Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cryptocurrency hackers now move stolen funds within just two seconds of starting an attack. In most cases, they transfer the assets before the victims disclose the breach.
This is the clearest finding from a Global Ledger 2025 analysis of 255 cryptocurrency hacks worth $4.04 billion.
Sponsored
Sponsored
Blink and disappear: digital coin laundering now begins before detection
The speed is amazing. Second For the Global Ledger website76% of hackers saw the money move before public disclosure, increasing to 84.6% in the second half of the year.
This means that attackers often act before exchanges, analytical companies, or law enforcement can coordinate a response.
However, speed only tells part of the story.
While the first transfers are now almost instantaneous,… Complete wash There is longer.
On average, hackers need about 10.6 days in the second half of 2025 to reach the final deposit points, such as exchanges or mixing, from about eight days earlier in the year.
In short, the run is faster, but the marathon is slower.
Sponsored
Sponsored
This change reflects an improvement in post-disclosure monitoring. Once incidents become public, exchanges and blockchain analytics companies make headlines and increase scrutiny.
As a result, attackers break funds into smaller pieces and pass them through multiple layers before attempting to withdraw money.
The speed of hacking has increased, but the speed of laundering cryptocurrencies has become slower. Source: Global Ledger
Sponsored
Sponsored
Bridges, associations, and the long way to withdraw money
Bridges have become the main road for this process. Almost half of the stolen money, about $2.01 billion, was transferred via… Crossed chain bridges.
This is more than three times the amount that is routed through mixers or privacy protocols. in The Baybit case only,94.91% of the stolen funds went through the bridges.
At the same time, Tornado Cash has regained fame. The protocol appeared in 41.57% of hackers in 2025. The share of its use jumped sharply in the second half of the year, after the changes in sanctions noted in the report.
Meanwhile, direct cash withdrawals from central exchanges declined sharply in the second half. DeFi platforms have received an increasing share of stolen funds. Attackers seem to avoid obvious rocks until attention fades.
Sponsored
Sponsored
It should be noted that about half of the stolen funds were unspent at the time of the analysis. That leaves billions of dollars in reserve wallets, potentially awaiting future money laundering attempts.
The scale of the problem remains serious. Ethereum incurred Losses amounting to $2.44 billion, equivalent to 60.64% of the total.
Overall, $4.04 billion was stolen in 255 incidents.
However, recovery remains limited. Only about 9.52% of the funds were frozen, and 6.52% were returned.
When the results are taken together, they show a clear pattern. Attackers now operate at machine speed in the first few seconds after a breach.
Later, the defenders strike, forcing the criminals to adopt slower and more deliberate laundry strategies. The race isn’t over yet. You have simply entered a new phase – measured in seconds at the beginning, and days at the end.
