2025’s Crypto Hacks Hit Record High—But There’s More to the Story
The first half of 2025 has been brutal for crypto security. A new report from TRM Labs shows over $2.5 billion stolen in hacks and exploits, making it the worst six-month period on record. But here’s the thing—that number isn’t quite what it seems.
One attack alone, a $1.5 billion breach of Dubai’s Bybit exchange in February, made up nearly 70% of the total. Without it, the figures would’ve been bad, but not historic. Still, even setting aside that outlier, the trend isn’t great. Around 75 other attacks happened, with several topping $100 million each. January, April, and May were particularly rough.
The Bybit Hack: A Geopolitical Twist
The Bybit incident wasn’t just another crypto heist. TRM Labs and other security firms tied it to North Korean state-backed hackers. That’s not entirely surprising—Pyongyang’s cyber operatives have been targeting crypto for years. But the scale here was different.
North Korea-linked groups are estimated to have stolen at least $1.6 billion so far in 2025. The money likely helps skirt international sanctions and fund, well, let’s just say it probably isn’t going toward public infrastructure.
Technically, most of these breaches weren’t all that sophisticated. About 80% of the losses came from exploiting basic security flaws—weak private keys, sloppy seed phrase storage, or exchange front-end vulnerabilities. Social engineering and insider threats played a role too. When these methods work, they *really* work, resulting in payouts ten times bigger than flashier, code-based attacks.
That said, DeFi wasn’t off the hook. Protocol-level exploits, like flash loan manipulations, still accounted for 12% of stolen funds. Smart contracts remain a weak spot, even if they’re not the biggest target anymore.
Crypto as a Weapon of War?
Here’s where things get weird. The Nobitex hack in Iran—a $90 million hit blamed on an Israeli-linked group called Gonjeshke Darande (Predatory Sparrow)—wasn’t about the money. The attackers openly admitted it, saying they targeted the exchange for helping Iran evade sanctions.
Then they did something unusual: they sent the stolen crypto to addresses with no private keys, effectively burning it. The message was clear—this was a political strike, not a cash grab.
It’s a strange new chapter. Crypto theft isn’t just crime or espionage anymore; it’s becoming another front in global conflicts. And if the first half of 2025 is any indication, we’re not prepared for what comes next.
