In the first half of 2025, crypto crime accelerated in volume and velocity, as an unprecedented $3 billion of digital assets were reported as stolen across 119 verified hacking events.[1] The rapid theft and laundering of these funds is closing the response window for exchanges, custodians and their respective banking partners.
As asset managers and banks deepen their exposure to tokenized assets and have custody partnerships, the operational gap between traditional finance and decentralized finance decreases. Vulnerabilities now extend to traditional financial institutions. Implications regarding the rise of digital assets crime encompass more businesses than ever; incident response teams, vendor oversight and insurance coverage all must keep pace with a market where speed and complexity define the risk landscape.
Funds from 23% of crypto hacks were fully laundered before public disclosure.
Laundering can occur within minutes of theft; stolen assets from only 4.2% of hacks were recovered in H1 2025,[2] due to the complexity of multi-chain laundering. Therefore, operational resilience must be heightened through real-time monitoring, automated legal and compliance workflows and incident response to reduce loss likelihood and improve notification speed. These strategies also support insurance claims by providing evidence quality in recovery efforts, and it’s important for policy wordings to provide affirmative coverage for digital assets from a crime insurance context.
For the first half of 2025, half of all funds stolen from services came from a single incident: North Korea’s $1.5 billion hack of ByBit.[3]
Due to limited regulated custody options in Web3, crypto activity is heavily concentrated in a small number of centralized and decentralized exchanges where firms use them for fiat on/off ramps, treasury and cross-chain swaps. Smart contract vulnerabilities also pose a growing threat, as exploits in poorly audited contracts can result in unauthorized fund transfers or frozen assets. These risks can be addressed by diversifying providers and vendors and ensuring governance and compliance under regulatory frameworks like Markets in Crypto Assets Regulation (MiCAR).[4]
Private wallet theft and ransomware also remain key areas of cyber-related exposure. Ransomware attackers extorted approximately $460 million in cryptocurrency in H1 2025,[5] although ransomware payments fell 35% in 2024,[6] suggesting sustained impact from improved cybersecurity protocols and targeted law enforcement disruptions. As these threats evolve, so do regulatory requirements. New stablecoin rules in the U.S. and Hong Kong aim to improve transparency and compliance to address illicit finance.[7] For firms navigating this landscape, risk mitigation now demands more than technical resilience against threats; it requires regulatory alignment to remain insurable and operational.
2025 is on track to have twice as many physical attacks as the previous year.[8]
We’ve touched singularly on digital crypto-related crime, but 2025 has seen multiple kidnap and ransom (K&R) incidents, which have targeted senior figures in the cryptocurrency industry across Asia, Europe and North America. The increase in security by online crypto trading services may be a factor that’s led to the increase in the trend of malicious actors targeting individual wallet holders instead, employing violence and coercion. Appreciation in digital assets like Bitcoin and the ease and decentralized nature of transferring cryptocurrency comes with a higher risk of physical attacks. As this article explains, the coverage of these “special risks” provide essential assistance in guiding victims, families and employers through the safe resolution of abductions, including reimbursement of ransom where necessary, underscoring how insurance has become a critical pillar in managing this emerging threat.[9]
This is aligned with a trend across the tech industry, where security budgets for the CEOs of 10 big tech companies rose by more than $45 million in 2024.[10] It’s becoming increasingly paramount to assess your exposure to physical extortion, coercion and limit public visibility of crypto wealth through personal security and wallet access controls. Recent developments underscore the need to think beyond cyber threats and evolve risk frameworks accordingly to have strategic multiple layers of protection.
Addresses involved in illicit activity received $40.9 billion in total inflows in 2024.[11]
The rise in organized crime, as seen in the increase in crypto-related K&R incidents, reflects a broader trend in the highly professionalized ecosystem of crypto crime in 2025. Stolen funds from hacks of private keys accounted for 43.8% of stolen crypto in 2024 remain the dominant source of illicit inflows. Furthermore, the role of nation states in cryptocurrency theft has expanded while organized criminal entities continue to facilitate stolen funds. Scams and fraud are scaling rapidly, particularly pig butchering,[12] where criminals build trust before defrauding victims.[13] Personal wallets remain a critical vulnerability, as attacks targeting individual users have made up around 23% of all stolen fund activity this year.[14] Conducting regular security audits will demonstrate proactive risk management and demonstrate robust security governance, strengthening eligibility for insurance coverage.
As the threat landscape surrounding crypto crime continues to evolve, risk managers must adapt their frameworks accordingly and remain proactive. With the rise in physical threats and rapid methods of attack, including hacks of centralized exchanges, ransomware or scams, crypto crime is increasingly sophisticated and demands immediate responses. Ensure that your policy coverage and limits are tailored to your actual exposure and stay informed to emerging threats. Clear policy wording is essential.
While the digital assets space offers immense growth potential, that opportunity must be matched with preparedness. Partnering with a risk advisor who understands both digital and physical crime risks coupled with a robust multi-class insurance program can provide the guidance and protection needed to future-proof your operational resilience.
WTW hopes you found the general information provided here informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, WTW offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).
