Hackers looted an unprecedented $2.1 billion in cryptocurrency in just the first six months of 2025, a record-setting figure that underscores the evolving risks facing the industry, according to a new report from blockchain intelligence firm TRM Labs.
The report, H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats, published Friday, revealed that groups linked to North Korea accounted for roughly 70% of all stolen funds—approximately $1.6 billion.
That represents a 10% increase over the previous high watermark set in 2022 and highlights the growing role of state-sponsored hacking operations.
“North Korea has cemented its position as the most prolific nation-state threat actor in the crypto space,” TRM Labs researchers wrote.
“These thefts serve as a critical tool of statecraft, supporting the regime’s objectives despite international sanctions.”
Bybit Heist Reshapes Industry Risk Calculus
The surge in stolen assets this year was driven largely by a single event: the February breach of crypto exchange Bybit, which resulted in nearly $1.5 billion in stolen Ethereum and related tokens—the largest exploit in the sector’s history.
According to TRM Labs and separate investigations by wallet provider Safe, the attack stemmed from the compromise of a senior developer’s laptop. The incident occurred after the developer interacted with a malicious Docker project, a lightweight container application, which enabled attackers to access critical infrastructure.
Authorities and researchers have attributed the Bybit hack to North Korea’s Lazarus Group, one of the most notorious hacking collectives active in the crypto ecosystem.
“The February 2025 Bybit breach reshaped the narrative for the year, inflating average hack size and underscoring the strategic use of cybercrime by nation-states,” the report noted.
TRM said the episode demonstrated how a single infrastructure failure can cascade into catastrophic losses for platforms and their customers.
Strategic Hacking Over Simple Theft
U.S. officials have long accused the North Korean regime of using cyberattacks to fund weapons programs and prop up its heavily sanctioned economy.
This year’s record-setting exploits have reinforced concerns that North Korean hackers increasingly view the crypto sector as both a strategic battleground and a cash machine.
The report also underscored the prevalence of infrastructure-level compromises: 80% of the year’s stolen assets were tied to breaches involving stolen private keys, seed phrases, or other critical internal systems.
Security experts warn that the trend will likely continue as threat actors adapt and look for new points of entry across the crypto ecosystem.
Quick Facts
- Hackers stole $2.1 billion in crypto in H1 2025, the largest six-month total ever recorded.
- North Korean-linked groups accounted for roughly $1.6 billion of those losses.
- The $1.5 billion Bybit hack in February remains the biggest single crypto exploit in history.
- TRM Labs says 80% of the year’s stolen funds came from infrastructure breaches, not protocol exploits.
