Cyber Incident Victim: Cetus
Date:
Jan 2025
Location:
—
Summary
A decentralized exchange, Cetus DEX, experienced a theft of $223 million as part of a broader wave of cryptocurrency breaches attributed primarily to North Korean government hackers, who collectively stole approximately $2.7 billion through multiple high-value attacks. This group, identified as highly professional and persistent, targeted several platforms including a major centralized exchange where $1.4 billion was stolen, alongside other incidents involving losses of $128 million and $73 million from different protocols. The stolen funds reportedly support North Korea's sanctioned weapons programs, continuing a multi-year trend of escalating crypto thefts targeting exchanges and DeFi infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In 2025, decentralized exchange Cetus suffered a theft of $223 million in cryptocurrency, part of a record-breaking $2.7 billion in total crypto-asset thefts that year. The incident occurred amid escalating attacks targeting cryptocurrency exchanges and decentralized finance (DeFi) platforms, with North Korean state-sponsored hackers identified as the primary perpetrators across multiple major breaches. Cetus’s loss ranked among the year’s largest incidents, alongside a $1.4 billion attack on Bybit, a $128 million breach of Balancer protocol, and a $73 million hack of Phemex exchange. Blockchain analytics firms Chainalysis, TRM Labs, and REKT database operator De.Fi independently confirmed the $2.7 billion annual theft figure, with Chainalysis noting an additional $700,000 stolen from individual wallets. The FBI and cybersecurity analysts attributed at least $2 billion of the 2025 thefts to North Korean operatives, continuing a pattern of crypto heists funding the country’s nuclear and ballistic missile programs since 2017, totaling over $6 billion.
The Cetus breach contributed to a sustained multiyear surge in crypto theft, following $2.2 billion in losses during 2024 and $2 billion in 2023. No technical specifics of the Cetus attack methodology were disclosed in public reports, though industry experts emphasized systemic vulnerabilities across DeFi platforms. The incident underscored the persistent threat posed by sophisticated nation-state actors to cryptocurrency infrastructure, with North Korean groups demonstrating particular proficiency in targeting exchanges. Broader 2025 attack patterns revealed concentrated thefts from centralized exchanges like Bybit alongside decentralized protocols such as Cetus and Balancer, reflecting diversified attacker strategies. Historical context showed the 2025 totals far exceeded previous record thefts of $624 million (Ronin Network, 2022) and $611 million (Poly Network, 2022). Cybersecurity firms and law enforcement agencies continued monitoring these threats without disclosing Cetus-specific remediation efforts or attribution details beyond the collective North Korean involvement in major 2025 crypto crimes.