North Korean Hackers Steal $1.6B in Crypto in 2025 Half-Year Record

In the first half of 2025, cybercriminals, including state-sponsored actors, stole a record $2.1 billion in cryptocurrency across 75 reported hacks. This period marked the worst six-month stretch in the history of crypto security, highlighting deep vulnerabilities within the industry. The losses were spread across 75 separate incidents, underscoring the pervasive nature of the threat.

The majority of these losses, approximately 80%, were attributed to infrastructure-level breaches. These included private key thefts, front-end compromises, and compromised access points. Such attacks are often high-impact and are frequently facilitated by social engineering or insider access. Protocol exploits, such as flash loan and reentrancy attacks, accounted for 12% of the losses, continuing to expose vulnerabilities in decentralized finance (DeFi) platforms and underscoring the persistent risks associated with smart contracts.

A significant portion of the stolen funds, $1.6 billion, was linked to North Korean hackers. This makes North Korea the most prolific nation-state adversary in the crypto space, using these funds to support sanctions evasion and strategic programs. The largest single incident was the $1.5 billion attack on Bybit, a Dubai-based exchange, in February. This breach, attributed to North Korea, is the largest crypto hack ever recorded and contributed nearly 70% of the total funds stolen in the first half of 2025. The average hack size for this period was $30 million, double that of the first half of 2024.

The trend of significant losses extended beyond this single event. Each month, except for March, saw losses exceeding $100 million, reinforcing the sustained threat to the crypto sector. The landscape of crypto theft is broadening, with other state actors also involved. For instance, on June 18, an Israel-linked cyber group allegedly breached Iran’s largest exchange, Nobitex, stealing over $90 million. The stolen assets were transferred to unspendable “vanity” addresses, suggesting symbolic or political motives rather than financial gain.

The escalating scale and sophistication of these attacks, particularly from nation-state actors, have highlighted the need for robust cybersecurity measures. Experts are calling for multi-layered protections, including multi-factor authentication (MFA), cold storage, and continuous audits. Additionally, there is a growing emphasis on insider threat detection and countermeasures against social engineering. Global collaboration between law enforcement, financial intelligence units, and firms specializing in crypto security is also seen as crucial.

As crypto increasingly intersects with national security, the stakes are higher than ever. The first half of 2025 serves as a clear warning: digital assets are now targets in geopolitical conflicts, and defending them requires a unified, global response. The crypto industry must adapt and strengthen its defenses to mitigate the risks posed by these sophisticated and well-funded adversaries.

Cryptocurrency exchanges, particularly Bybit and Nobitex, became primary targets, significantly affecting prominent assets like ETH and BTC. DeFi protocols also witnessed numerous breaches, exacerbating concerns over industry safety and security. Crypto hacks lead to $2.1B in stolen seed phrases and fronts. Substantial financial impact was apparent as Total Value Locked (TVL) in DeFi protocols plummeted post-attacks, amid liquidity shifts from compromised venues to safer alternatives. Investor reactions, shaking confidence, lead to declining liquidity post-hacks and propel preventative actions by exchanges.

Future outcomes may see enhanced regulatory scrutiny on cryptocurrency frameworks, alongside technological innovations for improved security. Historical patterns, especially involving North Korean actors, suggest more robust safeguards in cryptography systems are critical, pressing industry-wide changes for heightened resilience.