Crypto Hacks Surge 10% in 2025 First Half, $2.1 Billion Lost

In the first half of 2025, the crypto world faced an unprecedented wave of cyberattacks, resulting in a staggering $2.1 billion in losses across at least 75 separate incidents. This alarming figure not only sets a new record for the first half of any year but also surpasses the previous high set in the first half of 2022 by approximately 10%. The most significant breach occurred in February when North Korean hackers targeted a Dubai-based crypto exchange, stealing $1.5 billion and accounting for nearly 70% of the total losses for the year. This single event dramatically increased the average hack size to nearly $30 million, doubling the average from the first half of 2024.

North Korean-linked groups were identified as the primary culprits, responsible for approximately $1.6 billion in stolen assets. These thefts are believed to be part of a broader strategy by North Korea to fund its national objectives, including its nuclear weapons program. While North Korea remains the most active nation-state actor in the crypto space, other state-sponsored attacks were also noted. For instance, a group linked to Israel reportedly hacked an Iranian crypto exchange in June, stealing over $90 million. However, the stolen funds were transferred to unspendable addresses, suggesting a symbolic or political motivation rather than financial gain.

The majority of the losses, over 80%, were attributed to infrastructure attacks, such as private key and seed phrase thefts. These breaches, often facilitated by social engineering or insider access, were significantly larger on average than other types of attacks. Protocol exploits, including flash loan and re-entrancy attacks, accounted for another 12% of the total losses. The increasing involvement of state actors in these cyberattacks marks a significant shift in the crypto security landscape, highlighting the need for enhanced cybersecurity measures.

The surge in crypto hacks underscores the urgent need for improved digital security measures. The report from TRM Labs emphasizes that the industry must strengthen basic cybersecurity practices, such as multi-factor authentication, cold storage, and regular audits. Additionally, there is a growing need to develop defenses against sophisticated nation-state threats. Coordinated international efforts between law enforcement, financial intelligence units, and blockchain analytics firms will be crucial in tracking stolen assets and holding perpetrators accountable. As digital assets become more integrated into global financial systems and national security, the threat of crypto hacks as instruments of geopolitical strategy cannot be overlooked.