The first half of 2025 exposed deep vulnerabilities in the crypto industry, with hackers stealing over $2.1 billion across 75 separate incidents.
This marks a 10% increase from the previous H1 record of $2 billion in 2022 and nearly matches the full-year figure for 2024, which closed at $2.2 billion, according to a report from blockchain intelligence firm TRM Labs.
This uptick in losses was primarily driven by a single event. A massive $1.5 billion exploit targeting Bybit in February accounted for nearly 70% of all crypto thefts in H1 2025.
However, even outside of that breach, several months, namely January, April, May, and June, each recorded over $100 million in damages from individual attacks.
Meanwhile, had the Bybit hack not occurred, total losses from these incidents might have landed closer to $600 million, the lowest mid-year figure since 2023.
TRM Labs further noted that hack sizes grew significantly during the reporting period. According to the firm, the average theft in H1 2025 reached nearly $30 million, double the $15 million average recorded during the same period last year.
Infrastructure attacks dominate
The bulk of 2025’s crypto hacks stemmed from structural weaknesses in how digital asset systems are built and accessed.
TRM Labs stated that attacks involving stolen private keys, compromised seed phrases, and manipulated front-end interfaces were responsible for over 80% of stolen funds.
These infrastructure-based breaches often exploit trust gaps and internal vulnerabilities, allowing bad actors to seize control of platforms or redirect funds without triggering standard alerts.
Meanwhile, DeFi smart contracts weren’t spared either. Protocol-level attacks, such as re-entrancy exploits and flash loan manipulations, comprised around 12% of recorded incidents.
These often target logic flaws in decentralized applications, demonstrating that even well-audited code remains susceptible under complex financial operations.
State-backed hackers
According to the report, geopolitical motivations also played a visible role in the emerging industry’s escalating threats.
The blockchain security firm noted that North Korea-linked groups continue to dominate the scene and were behind approximately $1.6 billion of total stolen assets in H1 2025, including the Bybit hack.
This figure underlines the Asian country’s continued reliance on crypto theft to support state initiatives. TRM Labs pointed out that these attack campaigns are connected to funding programs that include military and nuclear development and broader efforts to evade global sanctions.
Meanwhile, other state-linked actors are emerging as well. In June, a hack attributed to Gonjeshke Darande, allegedly connected to Israel, targeted Iran’s top crypto exchange, Nobitex, siphoning over $90 million.
The attackers reportedly claimed the operation aimed to disrupt Iranian efforts to bypass financial restrictions. Notably, the stolen assets were sent to unusable blockchain addresses, suggesting the attack was designed more as a political statement than a profit-driven heist.
These developments suggest that digital asset theft is increasingly becoming a tactical tool in international disputes.