Crypto hacks and exploits have surged to record levels in the first half of 2025, with total losses exceeding $2.1 billion across at least 75 incidents, according to blockchain intelligence firm TRM Labs.
What Happened: The figure marks the highest-ever total for the first half of a year, surpassing the previous record set in the first half of 2022 by around 10%.
The largest single event was the $1.5 billion hack of Dubai-based crypto exchange Bybit in February, which TRM Labs attributes to North Korea.
The Bybit breach alone accounted for nearly 70% of total losses this year, significantly inflating the average hack size to nearly $30 million, double that of H1 2024.
TRM Labs reported that North Korean-linked groups were responsible for approximately $1.6 billion in stolen assets during H1 2025, solidifying the country’s position as the most active nation-state actor in the crypto space.
The report suggested that these thefts are a strategic part of North Korea's broader efforts to finance its national objectives, including its nuclear weapons program.
Why It Matters: While North Korea continues to dominate, the report also highlighted other state-sponsored attacks.
One notable incident involved the Israel-linked group Gonjeshke Darande (Predatory Sparrow), which reportedly hacked Iranian crypto exchange Nobitex for over $90 million in June.
The attackers transferred stolen funds to unspendable addresses, signaling a symbolic or political motivation rather than financial gain.
Infrastructure attacks, such as private key and seed phrase thefts, accounted for over 80% of stolen funds in the first half of 2025.
These breaches, often enabled by social engineering or insider access, were significantly larger on average than other attack types.
Protocol exploits, including flash loan and re-entrancy attacks, made up another 12% of total losses.
TRM Labs emphasized that the rising involvement of state actors marks a turning point in the crypto security landscape.
The report urged the industry to strengthen basic cybersecurity practices, including multi-factor authentication, cold storage, and regular audits, while also improving defenses against sophisticated nation-state threats.
The report stressed that coordinated international efforts will be essential to counter this escalating threat.
Stronger partnerships between law enforcement, financial intelligence units, and blockchain analytics firms will be necessary to track stolen assets and hold perpetrators accountable.
TRM Labs concluded that as digital assets become more intertwined with global financial systems and national security, crypto hacks may increasingly be used not just for financial gain but as instruments of geopolitical strategy.
Read Next:
Image: Shutterstock
