As the wave of digitisation washes across the globe, open source software proliferates, and the sheer value of data continues climbing, cyberattacks are becoming one of the biggest threats to financial stability. In the past 12 months, consumers, financial institutions (FIs), and entire industries fell victim to massive cyberattacks by highly sophisticated criminal rings and technologies.

With 2025 drawing to a close, I look back at the most impactful cybersecurity breaches of the year – and consider what lessons, if any, have been learned.

1. The crypto heist

This year saw a record number of financial thefts and ransomware disruptions. One of the most striking cybercrimes of 2025 was the digital heist of Bybit, the global cryptocurrency exchange founded in 2018. It remains the largest crypto exchange hack ever.

Through social engineering tactics – and by compromising a third-party wallet provider to authorise fraudulent transactions – around $1.5 billion in Ethereum was siphoned from Bybit’s wallets in February 2025. So great was the fallout that the FBI investigated and soon attributed the attack to Lazarus Group – a North Korea–linked operation. The heist triggered market price disruptions and raised serious regulatory questions in the crypto world.

Lessons learned: Ransomware, data theft, and crypto heists are delivering millions – and sometimes billions – of dollars to cybercriminals. These attacks are part of a well-funded, professional industry, sometimes backed by nation states and conducted as a form of hybrid warfare. When it comes to crypto heists, attackers are often operating across borders, and the stolen digital currencies are easy to launder – which makes these crimes extremely challenging to prosecute. In order to protect crypto platforms, traders, and the wider markets, regulators and governments must collaborate to ensure transparency and traceability of funds and that appropriate safeguards are established.

2. The data breach

The leaking of sensitive, confidential, or personal information by unauthorised entities was another key cybersecurity trend in 2025.

Indeed, a number of vendors shouldered highly disruptive data breaches. On 29 May 2025, the leading global provider of legal, regulatory, and business information, analytics, LexisNexis, announced that a data breach at a third-party provider had exposed the personal information of over 364,000 individuals. Writing to potential victims, the firm said that an unauthorised party may have gained access to names and sensitive contact information, such as phone numbers, postal or email addresses, social security numbers, drivers' license numbers and dates of birth. In response, LexisNexis called in external cybersecurity experts and notified law enforcement.

On 28 August 2025, the credit bureau TransUnion went public on a data breach that exposed the personal information of over 4 million consumers. In reporting the breach to law enforcement agencies, TransUnion said the hackers penetrated the firm’s defences via a third-party application storing customers’ personal data for its US consumer support operations.

On 9 September 2025, Canadian wealth management platform, Wealthsimple, said that a security breach had left the personal information of some of its customers compromised. Contact details, government IDs, financial information – such as account numbers, IP addresses, social insurance numbers, and dates of birth – were all exposed in the breach, which impacted less than one per cent of the firm's three million customers. Fortunately, no cash was stolen or passwords lifted, and all accounts remained secure.

Lessons learned: Clearly, the attack techniques of cybercriminals are improving faster than firms’ defences. With malicious tools now readily available open source on the black market, it is time for financial entities to start seriously investing in layered cyber defences. This includes robust authentication and access controls, continuous monitoring and threat detection, and across-the-board encryption. Deeper employee security training, backup systems and recovery plans – including customer communication strategies – and supply chain security checks are also becoming a must.

3. Whaling and deepfake scams

Use cases for artificial intelligence (AI) shot up in 2025 – for both FIs and cybercriminals. Through a technique known as deep learning, AI can automatically generate text, audio, and even video files. Attackers quickly recognised the potential of this innovation and began using the technology to impersonate individuals known to their victims, in order to steal cash. Sadly, victims are often unable to recognise these so-called AI ‘deepfakes’ as a scam and comply with the criminals’ requests.

The deepfake scams that are most profitable are those which impersonate high-level executives, in a process known as whaling. In this scenario, cybercriminals will generate deepfake video calls from c-suite individuals which request that employees authorise large financial transfers on their behalf.

On 13 March 2025, Singapore authorities warned businesses of a rise in these scam video calls. The Singapore Police Force (SPF), Monetary Authority of Singapore (MAS) and Cyber Security Agency of Singapore (CSA) said countless victims are receiving unsolicited WhatsApp messages from scammers claiming to be executives from the company that the victims work for, inviting the employee to join a live-streamed Zoom video call. During the calls, victims are instructed to transfer substantial amounts of funds from their company’s corporate bank accounts to designated bank accounts under the pretext of business payments – such as project financing or investments. Some victims were even asked to disclose personal information such as NRIC and passport details.

Lessons learned: Authorities have advised businesses to establish clear protocols for employees to verify the authenticity of any video calls or messages – particularly those purportedly from senior executives or key stakeholders, and to check for tell-tale signs that could suggest the manipulation of the audio or video through AI technology. Clearly, human behaviour is now the weakest link in technology systems. Social engineering tactics are highly effective in targeting employee emotions like urgency, fear, or authority. Some of the biggest cybersecurity incidents of 2025 began not with hacking, but with tricking an individual. Awareness must outpace this threat.

2025: New threats, new defences

One of the side effects of digitisation is that most financial entities can now be compromised by criminals from anywhere on the planet. Armed with readily available attack tools, these criminals have more to gain from stealing data than ever before. This puts every layer of the financial services landscape at risk – from governmental institutions to central banks, to vendors, to individual consumers.

Meeting this hybrid threat demands a patchwork of solutions, including tighter crypto regulations, concerted data security investment, as well as educational programmes for consumers and employees, so that suspicious activity can be flagged early. Oftentimes, a vendor will be compromised via a third-party provider – so supply chain checks are key.

Many of Finextra’s 2025 cybersecurity news stories ended with a similar message: that vendors were obliged to seek external expertise to effectively respond to a breach. If sensitive data and systemic financial stability is to be ensured, it is time for entities to begin training in-house cybersecurity professionals – and tackling this issue head on.