Despite money spent on audits, war rooms, and white-hat bounties, cybercriminals still ransacked the crypto industry for $2.1 billion in the first half of 2025.
That’s according to TRM Labs, a blockchain forensics company, in a report on Friday.
The losses mark the worst start to any year in crypto’s history and mark a 10% jump from the previous record in 2022.
The vast majority of this year’s figure comes from the $1.4 billion stolen from crypto exchange Bybit by hackers linked to North Korea in February.
Indeed, hacks targeting backend systems to access wallet keys and passwords made up 80% of all crypto thefts over the last six months, according to TRM Labs.
Bleak picture for crypto
In April, crypto exchange Bitget lost $100 million to an infrastructure attack that exposed the private keys of some of its wallets.
The TRM Labs report stated that such attacks were, on average, ten times larger than other attack vectors, including phishing and protocol exploits.
Even excluding the Bybit megahack, the picture seems bleak for crypto security.
Monthly tallies from DefiLlama show that five out of the first six months of the year recorded more than $100 million in losses from hacks and exploits.
Ari Redbord, vice president and global head of policy at TRM Labs, described the situation as emblematic of “persistent and widespread risks” in a note shared with DL News.
Increasingly, these adversaries aren’t lone hackers chasing huge scores, either.
Nation-state groups strike
North Korean hacking syndicates remain the most prolific crypto bandits, and they use the stolen funds to bankroll Pyongyang’s nuclear weapons programme.
Elsewhere in the world, Gonjeshke Darande, a cyber sabotage group with links to Israel, claimed responsibility for hacking Nobitex, a major Iranian cryptocurrency exchange.
The group made off with $90 million from the exchange.
The Israeli group said the exchange funnelled crypto funds to help Tehran finance its nuclear weapons programme and bypass international sanctions.
Unlike North Korean syndicates like the Lazarus Group, the Nobitex hackers didn’t attempt to launder the syphoned funds. Onchain data show they sent the funds to unspendable vanity addresses, which the hackers didn’t have access to.
The incident occurred amid the recent missile attacks between the two countries
DeFi spirals
DeFi protocols suffered significant losses in the first half of the year, too.
Attacks against DeFi projects often target protocol logic by manipulating oracles or exploiting maths errors in smart contracts.
Cetus, the largest decentralised exchange on Sui, suffered a $220 million exploit in May. The protocol successfully recovered $163 million by counter-hacking the attacker.
Other projects weren’t as lucky.
Protocols like zkLend and Conic Finance recently shut down after failing to recover from devastating fund losses due to malicious exploits.
Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. Got a tip? Please contact him at [email protected].
