The hack of cryptocurrency exchange BigONE on July 17, 2025, resulting in a $27 million loss, arrived against a backdrop of unprecedented crypto crime. According to Chainalysis, more than $2.17 billion has been stolen from crypto services in the first half of 2025 alone, already exceeding the total for all of 2024. With Bitcoin at $119,290 and Ethereum at $3,477, the stakes for individual security have never been higher. Whether you trade on centralized exchanges, hold funds in self-custody, or simply participate in DeFi protocols, the threat landscape demands a rigorous approach to security.
The Threat Landscape
The 2025 threat environment has several distinct characteristics that set it apart from previous years:
State-sponsored actors dominate. North Korea’s Lazarus Group and affiliated units are responsible for the vast majority of stolen value. The $1.5 billion ByBit hack in February — the single largest crypto theft in history — accounts for roughly 69% of all service-related losses this year. These actors possess nation-state resources, advanced technical capabilities, and strategic patience.
Personal wallets are increasingly targeted. Compromises of individual wallets now represent 23.35% of all stolen fund activity in 2025. Attackers use phishing campaigns, fake airdrops, malicious browser extensions, and social engineering to trick users into revealing private keys or signing malicious transactions.
Stolen funds accumulate on-chain. Wallets linked to personal wallet thefts currently hold $8.5 billion in crypto that has not yet been laundered. This suggests attackers are building reserves, potentially waiting for better laundering opportunities or using the funds as operational capital.
Physical attacks are rising. Chainalysis notes a correlation between Bitcoin price movements and “wrench attacks” — physical violence or coercion against known crypto holders. As prices rise, the incentive for physical threats increases.
Core Principles
Effective crypto security rests on three foundational principles:
1. Minimize custodial risk. The fewer funds you keep on any single platform, the lower your exposure to that platform’s security failures. This applies equally to centralized exchanges, DeFi protocols, and custodial wallet services.
2. Separate access layers. Your exchange credentials, email account, two-factor authentication, and withdrawal addresses should all use different security mechanisms. A breach of any single layer should not cascade into full account compromise.
3. Assume breach mentality. Design your security posture around the assumption that any individual system can be compromised. What happens if your email is breached? Your 2FA device is stolen? Your exchange is hacked? Each scenario should have a pre-planned response.
Tooling and Setup
Hardware wallets. A hardware wallet like a Ledger or Trezor is the single most effective security investment for any crypto user. Private keys never leave the device, making remote theft virtually impossible. Store your seed phrase on a metal backup plate in a secure location — never digitally.
Dedicated email address. Create a unique email address used exclusively for crypto accounts. Enable hardware-based two-factor authentication (YubiKey or similar) on this email. If your primary email is compromised, your crypto accounts remain protected.
Authenticator apps over SMS. SMS-based two-factor authentication is vulnerable to SIM-swapping attacks, which have become increasingly common. Use an authenticator app like Authy or Google Authenticator, preferably one that supports cloud-encrypted backups so you can recover codes if your device is lost.
Withdrawal address whitelisting. Most major exchanges allow you to restrict withdrawals to pre-approved addresses with a time delay (typically 24-48 hours) before new addresses become active. This gives you a window to detect and reverse unauthorized withdrawal attempts.
Anti-phishing codes. Enable anti-phishing codes on exchange accounts. These are unique phrases included in every legitimate email from the exchange, allowing you to distinguish real communications from phishing attempts.
Ongoing Vigilance
Security is not a one-time setup — it requires continuous attention:
Review active sessions regularly. Check your exchange and email accounts for unauthorized sessions at least weekly. Revoke access for any session you do not recognize.
Monitor transaction history. Set up alerts for any transactions above a minimum threshold. Many wallets and exchanges support push notifications for withdrawals — enable them.
Update firmware and software. Hardware wallet firmware, browser extensions, and authenticator apps should be kept up to date. Security patches address vulnerabilities that attackers actively exploit.
Verify URLs obsessively. Before entering credentials on any crypto-related website, verify the URL character by character. Bookmark your frequently used sites and access them only through bookmarks. Phishing sites increasingly use lookalike domains that differ by a single character.
Beware of unsolicited contact. Legitimate exchanges and wallet providers will never ask for your seed phrase, private keys, or password via email, direct message, or phone call. Any such request is a social engineering attack.
Final Takeaway
The $2.17 billion stolen in the first half of 2025 represents a collective failure of security at both the institutional and individual level. While you cannot control an exchange’s security practices, you can control your own. The single most impactful action is to move funds off exchanges and into self-custody with a hardware wallet. Everything else — 2FA, whitelisting, anti-phishing codes — is secondary defense that reduces but does not eliminate custodial risk.
In a market where Bitcoin has crossed $119,000 and state-sponsored hackers operate with impunity, the cost of poor security is measured in real dollars. Invest the time and money in proper security now, or risk becoming a statistic in the next Chainalysis report.
This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about your digital assets.
Lazarus holding $8.5B in unlaunders funds is terrifying. they are building a war chest for something bigger
The BigONE exploit really highlights why we can’t get complacent with exchange security. Even with 2FA, session hijacking is becoming a massive threat. I’ve moved everything but my active trading stack to a multisig wallet. If you’re still keeping your life savings on a CEX in 2025, you’re basically asking for trouble.
Great write-up! I finally picked up a pair of YubiKeys after reading about the recent breaches. SMS 2FA is basically a joke at this point with all the SIM swapping going on. Stay safe out there guys, the hackers are getting way too sophisticated these days.
Honestly, how many times do we need to see these ‘record-breaking’ hacks before people actually learn? BigONE was supposed to have top-tier security, and look what happened. I don’t care how many ‘best practices’ an exchange claims to have—if you don’t hold the private keys, it’s just a digital IOU.
Elena Rodriguez hard agree on the IOU point. every hack reinforces why self-custody matters. BigONE users are learning a $27M lesson
2.17B stolen in the first half of 2025 alone and people still keep funds on exchanges. the lazarus group is literally funded by CEX users
Super helpful tips for someone like me who’s still pretty new to the space. I’ve been hearing a lot about Passkeys lately as a replacement for passwords. Do you think those are actually safer than traditional hardware tokens for exchange accounts?
passkeys are better than passwords but worse than hardware keys. the real answer is multisig with a hardware key as one of the signers
Nikolai P. multisig plus hardware key is the correct answer but try explaining multisig to someone who just bought their first BTC last week. the ux gap is the real vulnerability