Major Cryptocurrency Thefts in First Half of 2025 Exceed All of 2024

Infrastructure exploits—targeting the technical backbone of crypto systems—and protocol attacks have driven nearly $2.1 billion in cryptocurrency thefts during the first six months of 2025, blockchain intelligence firm TRM Labs reported.

According to TRM Labs’ report, over 80% of the value stolen across 75 security incidents was attributable to infrastructure attacks, which on average extracted 10 times more assets than other methods. These attacks exploit foundational weaknesses, often leveraging social engineering, such as hijacking private keys or compromising user interfaces.

“These methods exploit foundational weaknesses in cryptosystems and are often amplified by social engineering.”

Protocol Flaws Fuel Illicit Activity

Protocol exploits, including flash loans and reentrancy attacks, accounted for an additional 12% of H1 2025 losses. These types of attacks target vulnerabilities in smart contracts or blockchain core logic to drain funds or disrupt operations.

Collectively, first-half thefts surpassed the record losses recorded in 2022 by approximately 10%, nearly equating the total of the previous year and underscoring a “concentrated threat” to digital assets.

*Losses in the first half of 2025 have already surpassed all of 2024 combined. Source: TRM Labs*

State-Sponsored Actors Dominate

The most significant single incident was North Korea’s February attack on Dubai-based exchange Bybit, a theft of $1.5 billion that represented nearly 70% of the total 2025 losses so far. This event also drove the average hack value to nearly $30 million, double the H1 2024 average.

Furthermore, other notable attacks, such as the June 18 exploitation of Iran’s largest crypto exchange, Nobitex, by the pro-Israel group “Predatory Sparrow,” contributed significantly to the damage, totaling $100 million.

TRM Labs identifies a “pivotal shift” in crypto hacking, suggesting escalating strategic intent from state actors and geopolitically motivated groups.

Call for Enhanced Security and Collaboration

TRM Labs recommends the crypto industry bolster fundamental security measures, implementing multifactor authentication, cold storage, frequent security audits, and specifically enhancing detection against insider threats and social engineering.

The firm also emphasizes the need for “multifaceted collaboration” among law enforcement, financial intelligence units, and blockchain intelligence providers to counter these sophisticated threats.

TRM Labs’ report presents the record H1 2025 thefts as a compelling call for “collective, sustained, and strategically aligned security posture.” By highlighting that these thefts prepare organizations “not just for crime, but for covert acts of statecraft,” it stresses the evolving nature of crypto security challenges.