The speed of crypto theft has reached alarming levels
I was looking at the Global Ledger report from 2025, and honestly, the numbers are pretty startling. Hackers are now moving stolen cryptocurrency in as little as two seconds after an attack begins. That’s faster than most people can even process what’s happening. In most cases, they’re shifting assets before victims even get a chance to disclose the breach publicly.
This isn’t just a few isolated incidents either. The report analyzed 255 crypto hacks worth $4.04 billion, and found that 76% of these attacks saw funds move before any public disclosure. That number actually increased to 84.6% in the second half of the year. So it’s becoming more common, not less.
The laundering process has changed
What’s interesting though is that while the initial transfer happens almost instantly, the full laundering process actually takes longer now. On average, hackers needed about 10.6 days in the second half of 2025 to reach their final deposit points like exchanges or mixers. That’s up from roughly eight days earlier in the year.
I think this shows something important about how the ecosystem has evolved. Once an incident goes public, exchanges and blockchain analytics firms start labeling addresses and increasing their scrutiny. So attackers have adapted. They break funds into smaller pieces and route them through multiple layers before attempting to cash out.
Bridges have become the main highway
Nearly half of all stolen funds, about $2.01 billion, moved through cross-chain bridges. That’s more than three times the amount routed via mixers or privacy protocols. In the Bybit case alone, 94.91% of stolen funds flowed through bridges.
At the same time, Tornado Cash regained some prominence. The protocol appeared in 41.57% of hacks in 2025, and its usage share jumped sharply in the second half of the year. The report mentions sanctions changes as a possible factor here.
What’s also notable is that direct cash-outs to centralized exchanges fell sharply in the second half of the year. DeFi platforms received a rising share of stolen funds instead. It seems attackers are avoiding obvious off-ramps until attention fades.
The scale of the problem remains massive
Ethereum accounted for $2.44 billion in losses, or 60.64% of the total. That’s a huge portion, though perhaps not surprising given its market position. Overall, $4.04 billion was stolen across those 255 incidents.
The recovery rates are pretty dismal too. Only about 9.52% of funds were frozen, and 6.52% were returned. Nearly half of all stolen funds remained unspent at the time of analysis, which means billions are just sitting in wallets, potentially waiting for future laundering attempts.
So what we’re seeing is a clear pattern emerge. Attackers operate at machine speed in those first critical seconds after a breach. Defenders respond later, which forces criminals into slower, more staged laundering strategies. The race hasn’t ended—it’s just entered a new phase where the start is measured in seconds, and the finish takes days.
