Crypto investors have endured an unprecedented storm in the first half of 2025, losing over $2.1 billion to an onslaught of hacks and cyber exploits—an ominous record in the digital currency’s tumultuous history. With attacks skyrocketing by 10% from their previous high in 2022, the latest report from TRM Labs reveals a disturbing trend: nation-states, particularly North Korea, are increasingly implicated in these digital heists.
North Korea’s Digital Onslaught
The narrative of 2025’s crypto security crisis is dominated by North Korea, whose cyber operatives are attributed with stealing a staggering $1.6 billion, or 70% of this year’s total illicit gains. February was marked by a seismic event in the crypto world—the Bybit hack. This audacious cyber raid, now attributed to North Korean hackers, saw $1.5 billion vanish into the digital ether, setting a grim new record for the largest crypto theft to date. As explored in our recent coverage of North Korean hackers targeting top crypto firms with malware hidden in job applications, this incident is part of a broader strategy involving sophisticated infiltration techniques.
“The scale and precision of the Bybit hack has left the industry reeling,” remarked cybersecurity analyst John Darnell. “It’s a wake-up call that highlights the sophisticated nature of state-sponsored cybercrime.”
The implications of this breach extend beyond financial loss, with the average hack size soaring to $30 million, effectively doubling last year’s figures. Such a leap underscores the evolving threat landscape, where infrastructure-level breaches, rather than traditional smart contract exploits, have become the favored modus operandi. Private key thefts and front-end hijacks—often facilitated by insider access or social engineering—are proving extraordinarily lucrative.
A Global Cyber Chess Game
The crypto battlefield isn’t limited to North Korea’s exploits. June saw another significant breach with geopolitical undertones. On the 18th, a group purportedly linked to Israel, operating under the moniker Gonjeshke Darande (Predatory Sparrow), executed a $90 million heist from the Iranian exchange Nobitex. This cyber strike appears to be less about financial gain and more about political messaging, with stolen funds being sent to vanity addresses—essentially rendering them un-spendable.
“The use of vanity addresses in the Nobitex breach suggests a different motive,” explains Lydia Chen, a blockchain forensics expert. “It’s a digital act of defiance, a message woven into the fabric of the blockchain.”
Such incidents paint a complex picture of cyber warfare where digital exchanges become pawns in broader geopolitical struggles. While North Korea’s involvement in the crypto space continues to deepen, other state actors seem to be adopting similar tactics, raising the stakes in this global digital chess game. For a deeper dive into these tactics, see our coverage of North Korea targeting crypto workers with new info-stealing malware.
The Changing Face of Crypto Security
Looking at the broader landscape, the first six months of 2025 have demonstrated a clear shift in attack strategies. Whereas DeFi vulnerabilities, such as flash loan and reentrancy attacks, dominated headlines in 2021 and 2022, they now account for a mere 12% of losses. The pivot towards infrastructure-level attacks signals an evolution in hacker tactics, highlighting the necessity for robust security protocols at every layer of the crypto ecosystem.
“The attacks we’re seeing now are far more sophisticated,” noted Emily Tran, a blockchain security consultant. “It’s not just about exploiting code flaws anymore—it’s about infiltrating the very frameworks that support these systems.”
As we move into the latter half of 2025, the question on everyone’s mind is whether the industry can adapt swiftly enough to counter these escalating threats. With the stakes higher than ever, exchanges and investors alike must navigate a landscape fraught with peril, where the next breach could be just a click away.
The path forward for the crypto community remains fraught with uncertainty. While technological advancements offer new tools for securing digital assets, the relentless ingenuity of cybercriminals presents an ever-evolving challenge. The coming months will be critical in determining whether 2025 will be remembered as a turning point in crypto security—or merely a prelude to further upheaval.
Source
This article is based on: Crypto’s Worst Six Months Yet? North Korea Hacks Lead to $2.1B in Thefts
Further Reading
Deepen your understanding with these related articles:
- North Korea Targets Crypto Professionals With New Malware in Hiring Scams
- Decentralized Protocols Are Soft Targets for North Korean Hackers
- ‘Pro-Israel Hacker Group’ Drains, Burns $90 Million From Iranian Bitcoin Exchange
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
