In the first half of 2025, over $2.1 billion in crypto was stolen across at least 75 distinct hacks and exploits, nearly equaling the total amount stolen in all of 2024. According to the latest TRM Crypto Crime report, the losses in the first half of 2025 surpass the record set in the first half of 2022 by roughly 10%. The report, however, shows the $1.5 billion Bybit hack in February accounting for almost 70% of the total losses.

Besides the colossal losses in February, TRM data shows January, April, May, and June as the only other months with losses exceeding $100 million. Only March had losses below $100 million.

As reported by several media outlets, North Korea-affiliated hackers are believed to be behind the Bybit breach. While the community response to the sophisticated attack made life difficult for the cybercriminals, media reports suggest that a significant chunk of the funds is lost forever. Meanwhile, the report notes the persistent and alarming role of state-sponsored crypto attacks and singles out Pyongyang as the chief culprit.

“We assess that North Korea-linked groups are responsible for $1.6 billion of the total amount stolen in the first half of 2025, representing about 70% of all stolen funds and cementing their position as the most prolific nation-state threat actor in the crypto space,” the report concludes.

While North Korea is believed to use funds stolen from digital asset exchanges to finance its weapons program, the report acknowledges that other state actors leverage crypto hacks for geopolitical ends. It cites the hacking of Iran’s largest crypto exchange, Nobitex, on June 18, 2025, for over $90 million by the Israeli-linked Gonjeshke Darande.

Unlike other groups that go on to spend the stolen funds, Gonjeshke Darande transferred the funds to unspendable vanity addresses. This act, the report asserts, “underscores how digital asset theft is becoming a covert instrument in geopolitical conflicts and national policy.”

Meanwhile, the TRM team found infrastructure attacks such as private key and seed phrase thefts or front-end compromises accounted for over 80% of stolen funds in the first half of 2025. Protocol exploits, on the other hand, made up another 12%, highlighting persistent vulnerabilities in decentralized finance (DeFi) smart contracts.

To counter the growing threat posed by state-backed attackers, the TRM report urges the crypto industry to reinforce fundamental security — multi-factor authentication (MFA), cold storage and frequent audits. It must prioritize improving the detection of insider threats and strengthening defenses against advanced social engineering tactics.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。