Criminals are increasingly targeting individual crypto users both online and in the physical world, a new report has concluded, listing possible reasons behind these worrying trends.
In its 2025 Crypto Crime Mid-year Update, blockchain analysis firm Chainalysis said that 23.35% of all stolen fund activity this year is attributed to thefts targeting personal wallets.
Besides the growing prices of bitcoin (BTC) and some other crypto assets this year, which attracts more criminals, several reasons might be behind this trend of targeting individual users.
According to Chainalysis, as crypto companies improve their security, attackers turn to individuals. Moreover, the growing value of crypto assets and the number of holders make these targets more lucrative. Additionally, criminals are increasingly using easy-to-deploy AI-enabled tools that help employ more sophisticated targeting techniques.
"So far in 2025, the US, Germany, Russia, Canada, Japan, Indonesia, and South Korea top the list of highest victim counts per country, whereas Eastern Europe, MENA, and CSAO saw the most rapid H1 2024 to H1 2025 growth in victim totals," Chainalysis said.
Cyber thieves eye bitcoin the most
The report also found that while BTC holders are less likely to fall victim to targeted theft than individuals holding assets on other blockchains, bitcoin theft accounts for a substantial share of stolen value. BTC is the biggest crypto asset by market capitalization, while its share in the market currently stands around 60%. Moreover, as the analysts noted, attackers are deliberately targeting higher-value individual BTC holdings.
At the same time, the number of individual victims is increasing on other blockchains. For example, the analysts found that there's a "concerning escalation in anomalous stolen funds events targeting MetaMask users throughout late 2024 and escalating into 2025."
MetaMask is the most popular ethereum (ETH) wallet that also supports multiple other crypto assets. The data shows that some MetaMask incidents affected almost 500 victims per day in late 2024 and early 2025.
As the target pool is growing, criminals exploit vulnerabilities within the wallet software and issues with third-party infrastructure, such as compromised browser extensions or malicious applications.
However, a "particularly disturbing" subset of attacks on individuals is physical violence or coercion against crypto users. Data shows that 2025 is on track to have potentially twice as many physical attacks as the next highest year on record, while the numbers might be "far higher" as many attacks are unreported.
The ByBit breach was a stepping stone for cybercrime
The DPRK’s ByBit hack was the one to make the biggest impact on the 2025 threat landscape.
This one incident, valued at $1.5 billion, was the largest crypto theft in history and therefore accounted for approximately 69% of all funds stolen from services this year. It also comes in the context of a broader pattern of North Korean cryptocurrency operations, which have become increasingly central to the regime’s sanctions evasion strategies.
They include laundering stolen crypto through mixers, using stolen identities to open foreign exchange accounts, and converting digital assets into hard currency to bypass international sanctions.
Last year, known DPRK-related losses made 2025 the country’s most successful year so far.
“The attack method seemed to use advanced social engineering tactics, resembling those seen in past North Korean (DPRK) operations, such as infiltrating crypto platforms via compromised IT staff. This strategy has been highly effective – recent UN reports reveal that Western tech companies have unknowingly employed thousands of North Korean workers,“ the report states.
Your email address will not be published. Required fields are markedmarked