In the first half of 2025, the cryptocurrency sector suffered unprecedented losses from hacker attacks and exploits, amounting to $2.1 billion. According to analysts at TRM Labs, this marks a new absolute high for six months, exceeding the record set in 2022 by 10% and nearly matching the total amount of thefts for the entire previous year.
This is reported by Business • Media
Major Attacks: Bybit and Nobitex
The largest hacking incident was recorded in February on the Bybit platform. As a result of the breach, $1.5 billion was stolen from the exchange, making it the largest cryptocurrency theft in history. According to TRM Labs, this was carried out by a hacker group linked to North Korea. This attack accounts for nearly 70% of all sector losses for the half-year, with the average amount stolen rising to $30 million, double that of the previous year.
“North Korea continues to be the largest state actor in the realm of crypto crime, using stolen assets to fund strategic programs, including nuclear ones,” states the TRM Labs report.
The total amount of losses attributed to North Korean hackers during this period reaches $1.6 billion. However, it is not only North Korea that uses cryptocurrencies for political purposes. In June, the Israeli group Gonjeshke Darande (Predatory Sparrow) organized an attack on Iran’s largest cryptocurrency exchange, Nobitex, resulting in over $90 million being siphoned off. The funds were transferred to addresses that are inaccessible, indicating political rather than financial motives behind the hack.
Major Sources of Losses and Cybercrime Trends
According to TRM Labs, 80% of the total losses in the crypto industry are attributed to attacks targeting infrastructure. The primary methods include stealing seed phrases, private keys, and manipulating user interfaces. Such attacks are often carried out using social engineering or with the help of insiders. Another 12% of losses are caused by exploits of DeFi protocols, including flash loans and function reentrancy.
TRM Labs analysts emphasize that the rapid increase in the number and complexity of attacks necessitates the implementation of a dual strategy—strengthening basic cybersecurity measures (including multi-factor authentication, the use of cold wallets, and regular audits) and developing international cooperation with law enforcement, financial intelligence, and blockchain analytical platforms. Effective response and information sharing between different jurisdictions are becoming critically important to counter threats that are taking on characteristics of state-sponsored cyberterrorism.
It is worth noting that recently, hardware wallet manufacturer Trezor and the crypto publication Cointelegraph fell victim to phishing attacks on their online resources.