Crypto Thefts Surge 10% in 2025 First Half, $2.1 Billion Stolen

The first half of 2025 saw a significant surge in cryptocurrency thefts, with hackers stealing a total of $2.1 billion across 75 separate attacks. This figure represents a 10% increase from the previous year, highlighting the growing risks within the crypto space. The average hack now results in greater losses, with infrastructure vulnerabilities remaining the leading entry point for these attacks.

The most notable incident was the breach of the crypto exchange Bybit in February, which resulted in the theft of nearly $1.5 billion in digital assets. This single event accounted for nearly 70% of all funds stolen in the first half of the year. The attack was attributed to North Korea, marking it as the largest crypto theft on record. Despite the significant impact of the Bybit breach, other months, including January, April, May, and June, still recorded losses exceeding $100 million each, indicating a persistent threat across the digital asset space.

State-backed actors, particularly from North Korea, have played an increasingly aggressive role in targeting digital assets. According to TRM Labs, North Korea-linked groups stole $1.6 billion in just six months. These funds are reportedly used to evade sanctions and support state operations, including nuclear development. The involvement of state-sponsored hackers in these thefts underscores the geopolitical dimensions of cyber warfare in the crypto industry.

Another significant incident was the breach of the Iranian crypto exchange Nobitex, where over $90 million in crypto assets were stolen. This attack was reportedly carried out by a group allegedly tied to Israel, Gonjeshke Darande. The stolen crypto was sent to unreachable wallets, suggesting a political motive rather than financial gain. These incidents highlight how digital assets are becoming tools in broader geopolitical strategies.

Over 80% of the stolen funds came from attacks on core infrastructure, such as seed phrases, private keys, or user interfaces. These breaches often involve social engineering or insider access, making them more difficult to detect and stop. The average infrastructure attack caused ten times the damage of other methods. Protocol exploits, including flash loan and re-entrancy attacks, made up about 12% of total losses.

To defend against these escalating threats, the crypto industry must implement robust security measures. These include multi-factor authentication, cold storage for funds, regular security audits, and targeted countermeasures against insider threats and social engineering attacks. Collaboration between exchanges, law enforcement, and blockchain intelligence firms is vital to respond quickly and recover stolen assets. With digital assets now at the center of geopolitical conflict, security strategies must evolve to match the scale and intent of these attacks.