Topic: Crypto · Type: Timely · Reading time: ~6 min

Bitcoin hit an all-time high of $126,000 in October. Then the market lost a third of its value in five weeks. Also in 2025: North Korea stole $1.5 billion in a single afternoon, the US passed its first federal crypto law, and Texas became the first state to actually buy Bitcoin with public money. If you're trying to figure out what any of this means for you as an investor, this is the clearest summary we can give you.

The year crypto stopped being retail-driven

Here's the thing most year-in-review pieces miss: 2025 was the year everyday investors became a secondary force in crypto markets. The primary drivers — Bitcoin's rally to $126,000, its subsequent 35% collapse, the ETF inflow surges and sudden reversals — were overwhelmingly institutional.

Spot Bitcoin ETFs attracted nearly $26 billion in net inflows across 2025. BlackRock's iShares Bitcoin Trust alone crossed 773,000 BTC held. These are not retail traders. These are institutional allocators who buy on macro signals, trim on macro fears, and don't care about Bitcoin's four-year halving cycle the way early adopters do.

The consequence? Bitcoin in 2025 behaved less like a speculative bet on the future of money and more like a high-beta tech stock. When tariff fears rattled equity markets in April, Bitcoin fell 30% alongside Nasdaq. When macro optimism returned in summer, both recovered in tandem. The "digital gold" thesis — the idea that Bitcoin is uncorrelated from traditional markets — remains, to put it diplomatically, a work in progress.

Worth knowing: JPMorgan described the shift bluntly: crypto is moving "from a venture capital style ecosystem to a typical tradable macro asset class supported by institutional liquidity rather than retail speculation."

For retail investors, this isn't necessarily bad news. Deeper institutional participation means better liquidity, tighter spreads, and exchanges that are less likely to vaporise overnight. But it does mean price action is harder to predict from on-chain signals alone. Bitcoin now responds to Fed minutes.

The Bybit hack: $1.5 billion, and why cold storage didn't save it

On 21 February 2025, hackers linked to North Korea's Lazarus Group stole approximately $1.5 billion in Ethereum from Bybit — the largest cryptocurrency theft in history, surpassing everything that came before it including Mt. Gox and FTX combined.

The technically alarming detail: Bybit was using a cold wallet. Cold storage is supposed to be the gold standard of crypto security — assets held offline, disconnected from the internet, requiring physical authorisation. The attackers didn't break the cryptography. They socially engineered the signing process, tricking Bybit's multi-signature authorisers into approving a malicious contract change. Within 48 hours, an estimated $160 million had already been laundered.

Bybit confirmed it remained solvent. No users lost funds. But that near-miss buried an important lesson: the weakest point in any crypto custody setup isn't the encryption — it's the humans who authorise transactions. Phishing, malware, and supply-chain attacks on wallet management software now represent a bigger threat than brute-force hacks.

For individual investors who use centralised exchanges to hold crypto, the Bybit incident is a reminder that "fully solvent" is not a guarantee — it's a statement made after the fact. Custodial risk is real. Understanding the difference between holding assets on an exchange versus in a wallet you control is not a technicality. It's one of the more consequential decisions you'll make.

The GENIUS Act: what America's first crypto law actually does (and doesn't do)

On 18 July 2025, President Trump signed the GENIUS Act into law — the first significant piece of federal crypto legislation in US history. The headlines called it a landmark. The reality is narrower, but still meaningful.

The Act covers stablecoins specifically. It requires that any "payment stablecoin" — a dollar-pegged token like USDT or USDC — be backed 1:1 by liquid assets such as actual US dollars or short-term Treasury bills. Issuers must publish monthly reserve disclosures and submit to independent audits. In the event of insolvency, stablecoin holders' claims take priority over other creditors.

Critically: the Act explicitly states that payment stablecoins are not securities or commodities. This matters enormously for exchanges and DeFi protocols, which spent years in legal limbo under an SEC that used enforcement rather than rulemaking to define the rules.

What the GENIUS Act does not do: it says nothing about Bitcoin, Ethereum, or any non-stablecoin token. The broader Clarity Act — which would address those — passed the House but was still being debated in the Senate at year-end. The full regulatory picture for crypto markets remains incomplete.

For European investors: the EU's MiCA regulation (Markets in Crypto-Assets), which came into full effect in late 2024, is actually more comprehensive. MiCA covers a wider class of digital assets and includes requirements for crypto service providers operating in EU member states. If you hold crypto with a platform that is MiCA-licensed, you have more consumer protections than you might realise. If your platform isn't MiCA-compliant, that's worth investigating.

Memecoins, leverage, and the Q4 unravelling

Bitcoin's peak at $126,000 on 6 October didn't last a week. By early November, the market had shed over 35%, with Bitcoin briefly touching $81,000. The proximate cause: an unwind of heavily leveraged derivatives positions. When forced selling started, it cascaded.

The same dynamic played out in the memecoin corner of the market. The TRUMP token — launched by Donald Trump himself in January, achieving a multi-billion dollar market cap on pure political sentiment — became a case study in how these instruments work and who ends up holding the bag. Retail investors who bought in after the initial surge largely didn't profit. The pattern was familiar to anyone who watched the 2021 NFT cycle or any prior memecoin run: early insiders capture most of the upside; late retail buyers absorb the drawdown.

This is not a warning against all speculative crypto investment. It is a reminder that understanding how much of your portfolio belongs in crypto requires being honest about which crypto, and acknowledging that a token launched by a sitting US president on political sentiment is not the same asset class as Bitcoin.

Worth knowing: Leveraged ETF products tied to crypto — including some Strategy Inc.-linked products — fell as much as 80% during the Q4 correction. These are products marketed to retail investors.

What this means for your portfolio

Here's the honest read on 2025: it was a year of structural maturation paired with the same old speculative excesses in different packaging.

The structural progress is real. Regulated ETFs, the first federal stablecoin framework, deeper institutional custody infrastructure, and Ethereum's Pectra upgrade reducing gas fees to seven-year lows — these are durable changes. The crypto ecosystem is better built than it was five years ago.

But the volatility hasn't gone anywhere. Two 30%-plus corrections in a single year, a $1.5 billion hack at a major exchange, and a memecoin launched by a head of state — none of these suggest an asset class that has outgrown its speculative roots.

The practical takeaway: if you hold crypto, the 2025 question isn't whether you were right to hold it. The question is whether you understood why you held it and sized the position accordingly. An allocation of 3-5% of a diversified portfolio gives you meaningful exposure to crypto's upside without the portfolio-level damage that follows a 35% drawdown in your largest position. For deeper context on how crypto regulation in 2025 is reshaping the rules for investors, the regulatory picture is filling in — but it isn't finished. Acting as if it is would be premature.

2026 will likely be defined by whether the Clarity Act passes, whether Bitcoin ETF inflows resume at scale, and whether institutional participation stabilises prices or just changes who causes the crashes. The honest answer is nobody knows. What 2025 proved is that crypto's risks have evolved, not disappeared.