Crypto crime is reaching unprecedented heights in 2025, with a new report from blockchain intelligence firm TRM Labs revealing that more than $2.1 billion worth of digital assets have been stolen across at least 75 separate attacks in just the first half of the year. This staggering figure nearly matches the total stolen in all of 2024 and exceeds the previous first-half record set in 2022 by around 10%.
According to TRM’s latest Crypto Crime report, February 2025 alone accounted for the lion’s share of losses, driven by a massive $1.5 billion hack on Bybit. The magnitude of the Bybit breach means that a single month’s losses comprised nearly 70% of the total value stolen so far this year.
The report also identified January, April, May, and June as months with losses exceeding $100 million each, while only March saw a reprieve with lower-scale thefts.
North Korea’s Dominance in Crypto Heists
A defining and alarming finding in TRM’s report is the central role played by North Korea-linked hacking groups in this year’s crypto crime spree. The data suggests that these state-sponsored actors are responsible for approximately $1.6 billion of the total $2.1 billion stolen so far in 2025, or nearly 70% of all losses.
“We assess that North Korea-linked groups are responsible for $1.6 billion of the total amount stolen in the first half of 2025, representing about 70% of all stolen funds and cementing their position as the most prolific nation-state threat actor in the crypto space,” the report stated.
The Bybit attack in February, attributed to North Korea-affiliated hackers, illustrates the growing sophistication of these operations. While swift responses by the crypto community have complicated efforts by the attackers to launder the stolen funds, media outlets report that a significant portion of the assets will likely never be recovered.
TRM warns that funds stolen by North Korea are widely believed to finance Pyongyang’s weapons programmes, raising grave geopolitical concerns.
Crypto Hacks as Geopolitical Weapons
TRM’s findings also point to the rising use of digital asset theft as a covert tool in geopolitical conflicts. A striking example is the June 18, 2025, hacking of Nobitex, Iran’s largest crypto exchange. The attackers, linked to the Israeli-affiliated group Gonjeshke Darande, made off with more than $90 million in crypto.
But instead of laundering the stolen assets, the hackers transferred them to unspendable vanity addresses, effectively destroying the funds. “This act underscores how digital asset theft is becoming a covert instrument in geopolitical conflicts and national policy,” TRM’s report noted.
Infrastructure Vulnerabilities Drive Most Losses
A key insight from the TRM report is that infrastructure attacks continue to dominate the crypto crime landscape. The firm found that over 80% of the stolen funds in the first half of 2025 resulted from compromises involving private keys, seed phrases, or front-end infrastructure attacks.
Protocol exploits, meanwhile, accounted for about 12% of the losses, underscoring persistent weaknesses in decentralised finance (DeFi) smart contracts that remain attractive targets for cybercriminals.
Strengthening Defences Against State-Sponsored Cybercrime
With state-backed hackers intensifying their efforts, TRM’s report calls for urgent action by the crypto industry to bolster defences. The firm recommends reinforcing basic security practices such as multi-factor authentication (MFA), offline cold storage of digital assets, and frequent audits of security infrastructure.
Furthermore, TRM emphasises the need for improved systems to detect insider threats and better protection against increasingly sophisticated social engineering tactics.
As crypto adoption continues to grow worldwide, the report serves as a stark reminder of the evolving threats facing the industry and the high stakes of failing to secure decentralised financial systems against not only rogue criminals but also powerful nation-state adversaries.
