtual asset hacking this year amounted to $2.2 billion (about 3.1 trillion won), an increase of 21.7% from the previous year. The number of hacking incidents this year also increased to 303, up from 282 last year.
Among virtual asset platforms, CEX suffered the most damage from hacking. In fact, the Japanese virtual asset exchange 'DMM Bitcoin' suffered $305 million in damage from hacking last May, and two months later, the Indian virtual asset exchange 'WazirX' was stolen $234.9 million. Chainalysis said, "The place that suffered the most damage from hacking was the decentralized finance (DeFi) platform until the first half of this year," and "DeFi platform developers tend to prioritize growth and product launch over security, making them vulnerable to hacking attacks." However, Chainalysis added that "CEX hacking was the most prevalent in the second and third quarters of this year."
The main cause of exchanges being hacked is mostly due to private key breaches. In CEX, the private key is the gateway to accessing customer assets, so security is important. Chainalysis said, "As the target of hacking has shifted from DeFi to exchanges, the importance of private key protection has increased," and "the damage caused by private key breaches is fatal as exchanges manage large amounts of funds." It also said, "The DMM Bitcoin case, one of the largest virtual asset hacking cases ever, was likely due to poor private key management or security."
Chainalysis emphasized that the public and private sectors need to cooperate in advance to effectively respond to virtual asset hacking. Once a virtual asset is hacked, it becomes difficult to trace the flow of funds if it goes through the money laundering process using decentralized exchanges (DEX), mining, and mixing services. It also advised that companies should strengthen their hiring process to prepare for cases where North Korean hackers disguise themselves as employees to steal information and funds from virtual asset companies.
Chainalysis said, "As virtual asset regulations evolve, platform security and customer asset protection supervision will be strengthened," and "the virtual asset industry must also strive for prevention in line with the changes." It added, "You need to build a team that can respond quickly in cooperation with law enforcement agencies," and "you need to thoroughly manage the hiring process, including identity verification, and focus on private key management to protect important assets."
- Jae-heon Choi, Reporter
- chsn12@decenter.kr
< Copyright holder ⓒ Decenter, Unauthorized reproduction and redistribution prohibited >
