In the first six months of 2025, cryptocurrency theft reached an unprecedented record of $2.1 billion, establishing a new record for illegal activities in the cryptocurrency field.
This marks a significant increase compared to previous years, with attacks on infrastructure and state-sponsored actors, especially North Korea, being the main cause of increased losses.
Crypto Theft Reaches New High in First Half of 2025
In the latest report, TRM Labs, a blockchain intelligence company, revealed that from January to June 2025, the cryptocurrency sector endured nearly 75 different hacks and exploits. These attacks led to losses exceeding $2.1 billion,
This represents a 10% increase from the previous record of $2 billion stolen in the first half of 2022. Moreover, this amount is nearly equivalent to the amount stolen throughout 2024.
"The first half of 2025 provided a clear reminder of the weaknesses in the cryptocurrency ecosystem," the report stated.
Amount stolen through crypto hacks over the years. Source: TRM LabsTRM Labs noted that most of the money stolen in the first half of 2025 (over 80%) was due to infrastructure attacks. This includes tactics such as private key theft and infiltration of platform user interfaces. On average, these incidents caused losses 10 times larger than other attacks, highlighting their significant impact on the cryptocurrency ecosystem.
"Infrastructure attacks refer to attack techniques targeting the technical platform of digital asset systems to gain unauthorized control, deceive users, or divert assets. Often carried out through social engineering or internal access, these violations expose critical vulnerabilities at the foundation of cryptocurrency security," TRM added.
The company also revealed that protocol exploits accounted for 12% of the stolen funds. This includes Flash Loans and re-entry attacks.
Malicious actors exploit vulnerabilities in the basic logic of blockchain protocols or smart contracts. This allows them to withdraw funds or disrupt the system's functionality.
Meanwhile, hackers stole over $100 million in January, April, May, and June. However, the industry witnessed the largest losses in February with the Bybit hack. BeInCrypto reported that North Korea's Lazarus group stole $1.5 billion from the exchange.
"This incident alone accounts for nearly 70% of total losses so far this year, pushing the average hack size to nearly $30 million — double the Medium of $15 million in the first half of 2024," the report stated.
It's important to note that the Bybit breach is not an isolated incident for groups associated with North Korea. In fact, state-sponsored groups have been linked to many notorious hacks.
TRM Labs points out that groups associated with North Korea were behind $1.6 billion of the total stolen funds. Moreover, the report emphasizes that other state actors are increasingly using crypto hacks as a tool to create geopolitical advantages.
The recent Nobitex hack is an example of this. On June 18, the Israel-supporting hacker group Gonjeshke Darande (Predatory Sparrow) attacked Iran's largest cryptocurrency exchange, causing losses of over $90 million.
"Such events highlight how digital asset theft is becoming a covert tool in geopolitical conflicts and national policies," TRM Labs added.
To counter these exploits, TRM Labs proposed a multi-layered defense strategy. Recommendations include regular security checks, multi-factor authentication (MFA), and cold storage use.
The company emphasized the necessity of advanced defensive measures against state-level threats, such as improving internal threat detection and countering social engineering techniques. Finally, TRM Labs stressed the importance of global collaboration between law enforcement agencies, financial intelligence units, and blockchain intelligence companies to track stolen funds and prosecute cybercriminals.
