This report is an excerpt from the EOY Report we published together with OAK Research and Hazeflow in collaboration with Kraken.

2025 was a year of paradoxes. While institutional legitimacy grew, the industry simultaneously witnessed a routing of wealth from unsophisticated users to a new class of “pvp“ (player-vs-player) participants. We saw the industrialisation of insider trading, a wave of celebrity-endorsed pump-and-dump schemes, and sovereign-level hacks.

But the losses weren’t just due to greed; they were also due to failure. From the collapse of trusted DeFi protocols to the staggering $1.5 billion exploit of Bybit, 2025 proved that while the technology is maturing, the security practices that back it often remain fragile.

This section is all about the scams and hacks that happened this year, what we learnt, how we reacted to them, and why we kept falling for the same scam multiple times.

Memecoins, Pumpdotfun, Insider Trading, and More

Pumpdotfun solidified its place in crypto in mid-2024. The idea of the platform was to abstract the process of creating coins into a frontend, and they succeeded well. The platform generated over $900 million in revenue, peaking in late last year and early this year. This golden period of the platform accounted for a significant share of its net revenue, driven by several memecoin and AI project launches. The activity after those months seems sustained through November, with $40 million in revenue.

The moment when the platform generated the most revenue coincided with suspicious activity onchain, and more generally speaking, crime. Tokens launched on the platform were almost instantly dumped to zero. Most of these token launches were absolute scams, and none of them were actually long-term oriented. With this, the platform’s “livestream” feature also contributed to the chaos, as coin developers would perform wild stunts to pump their coins, turning it into a dystopian trend (watch ‘Common People’ Black Mirror episode on Netflix). The platform later closed this feature and relaunched it in Q2-Q3 2025 in a phased rollout, with better moderation and stricter policies prohibiting violence, harassment, and illegal activities.

Reflecting on the quality of launches on the platform, the majority of the coins (>99%) have a market cap of less than $100k. Given the nature of crypto, these stats were expected from the platform, but they still show how driven by greed people were and how they believed they could build wealth from such coins.

Seeing this retail demand and everyone buying into memecoins and new token launches in the hope of making it big, there were some significant cases of insider trading involving large memecoins. One such case was the Libra token, and dozens more followed. If you were active on CT during that time, you might recognise this phrase, “Yeah, we’re trying to max extract on this one” said by the one and only Hayden Davis in a group chat.

On that note, the celebrity coins weren’t a standalone launch; they were often orchestrated by players like “Sahil Arora,” who assisted celebrities (including Caitlyn Jenner, Rich the Kid, and more) with the entire process of launching the coin, hyping it, and dumping it on their audience.

The industry had its fair share of snipers lurking around every token launch, who would buy a significant share of the token supply early when liquidity was thin and then sell slowly, making a profit. In contrast, insider trading is even more lethal because a few individuals gain early access to the token launch, make massive purchases, and sell later for a profit. While sniping has the edge of code, insider trading has the edge of information. This information arbitrage is what makes such trades highly profitable, especially with celebrity coins. These insiders usually make the buys before the official announcement and make a good buck because, post-announcement, the token skyrockets in valuation with retail traders buying in.

This same script was used repeatedly with different celebrity coins, where insiders extracted funds from retail investors. But in the end, users stopped paying any attention to such launches and considered them scams in the first place. Their initial decision not to consider them a fraud was due to the success of the Trump token, which in one day reached ~$14.5 billion in valuation, and to the fact that most onchain users were not positioned, as they initially considered it a scam. It wasn’t the case that the Trump token was always an “up-only” chart, but it wasn’t as malicious as others.

The Year of Major Hacks

This year was different in another way: in previous years, we didn’t see many legacy DeFi protocols get hacked. However, this year, we saw some excellent protocols targeted by exploiters. The two most significant events include GMX V1 and Balancer V2, each of which was hacked for $42 million (later recovered) and over $120 million, respectively. Hackers also stole over $220 million in a single attack, prompting Sui chain validators to intervene during the Cetus hack and raising questions about the immutable nature of blockchains. Still, for the users who got their funds back, that’s what matters.

On the other side of the fence, we saw one massive centralised failure: Bybit saw exploiters withdraw ~$1.5 billion, and an Iranian exchange, Nobitex, was targeted by pro-Israel hackers and lost $100m in funds.

This year was unusual, with many tail events taking DeFi and CeFi by storm and in total, we recorded a loss of ~$3 billion, exceeding last year’s numbers. In most attacks, DPRK appears to be the primary exploiter, funding its regime via crypto hacks.

On the other hand, if you look at the fraction of TVL that gets hacked on Ethereum, it’s decreasing. We are moving into the “Low Risk DeFi” phase, as Vitalik mentioned in his article in September this year.

As DeFi grows, the risk of participation is decreasing. As this risk decreases, we are moving towards the next phase of adoption, enabling us to serve the global permissionless finance market. Nonetheless, the DeFi hacks happening throughout the year still highlight the tail risk that we are all exposed to. However, as the ecosystem grows, more traditional tools get their opportunity to be introduced: isolation, insurance. A great example of this is the Aave app, which is going to onboard many new users into DeFi with better coverage and insurance than traditional banks, aligning Aave as the onchain bank.