Cryptocurrency theft has surged to unprecedented levels in the first half of 2025, with hackers stealing a staggering $2.1 billion worth of digital assets. This marks a 10% increase over the previous first-half record set in 2022 and nearly equals the total crypto losses from all of 2024, according to recent analysis.
At the heart of this year’s explosive figures is the February attack on Bybit, the Dubai-based crypto exchange, which resulted in a loss of $1.5 billion. Analysts assess that North Korean state-linked hackers were behind the breach, making it the largest single crypto hack ever recorded. This single event alone accounts for nearly 70% of all stolen funds this year, pushing the average size of a crypto hack in 2025 to $30 million, double the average seen during the same period last year.
North Korea’s Cyber Offensive Reshapes Crypto Security
The new data paints a stark picture of North Korea’s growing reliance on cryptocurrency theft as a means of circumventing international sanctions and funding strategic programmes. In total, North Korean threat actors are believed responsible for $1.6 billion of the $2.1 billion in stolen funds, cementing the regime’s status as the world’s most prolific nation-state crypto thief.
Experts warn that the scale of these thefts directly supports Pyongyang’s efforts to finance its nuclear weapons and missile programmes. By weaponizing cybercrime, North Korea has made crypto theft a central pillar of its statecraft, dramatically raising the stakes for the entire digital asset ecosystem.
“The threat landscape has fundamentally shifted,” said one analyst. “Crypto platforms now find themselves squarely in the crosshairs of geopolitical actors with nation-level resources and motivations.”
Beyond Financial Gain: Political Motives Emerge
While North Korea’s activity reflects a clear financial motive, recent incidents suggest state-backed crypto attacks are expanding into the realm of political warfare. On June 18, the Israel-linked cyber group Gonjeshke Darande, also known as Predatory Sparrow, allegedly breached Nobitex, Iran’s largest crypto exchange, stealing over $90 million.
Unlike conventional heists, the stolen assets were transferred to unspendable “vanity” address wallets with specific, often symbolic, patterns in their addresses. This suggests the goal was not financial gain but a political message, highlighting how digital assets are becoming new frontlines in geopolitical conflicts.
Infrastructure Breaches Drive Massive Losses
The report reveals that over 80% of the funds stolen in the first half of 2025 resulted from infrastructure-level breaches. These attacks, which include private key thefts, compromised front-end interfaces, and insider-assisted exploits, have proven the most devastating. Social engineering and insider access remain key enablers of these breaches, making them particularly difficult to predict or prevent.
Meanwhile, protocol-level exploits such as flash loan attacks and reentrancy bugs accounted for about 12% of losses. These incidents underscore ongoing vulnerabilities within decentralised finance (DeFi) platforms, which continue to struggle with smart contract security issues despite years of warnings from auditors and security firms.
A Call for Coordinated Global Defence
The scale and sophistication of these attacks mark 2025 as a turning point in crypto cybersecurity. Experts argue that traditional defences such as isolated technical fixes or company-level security protocols are no longer sufficient in the face of coordinated, state-sponsored campaigns.
“Digital assets are now directly implicated in geopolitical struggles,” said one industry insider. “Protecting them requires a unified, global approach that goes beyond the crypto industry itself.”
Recommendations include adopting robust, multi-layered security measures such as multi-factor authentication, extensive use of cold storage, and continuous smart contract audits. Additionally, stronger insider threat detection systems and social engineering countermeasures are critical to bolstering platform defences.
Perhaps most importantly, experts stress the need for global collaboration. Coordinated efforts among law enforcement agencies, financial intelligence units, and specialised cybersecurity firms like TRM Labs are increasingly essential. Without such collaboration, the risk remains that crypto platforms will remain easy targets for nation-state adversaries looking to exploit the largely unregulated and anonymous nature of digital assets.
The Stakes Have Never Been Higher
As cryptocurrencies become more deeply intertwined with national security and global politics, the stakes for investors, exchanges, and governments are rising. The events of the first half of 2025 send an unmistakable message: the era of crypto as a mere financial experiment is over. It has become a battlefield in international conflict, and defending it will require unprecedented cooperation and vigilance across borders and industries.
