TLDR:
Hackers stole $2.1B in crypto across 75 attacks in the first half of 2025.
The Bybit hack alone accounted for nearly $1.5B in stolen digital assets.
Over 80% of stolen funds came from infrastructure breaches and insider threats.
TRM Labs links $1.6B in losses to North Korea in a major rise of cyber warfare.
The first half of 2025 has revealed growing risks within the crypto space as cyber thefts reached new highs.
Hackers stole over $2.1 billion across 75 attacks, reflecting a 10% increase from 2022’s record. Analysts report a concerning shift, with state-backed actors playing a more aggressive role in targeting digital assets.
The average hack now results in greater losses, and infrastructure vulnerabilities remain the leading entry point. With geopolitical tensions rising, cyberattacks appear more calculated and politically driven than ever.
Bybit Attack Sets the Tone for 2025 Crypto Heists
A single event shaped the early months of 2025: the massive breach of crypto exchange Bybit in February. According to a report by TRM Labs, this $1.5 billion hack accounts for nearly 70% of all funds stolen so far this year.
The firm attributes the attack to North Korea, marking it as the largest crypto theft on record. Despite the outsized impact of the Bybit breach, January, April, May, and June still recorded losses exceeding $100 million each. This steady wave of attacks suggests a persistent threat across the digital asset space.
TRM Labs estimates that North Korea-linked groups stole $1.6 billion in just six months. The data shows that state-sponsored theft now plays a central role in digital asset heists.
North Korea reportedly uses these funds to evade sanctions and support state operations, including nuclear development. In one incident, a group allegedly tied to Israel, Gonjeshke Darande, targeted Iran’s Nobitex exchange for $90 million.
The stolen crypto was sent to unreachable wallets, suggesting a political motive rather than financial gain. These incidents show how digital assets are becoming tools in broader geopolitical strategies.
Infrastructure Breaches Lead Attack Vectors
Most of the stolen funds, over 80%, came from attacks on core infrastructure, such as seed phrases, private keys, or user interfaces. These breaches often involve social engineering or insider access, making them more difficult to detect and stop.
The average infrastructure attack caused ten times the damage of other methods. Protocol exploits, including flash loan and re-entrancy attacks, made up about 12% of total losses.
While DeFi continues to evolve, its code remains a target for hackers exploiting weak points in smart contracts.
TRM Labs stresses that cybersecurity alone is no longer enough. Defending against state-sponsored hacks now demands more advanced tools and coordinated responses.
Measures such as cold storage, multi-factor authentication, and frequent audits remain essential. However, the industry must also invest in insider threat detection and protection against social engineering.
Collaboration between exchanges, law enforcement, and blockchain intelligence firms is vital to respond quickly and recover stolen assets. With digital assets now at the center of geopolitical conflict, security strategies must evolve to match the scale and intent of these attacks.
The post Crypto Theft Surge: $2.1 Billion Stolen in First Half of 2025 appeared first on Blockonomi.