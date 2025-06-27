A new report by blockchain intelligence firm TRM Labs has revealed that a staggering $2.1 billion worth of cryptocurrency has been stolen in the first half of 2025 across at least 75 hacks and exploits.

This marks a 10% increase over the previous first-half record set in 2022 and nearly matches total crypto thefts in all of 2024.

The report paints a grim picture of an ecosystem under siege—not just from traditional cybercriminals, but increasingly from state-sponsored actors weaponizing digital assets for geopolitical and strategic ends.

RelatedStories No Content Available

The Bybit breach

According to the report, the biggest event of the year so far was the $1.5 billion theft from Dubai-based exchange Bybit in February, the largest crypto hack in history, which TRM Labs attributes to North Korean state actors.

The incident alone accounted for nearly 70% of total losses in H1 2025 and pushed the average hack size to $30 million—double the average in the same period last year.

“The Bybit attack redefined the threat landscape. It underscored how cryptocurrency theft has evolved into a tool of statecraft,” TRM Labs said.

Notably, North Korea-linked groups were responsible for $1.6 billion of the total stolen, solidifying their dominance as the most prolific nation-state threat actors in the crypto space.

Beyond North Korea

While North Korea led in volume, the report also documented new players using crypto hacks for symbolic or political purposes.

On June 18, 2025, the Iranian exchange Nobitex was hacked for over $90 million, reportedly by an Israel-linked group, Gonjeshke Darande (Predatory Sparrow).

Unlike typical cyber heists, the attackers transferred the stolen funds to unspendable vanity addresses, strongly suggesting non-financial motives.

According to TRM Labs, this signals a disturbing trend: digital asset theft as a weapon in geopolitical conflict.

The report further reveals that more than 80% of the stolen funds came from infrastructure attacks—breaches targeting the technical backbone of crypto platforms, such as private key thefts, seed phrase exposure, and front-end compromises.

These were, on average, 10 times larger than other attack vectors and often involved social engineering or insider threats.

In contrast, DeFi protocol exploits such as flash loan and re-entrancy attacks accounted for around 12% of losses, continuing to expose flaws in smart contract security despite years of warnings and audits.

Need for crypto security

The report emphasizes that the first half of 2025 marks a strategic pivot in crypto security threats, demanding more than conventional fixes.

“Massive breaches, often tied to nation-state operations, require a new defense paradigm,” TRM Labs said.

It calls for an industry-wide upgrade in basic and advanced cybersecurity practices, including multi-factor authentication (MFA), cold storage of funds, regular smart contract audits, insider threat detection, and social engineering countermeasures.

TRM Labs also stressed the need for global cooperation among regulators, law enforcement, and blockchain analytics firms to swiftly track and recover stolen assets.

It added that international legal frameworks, information sharing, and coordinated sanctions against state-sponsored cybercriminals would be critical for deterrence.