Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks

The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.

According to recent report this marks a 10% increase over the previous H1 record set in 2022, and nearly equals the total crypto losses from all of 2024.

The $1.5B Bybit Breach: A Game-Changer

At the heart of 2025’s explosive figures is the $1.5 billion attack on Bybit, the Dubai-based exchange, in February. North Korea is assessed to be behind the breach, making it the largest crypto hack ever recorded. This single event contributed almost 70% of all funds stolen this year, pushing the average hack size to $30 million, double that of H1 2024.

But the trend extends beyond one event. Each month except March posted losses exceeding $100 million, reinforcing a broader, sustained threat to the crypto sector.

North Korea and the Rise of State-Sponsored Crypto Theft

According to analysts, North Korean-linked threat actors are responsible for $1.6 billion of the $2.1 billion total, cementing the regime’s role as crypto’s most prolific nation-state adversary. These funds are believed to support sanctions evasion and strategic programs like nuclear weapons development, making cryptocurrency theft a core tool of DPRK statecraft.

The landscape is broadening. On June 18, Israel-linked cyber group Gonjeshke Darande (Predatory Sparrow) allegedly breached Iran’s largest exchange, Nobitex, stealing over $90 million. Unlike traditional heists, the stolen assets were transferred to unspendable “vanity” addresses, suggesting symbolic or political motives rather than financial gain.

READ MORE:

Nasdaq Firm Makes First Crypto Move With Bittensor Acquisition

Infrastructure Attacks Dominate the Threat Landscape

More than 80% of funds stolen in H1 2025 came from infrastructure-level breaches — including private key thefts, front-end exploits, and compromised access points. These attacks are typically high-impact and often aided by social engineering or insider access.

Meanwhile, protocol exploits, such as flash loan and reentrancy attacks, made up 12% of losses. These continue to expose DeFi vulnerabilities, underscoring persistent smart contract risks.

A Call for Global Cybersecurity Coordination

2025 marks a turning point in crypto cybersecurity. With nation-state actors escalating both scale and sophistication, traditional defenses are no longer enough. Experts call for:

• Robust multi-layered protections: MFA, cold storage, and continuous audits
• Insider threat detection and social engineering countermeasures
• Global collaboration between law enforcement, financial intel units, and firms like TRM Labs

As crypto increasingly intersects with national security, the stakes grow higher. The first half of 2025 sends a clear warning: digital assets are now targets in geopolitical conflicts, and defending them requires a unified, global response.

Kosta Gushterov

Kosta has been working in the crypto industry for over 4 years. He strives to present different perspectives on a given topic and enjoys the sector for its transparency and dynamism. In his work, he focuses on balanced coverage of events and developments in the crypto space, providing information to his readers from a neutral perspective.