
In a sobering revelation of the evolving threat landscape facing the digital asset ecosystem, blockchain intelligence firm TRM Labs has disclosed that over $2.1 billion worth of cryptocurrency was stolen in the first half of 2025 alone, spanning at least 75 high-profile hacks and exploits.
This staggering figure marks a 10 per cent surge over the previous first-half record set in 2022 and nearly eclipses the total stolen in all of 2024.
But beyond the monetary scale, the report reveals a deeper concern: a growing trend of state-sponsored cyber aggression weaponising crypto assets for strategic and geopolitical purposes.
The most devastating breach to date occurred in February when Dubai-based exchange Bybit lost $1.5 billion—the largest crypto heist in history.
TRM Labs attributes the attack to North Korean state actors, noting that the incident alone accounted for nearly 70 percent of total losses during the period and doubled the average hack size to $30 million.
“The Bybit hack redefined the threat landscape,” the report stated. “It exemplifies how digital asset theft has transcended criminal opportunism and morphed into a tool of statecraft.”
Indeed, North Korea-linked entities were responsible for an estimated $1.6 billion of the total stolen, further entrenching Pyongyang’s status as the most prolific nation-state threat actor in the crypto sphere.
Yet the menace is diversifying. On June 18, Iranian crypto exchange Nobitex was breached for over $90 million by a group reportedly linked to Israel, Gonjeshke Darande (Predatory Sparrow).
Unusually, the stolen funds were routed to unusable vanity addresses, underscoring symbolic and political motives rather than financial gain.
TRM Labs flagged this as a “disturbing shift,” with digital asset theft increasingly deployed as a weapon in asymmetric geopolitical conflict.
The report also found that more than 80 percent of losses stemmed from infrastructure breaches, including private key theft, seed phrase leaks, and front-end compromises— attacks typically ten times costlier than other vectors.
Meanwhile, DeFi exploits such as flash loan manipulations accounted for 12 percent of losses, reflecting persistent smart contract vulnerabilities despite years of scrutiny.
As digital currencies become enmeshed in global rivalries, TRM Labs warns that conventional cybersecurity approaches are now inadequate.
“Massive breaches, often tied to nation-state operations, require a new defence paradigm,” the firm asserted, urging industrywide adoption of advanced safeguards and cross-border collaboration among regulators and law enforcement.