Crypto investors lost over $2.1 billion to hacks and exploits in the first half of 2025, marking the worst six-month period on record for crypto security and an indication of some nation-states intensifying their cyber campaigns in the crypto space.
The 75 recorded incidents crossed the previous H1 high from 2022 by roughly 10% and nearly match the entire 2024 total, a TRM Labs report released Friday said. But raising alarms is who is doing a major part of the stealing.
Researchers say North Korean-linked groups are responsible for $1.6 billion, or 70% of all stolen funds this year.
At the center of the surge is the $1.5 billion Bybit hack in February, now believed to have been carried out by North Korea, marking the largest crypto theft in history and skewing the year’s average hack size to $30 million — or double last year’s levels.
The threat isn’t limited to Pyongyang. On June 18, a group believed to be linked to Israel, Gonjeshke Darande (Predatory Sparrow), stole $90 million from Iranian exchange Nobitex, reportedly in retaliation for the platform’s alleged role in sanction evasion.
The stolen funds were sent to vanity addresses (which are un-spendable by design and sent tokens are deemed burnt), suggesting a political motive over profit.
Attack vectors are evolving fast. Over 80% of stolen funds stemmed from infrastructure-level breaches, including private key thefts and front-end hijacks.
These attacks, often involving social engineering or insider access, are proving to be ten times more lucrative than traditional smart contract exploits. DeFi vulnerabilities, including flash loan and reentrancy attacks, which were prevalent in 2021-22, accounted for a relatively small 12% of the losses.
Read more: North Korean Hackers Are Targeting Top Crypto Firms With Malware Hidden in Job Applications