For years, spectacular exchange collapses and flamboyant fraudsters dominated headlines about cryptocurrency crime. In 2025, by contrast, the biggest threat to everyday crypto holders has been quieter, more technical, and, in many cases, harder to spot.
Clipboard-hijacking malware and so-called infostealers are steadily siphoning funds from individual users, even as the wider industry insists that its security is maturing.
According to data collected by blockchain security firm Slowmist, cybercriminals stole nearly $3bn through crypto hacks and scams in 2025. Researchers recorded 202 separate hack events, a figure that understates the concentration of damage. One incident alone accounted for almost half of all losses: a $1.46bn theft from the ByBit exchange in February 2025.
That episode illustrated how modern crypto crime often hinges on supply-chain weaknesses rather than crude break-ins. Attackers compromised one of ByBit’s suppliers and secretly altered the digital wallet address used for large internal transfers. When ByBit attempted to move roughly 401,000 ether to its own wallet, the funds were instead routed directly to the hackers. In a system where transactions are final, the mistake was irreversible.
Beyond such headline-grabbing incidents, the broader pattern reveals sustained pressure across multiple blockchain ecosystems. Ethereum was the most targeted, suffering 33 hacks and scams that led to losses of $245m.
The Binance Smart Chain followed, with 25 incidents and losses of around $20m. While these sums are smaller than the ByBit theft, they reflect a steady attrition that disproportionately affects retail users rather than institutions.
“Crypto is ideal for cybercriminals because transactions are irreversible and nearly anonymous,” says Marijus Briedis, chief technology officer at NordVPN. “There’s no bank to freeze funds, no chargebacks, and assets quickly vanish through mixers or decentralised platforms. For hackers, it’s the perfect heist: high reward, low traceability, and victims often lack legal recourse.”
The mechanics of these thefts are often deceptively simple. According to the FBI, cryptocurrency fraud now accounts for roughly half of all financial fraud losses. Many attacks begin in familiar ways: phishing emails, malicious advertisements, infected downloads from unofficial websites, or compromised pages that quietly install malware on a user’s device.
What is “clipper” malware?
One of the most effective tools is “clipper” malware. It monitors the contents of a victim’s clipboard and automatically replaces copied wallet addresses with ones controlled by the attacker. Given the length and complexity of crypto addresses, most users copy and paste them without scrutiny. Funds are transferred as intended, just not to the intended recipient.
More dangerous still is infostealer malware. These programs target browsers and crypto wallets, harvesting credentials, private keys and sensitive data while operating silently in the background. In 2025, infostealers contributed to record levels of ransomware and identity-based breaches, and security researchers expect their use to expand further this year as attackers refine their tools.
Defending against such threats requires vigilance rather than technical sophistication. Users are advised to stick to reputable exchanges and wallets, enable two-factor authentication, and use strong, unique passwords. Verifying wallet addresses before sending funds (ideally by double-checking pasted text and running a small test transaction) can expose clipboard hijacking before significant losses occur.
How can you protect yourself?
Some security providers are now building crypto-specific safeguards into consumer products. NordVPN, for example, has added a wallet address checker to its Threat Protection Pro service, which scans addresses locally and warns users if they are linked to known fraud or phishing campaigns.
These measures may help, but they underscore a broader truth about crypto in 2025. As institutional infrastructure improves, risk has not disappeared, it has shifted, landing squarely on individuals. For everyday holders, the weakest link is no longer the blockchain. It is the device in their hands.
