Crypto Industry Loses $2.1 Billion in First Half 2025 Due to Infrastructure Attacks

In the first half of 2025, the cryptocurrency industry faced significant challenges due to a surge in exploits targeting crypto seed phrases and front-end compromises. These vulnerabilities accounted for a substantial portion of the $2.1 billion in losses reported during this period. According to blockchain intelligence firm TRM Labs, over 80% of crypto stolen across 75 hacks so far this year was taken in so-called infrastructure exploits, which, on average, made off with 10 times more than other attack types.

Infrastructure attacks target the technical backbone of a system to gain unauthorized control, mislead users, or reroute assets. They include attacks such as hijacking a crypto wallet’s private seed phrase or exploiting the user-facing part of a crypto protocol. These methods exploit foundational weaknesses in cryptosystems and are often amplified by social engineering.

Another major successful attack vector was protocol exploits, including flash loan and re-entrancy attacks, which accounted for 12% of the losses in the first half of the year. These attacks target vulnerabilities in a blockchain protocol’s smart contracts or core logic to extract funds or disrupt system behavior.

Overall, losses in the first half of 2025 have surpassed the previous record set in 2022 by roughly 10% and nearly equal the total losses from all of 2024. This highlights an increasingly concentrated threat to digital assets.

North Korea’s $1.5 billion hack of a crypto exchange in February was responsible for nearly 70% of the total losses so far in 2025. That attack also pushed the average hack size to nearly $30 million, double the $15 million average in the first half of 2024. However, January, April, May and June still saw total thefts over $100 million. The pro-Israel hacker group Gonjeshke Darande, or Predatory Sparrow, also contributed to jacking up the averages as well, after it exploited a crypto exchange for $100 on June 18.

TRM Labs noted that the first half of 2025 marks a pivotal shift in crypto hacking, with escalating strategic intent from state actors and other geopolitically motivated groups. The firm emphasized the need for the crypto industry to reinforce fundamental security measures, such as multifactor authentication, cold storage, frequent audits, and prioritize insider threat detection and advanced social engineering countermeasures.

TRM Labs also called for multifaceted collaboration between global law enforcement, financial intelligence units, and blockchain intelligence firms. The firm stated that the record thefts in the first half of 2025 are a stark call to action for a collective, sustained, and strategically aligned security posture, prepared not just for crime, but for covert acts of statecraft.

The impact of these exploits is far-reaching, affecting not only individual users but also the broader cryptocurrency ecosystem. The loss of $2.1 billion in the first half of 2025 underscores the urgent need for enhanced security measures and better user education. Cryptocurrency platforms and wallet providers must implement robust security protocols to protect seed phrases and front-end interfaces from potential attacks. Additionally, users need to be educated on the importance of safeguarding their seed phrases and recognizing the signs of front-end compromises.

The cryptocurrency industry's response to these challenges will be crucial in determining its future trajectory. As the sector continues to evolve, it must prioritize security to build trust and attract more users. The lessons learned from the exploits in 2025 can serve as a catalyst for improving the overall security landscape of the cryptocurrency industry, ensuring that it remains resilient against emerging threats.