Crypto theft has hit a record in the first half of 2025. Over $2.1 billion vanished in at least 75 hacks and exploits. That total tops the previous H1 high set in 2022 by about 10% and almost matches every dollar stolen in all of 2024. Major Theft Figures Revealed According to a TRM Labs report , hackers walked off with roughly $2.1 billion between January and June. They struck 75 separate times. That breaches the H1 2022 mark by about 10% and nearly equals the full‑year haul from 2024. Losses hit over $100 million in January, April, May and June. Those months show this threat isn’t limited to a one‑off event. Bybit Breach Overshadows All The largest single loss was the $1.5 billion February breach at Dubai‑based Bybit exchange. That attack alone accounted for nearly 70% of losses this year. It set the average size of hacks to nearly $30 million, twice the $15 million H1 2024 average. Even excluding Bybit , heists in excess of $100 million continue to occur. State Actors Driving Theft According to analyses, North Korea‑linked groups are behind about $1.6 billion of all stolen funds so far. That’s roughly 70% of the total. Experts say these thefts feed into the country’s sanction‑evasion schemes and weapons programs. At the same time, June 18 saw a roughly $90 million hack of Iran’s largest exchange, Nobitex. Security firms link that attack to Predatory Sparrow, a group said to work for Israel. They moved money into addresses with no private keys, hinting at a symbolic motive. Attack Methods And Security Steps Reports show infrastructure hacks —like private‑key thefts, insider jobs and front‑end hits—accounted for over 80% of stolen funds in H1. Those breaches tend to be about 10 times larger than attacks on smart contracts. Protocol exploits, such as flash‑loan and re‑entrancy bugs, made up another 12%. Smart contracts still carry risk, but they get patched faster than hidden back‑door or insider schemes. Industry experts say the rise in state‑backed thefts calls for stronger measures. Cold storage should be the norm. Multi‑factor authentication must cover all critical accounts. Frequent audits are a must. Beyond those basics, teams need insider‑threat programs and social‑engineering training. Global law enforcement, financial intelligence units and blockchain‑forensics firms like TRM Labs need to work closer than ever. Sharing alerts fast and tracing funds across borders can clamp down on these giant thefts. It’s a tall order, but as crypto grows more tied to national security, so does the need for a united defense. Featured image from Unsplash, chart from TradingView
