|
Getting your Trinity Audio player ready...
|
About $2.1 billion worth of cryptocurrency has been stolen in the first half of 2025 across at least 75 hacks and exploits, a new report by blockchain intelligence firm TRM Labs has revealed.
This marks a 10 percent increase over the previous first-half record set in 2022 and nearly matches total crypto thefts in all of 2024. According to the firm, the crypto ecosystem is under siege not just from traditional cybercriminals, but from state-sponsored actors weaponising digital assets for geopolitical and strategic ends.
The biggest event of the year so far was the $1.5 billion theft from Dubai-based exchange Bybit in February, the largest crypto hack in history, which TRM Labs attributes to North Korean state actors.
The incident alone accounted for nearly 70 percent of total losses in H1 2025 and pushed the average hack size to $30 million, double the average in the same period last year.
Read also: Pro-Israel hackers take credit for $90 million lost in Iran’s largest crypto exchange
The Bybit attack redefined the threat landscape. It underscored how cryptocurrency theft has evolved into a tool of statecraft, TRM Labs said.
North Korea-linked groups were responsible for $1.6 billion of the total stolen, solidifying their dominance as the most prolific nation-state threat actors in the crypto space. While North Korea led in volume, the report also documented new players using crypto hacks for symbolic or political purposes.
On June 18, 2025, the Iranian exchange Nobitex was hacked for over $90 million, reportedly by an Israel-linked group, Gonjeshke Darande (Predatory Sparrow).
Unlike typical cyber heists, the attackers transferred the stolen funds to unspendable vanity addresses, strongly suggesting non-financial motives.
TRM Labs noted that this signals a disturbing trend, which is digital asset theft as a weapon in geopolitical conflict.
The report further reveals that more than 80 percent of the stolen funds came from infrastructure attacks—breaches targeting the technical backbone of crypto platforms, such as private key thefts, seed phrase exposure, and front-end compromises.
Read also: Crypto battles scam culture as scammers evolve with AI
These were, on average, 10 times larger than other attack vectors and often involved social engineering or insider threats. In contrast, DeFi protocol exploits such as flash loans and re-entrancy attacks accounted for around 12 percent of losses, continuing to expose flaws in smart contract security despite years of warnings and audits.
The report emphasises that the first half of 2025 marks a strategic pivot in crypto security threats, demanding more than conventional fixes.
“Massive breaches, often tied to nation-state operations, require a new defence paradigm,” the report stated. “It calls for an industry-wide upgrade in basic and advanced cybersecurity practices, including multi-factor authentication (MFA), cold storage of funds, regular smart contract audits, insider threat detection, and social engineering countermeasures.”
TRM Labs stated that there is a need for global cooperation among regulators, law enforcement, and blockchain analytics firms to swiftly track and recover stolen assets.
