Rising Crypto Crimes: $2.1 Billion Losses in First Half of 2025
Recent data from TRM Labs revealed a skyrocketing increase in cryptocurrency thefts during the first half of 2025, surpassing $2.1 billion in losses through 75 breaches, exceeding the record set in the first half of 2022 by about 10%, and approaching the total stolen throughout 2024.
The breach of Bybit exchange in February 2025 dominated the scene, with losses reaching $1.5 billion, representing 70% of the total thefts in the first six months. Analysis by TRM Labs indicated that North Korea is likely behind this attack, underscoring the continued role of state-sponsored cyber attacks in threatening digital assets.
The average value per breach rose to $30 million, double the average in the first half of 2024 ($15 million). Despite the significant impact of the Bybit breach, other months such as January, April, May, and June saw thefts exceeding $100 million each, confirming the continuous spread of threats.
Estimates suggest that groups linked to North Korea stole around $1.6 billion (70% of the total). However, other incidents, like the attack on the Iranian exchange "Nobtex" in June 18, 2025, attributed to the group "Gonjeshke Darande" (The Predator Bird) associated with Israel, where over $90 million was stolen, indicate that other countries may resort to cryptocurrency breaches to achieve geopolitical goals.
According to the report, the attacking group claimed their target was the Iranian exchange for its role in "helping the Iranian regime evade sanctions and fund illicit activities".
Attacks on infrastructure (such as private key theft, recovery phrases, and front-end breaches) accounted for over 80% of the stolen funds, averaging ten times larger than other attacks. These attacks target technical weaknesses in cryptocurrency systems, often executed through social engineering or internal collusion.
In contrast, protocol vulnerabilities (like flash loan attacks and reentrancy) represented about 12% of the thefts, highlighting recurring weaknesses in decentralized finance (DeFi) platforms, exploited for fund theft or system disruption.
