The crypto industry faced significant challenges in the first half of 2025, as hackers managed to steal over $2.1 billion in 75 separate incidents. This marked a 10% increase from the previous record set in H1 2022 and nearly matched the total for the entire year of 2024, which stood at $2.2 billion. These findings were reported by blockchain intelligence firm TRM Labs.
The spike in losses was largely attributed to a massive $1.5 billion exploit targeting Bybit in February, which accounted for almost 70% of all crypto thefts in the first half of 2025. Despite this major breach, other months such as January, April, May, and June each saw over $100 million in damages from individual attacks. If not for the Bybit hack, total losses from these incidents might have been closer to $600 million, the lowest mid-year figure since 2023.
TRM Labs also highlighted the significant growth in hack sizes during this period. The average theft in H1 2025 reached nearly $30 million, doubling the $15 million average from the same period in the previous year.
The majority of crypto hacks in 2025 were a result of structural weaknesses in the digital asset systems. TRM Labs reported that attacks involving stolen private keys, compromised seed phrases, and manipulated front-end interfaces were responsible for over 80% of the stolen funds. These breaches exploit trust gaps and internal vulnerabilities, allowing hackers to take control of platforms or redirect funds without triggering standard alerts.
Additionally, DeFi smart contracts were not immune to attacks. Protocol-level exploits, such as re-entrancy and flash loan manipulations, made up about 12% of the recorded incidents. These attacks target flaws in decentralized applications, showing that even well-audited code can be vulnerable under complex financial operations.
Geopolitical motivations also played a significant role in the increasing threats faced by the crypto industry. TRM Labs noted that North Korea-linked groups were behind approximately $1.6 billion of the total stolen assets in H1 2025, including the Bybit hack. These attacks are linked to funding programs that support military and nuclear development and help evade global sanctions.
Furthermore, state-backed hackers from other countries are also emerging as threats. In June, a group allegedly connected to Israel targeted Iran’s top crypto exchange, Nobitex, stealing over $90 million. The attackers claimed the operation was aimed at disrupting Iran’s efforts to bypass financial restrictions. Interestingly, the stolen assets were sent to unusable blockchain addresses, indicating that the attack was more of a political statement than a profit-driven heist.
These developments highlight how digital asset theft is increasingly being used as a tactical tool in international disputes. The crypto industry continues to face challenges in securing digital assets and protecting against sophisticated cyber threats.