Crypto Theft Hits Record $2.1 Billion in H1 2025

During the first six months of 2025, cryptographic flights reached an unprecedented billion dollars, establishing a new illicit activity record in cryptographic space.

This marks a significant escalation from previous years, with infrastructure attacks and actors sponsored by the State, in particular North Korea, resulting in an increase in losses.

The flight of crypto reaches new heights in H1 2025

In his latest report, TRM Labs, an intelligence company for the blockchain, revealed that between January and June 2025, the cryptography sector has undergone nearly 75 hacks and separate exploits. These attacks caused losses greater than $ 2.1 billion,

This represented an increase of 10% compared to the previous record of $ 2 billion stolen in the first half of 2022. In addition, the amount is almost equivalent to the stolen funds throughout 2024.

“The first half of 2025 gave a brutal reminder of the vulnerabilities of the crypto ecosystem,” said the report.

TRM Labs noted that most of the funds stolen in the first half of 2025 (more than 80%) result from infrastructure attacks. This includes tactics such as theft of private keys and seed phrases or compromising platforms. On average, these incidents have caused 10 times more losses than other attacks, highlighting their disproportionate impact on the cryptographic ecosystem.

“Infrastructure attacks refer to the attack techniques that target the technical backbone of the digital asset system to obtain unauthorized control, induce users induced in error or re -entertainment. Often activated by social engineering or access to the initiate, these violations expose critical weaknesses to the basis of cryptosecurity”, added TRM.

The company also revealed that protocol exploits represented 12% of stolen funds. This involves flash loans and reinforcement attacks.

The malicious actors exploit vulnerabilities in the underlying logic or the smart contracts of a blockchain. This allows them to extract funds or disturb the functionality of the system.

Meanwhile, the pirates stole more than $ 100 million in January, April, May and June. However, the industry witnessed the biggest losses in February with the Hack bybit. Beincrypto said the North Korean group Lazarus stole $ 1.5 billion on the Stock Exchange.

“This incident alone represented almost 70% of the total losses this year, pushing the average piracy size to almost $ 30 million – double the average of $ 15 million in H1 2024,” said the report.

It is important to note that the violation of the appeal is not an isolated incident for groups linked to North Korea. In fact, the groups sponsored by the state have been linked to many high -level hacks.

TRM Labs stressed that the groups affiliated to North Korea were behind $ 1.6 billion in the total stolen funds. In addition, the report stressed that other stakeholders in the state are increasingly using cryptographic hacks as a geopolitical lever tool.

The last Hack Nobitex is an example. On June 18, the pro-Israeli hacking group Gonjeshke Darande (Sparrow predator) targeted the greatest exchange of Iranian crypto, resulting in a loss of more than $ 90 million.

“Such events emphasize how the theft of digital assets becomes a secret instrument in geopolitical conflicts and national policy,” added Trm Labs.

To fight against these exploits, TRM Labs pleaded for a multilayer defense strategy. Recommendations include regular safety audits, multi-factory authentication (MFA) and the use of cold storage.

The company highlighted the need for advanced defenses against threats to the state level, such as improving the detection of initiates and countermeasures for social engineering. Finally, TRM Labs stressed the importance of global collaboration between the police, financial intelligence units and blockchain intelligence companies to follow the stolen funds and continue cybercriminals.