CeFi and DeFi Crypto Hacks Kick Off 2025 With a Stark Reminder: It’s Still a Hacker’s Playground

According to a January 30, 2025 report by cybersecurity platform Immunefi, cryptocurrency hacks for January alone amounted to a staggering $74 million in losses.

Cryptocurrency hacks reached $74 million in January alone, with centralized finance (CeFi) platforms bearing the brunt of the losses at 93%. A single CeFi platform, Phemex, lost a staggering $69.1 million due to attackers exploiting access keys.

Meanwhile, 19 incidents targeted decentralized finance (DeFi) protocols, highlighting that even these protocols aren't off the hook. Binance's BNB Chain was the most frequently attacked blockchain, accounting for 50% of on-chain losses, followed by Ethereum with 25%.

This news comes as no surprise, given CeFi platforms' inherent vulnerabilities and the recent increase in targeted attacks. However, the extent of the losses and the involvement of both CeFi and DeFi protocols paint a concerning picture.

As Immunefi's report highlights, CeFi platforms' vulnerabilities stem from their attempt to merge Web2 and Web3 technologies. This mishmash allows hackers to utilize well-established attack vectors like phishing and exploiting vulnerabilities in centralized architectures.

Moreover, the recent compliance push, which involves expanding operational surfaces to include layers of identity verification and centralized databases, has further opened doors for attackers to exploit.

On the other hand, DeFi protocols' vulnerabilities largely arise from the breakneck speed at which they're developed and deployed.

Developers often prioritize launching products quickly to join the race for funding, liquidity, and investor attention, which leaves behind a backlog of vulnerabilities that are exploited post-launch.

According to Immunefi's report, BNB Chain and Ethereum Hacks remained at the center of crypto exploit incidents in January. Both chains, being the most popular, host thousands of projects, creating sprawling digital ecosystems that are exponentially more complex than smaller blockchains.

This complexity introduces an endless stream of bugs and vulnerabilities at both the smart contract and protocol levels. Hackers don’t need to break into the entire chain—they just need one poorly written contract to exploit a dApp.

Both networks have doubled down on security initiatives; Ethereum introduced account abstraction while BNB Chain recently implemented the BEP-171, a hard fork designed to enhance chain security.

Immunefi reported 19 security incidents in DeFi space, including notable protocol exploits pointing to lingering vulnerabilities in nascent projects. While DeFi accounted for only 6.5% of total losses, this smaller figure is misleading, it only means DeFi flies under the radar until a catastrophic exploit occurs

Collectively, these crypto hacks in January served as a stark reminder that both CeFi and DeFi platforms still have a long way to go in terms of security. Despite the smaller losses compared to January 2024, the frequency and scale of these incidents remain a cause for concern.

As the crypto industry continues to evolve and astronomical sums of money are at stake, it's imperative that both users and platforms prioritize security measures to minimize the impact of these attacks.