In the first half of 2025, the global cryptocurrency industry experienced unprecedented losses due to hacker attacks and exploits. According to analysts at TRM Labs, over $2.1 billion was stolen from the market — the highest figure in six months in the history of the industry, which is 10% higher than the record set in 2022 and nearly equals the total losses of the sector for 2024.
This is reported by Finway
Major Attacks and Geopolitical Context
The biggest incident in 2025 was the hack of the cryptocurrency exchange Bybit, during which approximately $1.5 billion was stolen in February. Experts estimate that this attack was carried out by hackers linked to North Korea. This incident accounted for nearly 70% of the total losses in the crypto sector for the first half of the year, with the average amount stolen in each incident rising to $30 million — double that of 2024.
“North Korea continues to be the largest state actor in the realm of crypto crime, using stolen assets to fund strategic programs, including nuclear ones,” the TRM Labs report states.
Overall, North Korean hackers are estimated to be responsible for stealing $1.6 billion in the first half of 2025. However, it is not only North Korea that uses crypto attacks for political motives. In June, the hacker group Gonjeshke Darande (Predatory Sparrow), believed to be linked to Israel, hacked Iran’s largest cryptocurrency exchange, Nobitex, and withdrew over $90 million. The stolen funds were transferred to inaccessible addresses, indicating a primarily political or symbolic motivation behind the attackers’ actions rather than a financial interest.
Structure of Attacks and Cybersecurity
According to TRM Labs, 80% of all losses were caused by attacks on the infrastructure of the crypto market. Criminals employed social engineering methods, stole seed phrases, private keys, and manipulated interfaces. Insiders were often involved in such hacks. Another 12% of the total losses were caused by exploits of decentralized financial protocols, particularly through flash loans and function re-invocations in DeFi.
Experts point to an increase not only in the number but also in the complexity of attacks, which is why they recommend a comprehensive approach to security. In particular, strengthening basic protective measures (multi-factor authentication, cold storage, regular audits) and simultaneously developing cooperation with international law enforcement and financial institutions, as well as blockchain analytics platforms. Effective counteraction to cyber threats is only possible with rapid information exchange between jurisdictions and coordinated responses, as attacks increasingly exhibit signs of state-sponsored cyberterrorism.
It is worth noting that in 2025, the number of phishing attacks also increased. Recently, hardware wallet manufacturer Trezor and the well-known crypto publication Cointelegraph reported phishing attempts on their websites.