A Record-Breaking Half-Year for Crypto Hacks—With a Twist
The first six months of 2025 have been brutal for crypto security. According to TRM Labs, over $2.5 billion was stolen in hacks and exploits—the worst first half of any year on record. But here’s the thing: that staggering number isn’t quite what it seems.
One attack alone—a $1.5 billion breach of Dubai’s Bybit exchange in February—made up nearly 70% of the total. Without it, the numbers would still be bad, but not quite as eye-watering. Then again, that’s like saying a hurricane wasn’t so bad if you ignore the flooding. The damage is still real.
The Bybit Hack: More Than Just Money
The Bybit incident wasn’t just another crypto heist. TRM Labs and other security firms say it was carried out by North Korean state-backed hackers. That changes everything. It wasn’t just about stealing money; it was about funding a regime under heavy sanctions—possibly even its nuclear program.
All told, North Korean-linked groups were responsible for around $1.6 billion of the stolen funds this year. That’s a lot of money, no matter how you slice it. And while Bybit dominated the headlines, there were still 75 other attacks. January, April, and May each saw breaches topping $100 million. So yeah, the problem isn’t going away.
How These Hacks Are Happening
Most of the thefts—over 80%—came from infrastructure intrusions. Think weak private keys, sloppy seed phrase storage, or exchange front-ends with holes in them. Social engineering and insider threats played a role too. These aren’t sophisticated, cutting-edge attacks. They’re exploiting basic security flaws, which is almost worse.
Then there’s DeFi. Protocol-level exploits, like flash loan manipulations, made up another 12%. Smart contracts are still a weak spot, and hackers know it.
Crypto Hacks as Geopolitical Weapons
Here’s where things get even messier. Crypto theft isn’t just about money anymore—it’s becoming a tool in global conflicts. Take the attack on Iran’s Nobitex exchange. A group called Gonjeshke Darande (Predatory Sparrow), allegedly tied to Israel, stole $90 million. But here’s the kicker: they didn’t keep the money.
They sent it to addresses with no private keys, effectively burning it. Their public statement made it clear—this was about punishing Iran for using crypto to skirt sanctions. Not profit, just politics.
So what does all this mean? Crypto security isn’t just a tech problem anymore. It’s tangled up with international tensions, sanctions, and even warfare. And if the first half of 2025 is any indication, it’s only getting worse.
