The first half of 2025 has proven to be a challenging time for the crypto ecosystem, with a record-breaking number of hacks and exploits, according to a report by TRM Labs. The total amount lost in the first six months of the year exceeded $2.1 billion across 75 different incidents, marking a significant increase in illicit activity compared to previous years.
One of the most notable events was the Bybit attack, which accounted for nearly 70% of the total amount lost in the first half of the year. This attack, which took place in February, resulted in the theft of $1.46 billion, making it the largest hack in crypto history. As a result, the average size of hacks in 2025 increased to nearly $30 million, double the average from the first quarter of 2024.
While the Bybit hack heavily influenced the total amount lost in the first half of the year, other significant incidents occurred in January, April, May, and June, each resulting in losses exceeding $100 million. This indicates a widespread and persistent threat facing digital assets.
Infrastructure attacks were a major contributing factor to the high number of hacks in 2025, accounting for over 80% of stolen funds. These attacks involve gaining unauthorized control, misleading users, or rerouting assets, often through social engineering or insider access. On average, infrastructure attacks were ten times larger than other types of attacks.
Protocol exploits, such as flash loan and reentrancy attacks, made up 12% of the total stolen funds in the first half of 2025. These attacks target vulnerabilities in blockchain smart contracts to steal funds or disrupt system behavior, highlighting persistent weaknesses in DeFi smart contracts.
State-sponsored activity also played a significant role in the crypto hacking landscape, with North Korea-linked groups responsible for $1.6 billion, or 70%, of the total stolen amount. These groups, including the infamous Lazarus group, are described as the most prolific nation-state threat actors in the crypto space. North Korea is leveraging illicit crypto gains not only to evade sanctions but also as part of its statecraft.
In addition to North Korea, other state actors, such as the Israel-linked group Gonjeshke Darande, are increasingly using crypto hacks for geopolitical purposes. The recent hack of Iran’s largest crypto exchange, Nobitex, by this group highlights the potential political motives behind such attacks.
As digital assets become more intertwined with national security, the sophistication and geopolitical motives of hackers are expected to increase. Collaboration among global law enforcement agencies, financial intelligence units, and blockchain intelligence firms is crucial to combatting these threats.
In conclusion, the first half of 2025 marks a pivotal shift in the crypto hacking landscape, with escalating strategic intent from state actors and other geopolitically motivated groups. The need for enhanced cybersecurity measures and collaboration between stakeholders is more critical than ever in safeguarding digital assets.