Over $3 Billion Stolen in Crypto Hacks During First Half of 2025
A recent study by Swiss blockchain analysis firm Global Ledger has indicated that in the first six months of 2025, more than $3.01 billion was lost to 119 different cryptocurrency hacks, a figure that exceeds the total amount stolen throughout all of 2024. This increase is not merely in the amount stolen but also in the speed at which these funds are being laundered.
Speed of Laundering Raises Concerns
The report examined on-chain data associated with each hack and evaluated how swiftly the perpetrators moved the stolen funds through various methods, including mixers, bridges, and centralized exchanges. By analyzing the timeline between the initial hack and the laundering’s conclusion, researchers discovered that funds are often laundered in a matter of minutes, frequently before victims even become aware of the breach.
Alarmingly Fast Laundering Times
According to the findings, nearly 23% of the time, the laundering was already finalized before the breach was made public. In numerous other instances, the stolen assets were already in transit by the time victims realized they had been compromised. Consequently, by the moment a breach is reported, it may already be too late to recover the funds.
Challenges for AML Systems and VASPs
As cybercriminals continue to enhance their laundering techniques, Anti-Money Laundering (AML) frameworks and Virtual Asset Service Providers (VASPs) face significant challenges. In some extreme cases, laundering occurs almost instantaneously; in the fastest recorded instance, funds were transferred just four seconds after the initial exploit, and the entire laundering process was completed in less than three minutes. Overall, 31.1% of laundering activities were finalized within 24 hours, while public disclosures of the hacks took an average of 37 hours. Attackers typically initiated fund transfers about 15 hours post-breach, giving them a nearly 20-hour advantage before detection.
Centralized Exchanges at Risk
Centralized exchanges (CEXs) are the most frequently targeted by hackers, accounting for 54.26% of total losses in 2025, significantly more than token contract exploits and personal wallet breaches. The report highlighted that 15.1% of laundered cryptocurrency in the first half of 2025 passed through CEXs, where compliance teams often have a mere 10 to 15 minutes to intervene before the funds are lost.
Need for Enhanced Compliance Measures
In light of the evolving tactics of cybercriminals, the report suggests that the traditional ticket-based compliance processes used by exchanges are no longer adequate. It advocates for the implementation of real-time, automated monitoring and responsive systems capable of detecting and halting illicit activities before the laundering process is completed. In essence, to combat the rapid laundering, CEXs must develop equally swift detection and response mechanisms.
New Regulations Amplifying Compliance Pressure
Recent legislation, including the Genius Act signed into law by former President Donald Trump on July 18, has intensified the scrutiny on exchanges and other VASPs, mandating stricter AML compliance and quicker response times.
Legal Accountability in Crypto Development
The ongoing trial of Roman Storm, a developer associated with Tornado Cash, highlights a shifting perspective among regulators regarding accountability in the crypto space. Central to this case is the issue of whether developers and platforms should be responsible for preventing illicit activities they could foresee.
Implications for Open-Source Development
Prosecutors have argued that Storm possessed the capability to implement preventive measures against illicit use but failed to do so. Facing multiple charges, including conspiracy to commit money laundering, Storm’s platform has allegedly facilitated over $1 billion in illegal transactions, including funds associated with North Korea’s Lazarus Group. If found guilty, he could face a lengthy prison sentence of up to 45 years. This case could set a significant precedent for open-source development and privacy tools, as many fear that prosecuting developers for their code could stifle innovation and infringe on software freedom.
