Crypto Theft recorded $2.1 billion in H1 2025

In the first six months of 2025, Crypto’s theft reached an unprecedented $2.1 billion, setting a new record of illegal activities in the crypto space.

This shows a significant escalation from the past few years, with infrastructure attacks and state-sponsored actors, particularly North Korea, driving a surge in losses.

Crypto Theft reaches new heights in H1 2025

Blockchain intelligence company TRM Labs revealed in its latest report that the Crypto sector endured 75 different hacks and exploits from January to June 2025. These attacks resulted in losses of over $2.1 billion.

This represents a 10% increase compared to previous records stolen in the first half of 2022. Furthermore, the amount is roughly equivalent to stolen funds throughout 2024.

“The first half of 2025 was a remarkable reminder of how vulnerabilities in the crypto ecosystem were highlighted,” the report read.

TRM Labs noted that most of the stolen funds in the first half of 2025 (over 80%) were attributed to infrastructure attacks. This includes tactics such as stealing private keys and seed phrases and compromises on the platform frontend. On average, these incidents caused ten times the loss of other attacks, highlighting their distinctive impact on the crypto ecosystem.

“Infrastructure attacks refer to attack technologies that target the technical backbone of digital asset systems and reintroduce unauthorized control, misleading users, or assets. They are often made possible through social engineering or insider access, and these violations reveal significant weaknesses on the basis of encryption,” TRM added.

The company also revealed that protocol exploits account for 12% of the funds stolen. This includes flash loans and re-entry attacks.

Malicious actors exploit vulnerabilities in the underlying logic or smart contracts of blockchain protocols. This allows you to extract funds and destroy the functions of the system.

Meanwhile, hackers stole over $100 million in January, April, May and June. However, the industry witnessed its biggest loss in the Bybit Hack in February. Beincrypto reported that North Korean Lazarus group stole $1.5 billion from the exchange.

“This incident alone accounted for nearly 70% of the total losses so far this year, pushing the average hack size to nearly $30 million, twice the average of $15 million in H1 2024,” the report said.

It is important to note that Bibit violations are not isolated incidents for North Korea-related groups. In fact, the state-sponsored groups are tied to many well-known hacks.

TRM Labs noted that the group belonging to North Korea is behind the total stolen funds of $1.6 billion. Furthermore, the report highlighted the increasing use of crypto hacks by actors from other states as a tool for geopolitical leverage.

The latest Nobitex hack is an example of this. On June 18, Pro Israeli hacking group Gonjeshke Darande (predatory Sparrow) targeted Iran’s biggest crypto exchange, resulting in losses of over $90 million.

“Events like this highlight how digital asset theft can become a secret tool for geopolitical conflicts and national policy,” TRM Labs added.

To combat these exploits, TRM Labs proposed a multi-layered defense strategy. Recommendations include regular security audits, multifactor authentication (MFA), and cold storage use.

The company highlighted the need for sophisticated defense against state-level threats, including improved insider threat detection and social engineering measures. Finally, TRM Labs highlighted the importance of global cooperation between law enforcement, financial information units, and blockchain intelligence companies to track stolen funds and prosecute cybercriminals.