Hackers stole $2.1 billion (R$ 11.5 billion) in cryptocurrencies, a historic record in the first half of 2025, with North Korean-sponsored criminals accounting for 70% of the losses, according to a report released on Friday (27) by blockchain intelligence provider TRM Labs.
The total amount was 10% higher than the previous record set in 2022, according to the report 'H1 2025 Cryptocurrency Hacks and Exploits: A New Record Amid Evolving Threats,' which noted that North Korean groups were allegedly behind $1.6 billion of the stolen cryptocurrencies.
TRM stated that North Korea has consolidated its 'position as the most prolific state actor in the cryptocurrency space.'
'The thefts serve as a critical tool of state policy' for the country, the report added.
The enormous amount of funds diverted in the first half of this year was driven by the theft of nearly $1.5 billion in February of Ethereum and Ethereum-related assets on the cryptocurrency exchange Bybit — the largest hack in the history of the cryptocurrency industry.
The multi-signature wallet provider Safe stated that the theft originated from a compromised developer laptop. An investigation found that the workstation of a senior developer at Safe was compromised on February 4 while interacting with a malicious docker project or lightweight application.
Authorities accused North Korean hackers of the attack on the Dubai-based exchange — and TRM Labs reached the same conclusion.
'The Bybit breach in February 2025... reshaped the narrative for the year, inflating the average size of hacks and highlighting the strategic use of cybercrime by nation-states,' the report noted.
U.S. authorities have long alleged that the heavily sanctioned North Korean government uses hackers to steal cryptocurrencies and fund its nuclear program.
Large cryptocurrency hacks have often been traced back to the country, which is ruled by dictator Kim Jong Un.
TRM Labs stated that cryptocurrency hacks increasingly seem 'symbolic or strategic, rather than financially motivated, highlighting a shift in how cybercrime is weaponized.'
The report further added that 80% of this year's losses were due to infrastructure attacks, where hackers gain control of private keys and seed phrases.