The three major hacks of January 2025 include the following:

• Moby Trade: The January 2025 hack of Moby Trade was a classic case of a compromised private key. This stolen key allowed the attacker to perform malicious upgrades to the project’s smart contract and steal an estimated $2.5 million. However, the attacker made the same mistake as the project — leaving the upgrade function of the malicious contract unprotected — allowing a whitehat researcher to retrieve $1.5 million of the stolen crypto.

• Phemex: Phemex is a Singaporean centralized exchange that suffered a hack affecting its hot wallets across sixteen blockchains. The hack — likely involving compromised private keys as well — allowed the attacker to drain an estimated $73 million in various tokens, which were quickly swapped to unfreezable tokens.
  

• AdsPower: For a few days in January 2025, some of the plugins distributed by AdsPower — an antidetect browser developer — were replaced with infostealing malware. Users who installed or updated the plugins between January 21st and 24th had private keys stolen by the malicious code within the project’s wallet management tool. In total, an estimated $4.7 million was stolen from five wallets.

Compromised private keys were a common thread running through all of the biggest DeFi hacks of January 2025. In the Moby hack, the attacker was able to use the access provided by these keys for a malicious smart contract upgrade and token theft. The Phemex CEX and AdsPower users lost control over keys that allowed the attacker to drain crypto directly from their hot wallets.

This focus on attacks involving compromised private keys aligns perfectly with our expected attack trends of 2025. As smart contract security audits and coding best practices become more common in the DeFi space, attackers are increasingly focused on stealing the keys that are the root of trust on-chain. To learn more about securing your private keys, check out these private key security best practices.