Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks

The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.

According to recent report this marks a 10% increase over the previous H1 record set in 2022, and nearly equals the total crypto losses from all of 2024.

The $1.5B Bybit Breach: A Game-Changer

At the heart of 2025’s explosive figures is the $1.5 billion attack on Bybit, the Dubai-based exchange, in February. North Korea is assessed to be behind the breach, making it the largest crypto hack ever recorded. This single event contributed almost 70% of all funds stolen this year, pushing the average hack size to $30 million, double that of H1 2024.

But the trend extends beyond one event. Each month except March posted losses exceeding $100 million, reinforcing a broader, sustained threat to the crypto sector.

North Korea and the Rise of State-Sponsored Crypto Theft

According to analysts, North Korean-linked threat actors are responsible for $1.6 billion of the $2.1 billion total, cementing the regime’s role as crypto’s most prolific nation-state adversary. These funds are believed to support sanctions evasion and strategic programs like nuclear weapons development, making cryptocurrency theft a core tool of DPRK statecraft.

The landscape is broadening. On June 18, Israel-linked cyber group Gonjeshke Darande (Predatory Sparrow) allegedly breached Iran’s largest exchange, Nobitex, stealing over $90 million. Unlike traditional heists, the stolen assets were transferred to unspendable “vanity” addresses, suggesting symbolic or political motives rather than financial gain.

Read More:

Nasdaq Firm Makes First Crypto Move With Bittensor Acquisition

Infrastructure Attacks Dominate the Threat Landscape

More than 80% of funds stolen in H1 2025 came from infrastructure-level breaches — including private key thefts, front-end exploits, and compromised access points. These attacks are typically high-impact and often aided by social engineering or insider access.

Meanwhile, protocol exploits, such as flash loan and reentrancy attacks, made up 12% of losses. These continue to expose DeFi vulnerabilities, underscoring persistent smart contract risks.

A Call for Global Cybersecurity Coordination

2025 marks a turning point in crypto cybersecurity. With nation-state actors escalating both scale and sophistication, traditional defenses are no longer enough. Experts call for:

• Robust multi-layered protections: MFA, cold storage, and continuous audits
• Insider threat detection and social engineering countermeasures
• Global collaboration between law enforcement, financial intel units, and firms like TRM Labs

As crypto increasingly intersects with national security, the stakes grow higher. The first half of 2025 sends a clear warning: digital assets are now targets in geopolitical conflicts, and defending them requires a unified, global response.