Crypto Industry Loses $2.1 Billion in First Half of 2025 Due to Hacking Surge

In the first half of 2025, the cryptocurrency industry experienced significant losses due to a surge in sophisticated hacking techniques. According to blockchain intelligence firm TRM Labs, crypto private key exploits and front-end protocol attacks accounted for 80% of the $2.1 billion worth of crypto stolen so far this year. These infrastructure exploits, which target the technical backbone of a system to gain unauthorized control, mislead users, or reroute assets, have proven to be particularly devastating. On average, these attacks made off with 10 times more crypto than other types of attacks, highlighting the severity of the threat.

Over 75 hacks have occurred in the first half of 2025, with infrastructure attacks being the most prevalent. These attacks include hijacking a crypto wallet’s private seed phrase or exploiting the user-facing part of a crypto protocol. The methods used in these attacks often exploit foundational weaknesses in cryptosystems and are frequently amplified by social engineering tactics.

Another significant attack vector identified by TRM Labs was protocol exploits, which accounted for 12% of the losses. These attacks target vulnerabilities in a blockchain protocol’s smart contracts or core logic to extract funds or disrupt system behavior. Examples include flash loan and re-entrancy attacks, which have become increasingly common and effective.

The total losses in the first half of 2025 have surpassed the previous record set in 2022 by roughly 10% and nearly equal the total losses from all of 2024. This trend highlights an increasingly concentrated threat to digital assets, as the frequency and scale of these attacks continue to rise.

One of the most notable incidents was the $1.5 billion hack of a Dubai-based crypto exchange by North Korea in February. This single attack was responsible for nearly 70% of the total losses so far in 2025 and pushed the average hack size to nearly $30 million, double the $15 million average in the first half of 2024. Additionally, other significant thefts occurred in January, April, May, and June, each exceeding $100 million. The pro-Israel hacker group Gonjeshke Darande, or Predatory Sparrow, also contributed to the escalating averages by exploiting Iran’s largest crypto exchange, Nobitex, for $100 million on June 18.

TRM Labs emphasized that the first half of 2025 marks a pivotal shift in crypto hacking, with escalating strategic intent from state actors and other geopolitically motivated groups. The firm called for a multifaceted collaboration between global law enforcement, financial intelligence units, and blockchain intelligence firms to combat these bad actors. TRM Labs recommended reinforcing fundamental security measures such as multifactor authentication, cold storage, frequent audits, and prioritizing insider threat detection and advanced social engineering countermeasures.

The record thefts in the first half of 2025 serve as a stark call to action for the crypto industry to adopt a collective, sustained, and strategically aligned security posture. This posture must be prepared not just for crime but also for covert acts of statecraft, underscoring the need for heightened vigilance and collaboration across the industry.