Crypto investors lost more than $2.1 billion in hacking and attacks in the first half of 2025, the worst six-month period in the record for cryptocurrency security, suggesting that certain nation-states have intensified their cyber movement in the cryptocurrency space.
Starting in 2022, 75 recorded events have made the previous H1 about 10%, almost matching the total number throughout 2024, a TRM Labs Report It was released on Friday. But raising an alarm is an important part of who is doing the theft.
North Korea-related groups are responsible for $1.6 billion this year, accounting for 70% of all stolen funds, researchers say.
At the center of the surge is the $1.5 billion bybit Hack in February, now believed to have been conducted by North Korea, marking the largest cryptocurrency theft in history and shifting the average number of hackers that year toward $30 million, or twice the previous year.
The threat is not limited to Pyongyang. On June 18, a group believed to be linked to Israel, Gonjeshke darande (a predatory sparrow), stole $90 million from Nobitex on the Iranian exchange, which reportedly retaliated against the platform’s so-called evasion effect.
The stolen funds were sent to a vanity address (the design was unavailable and considered burned), indicating that profits were politically motivated.
Attack vectors are developing rapidly. More than 80% of stolen funds are due to infrastructure-level violations, including private key theft and front-end hijacking.
These attacks often involve social engineering or insider access, and are proven to be ten times more utilizing traditional smart contracts. Defi vulnerabilities that were prevalent in 2021-22, including flash loans and re-entry attacks, accounted for 12% of the losses.
Read more: North Korean hackers target top crypto companies with malware hidden in work applications
