H1 2025 ‘Marks a Pivotal Shift in Crypto Hacking’ – TRM Labs Report

“The first half of 2025 has delivered a stark reminder of the crypto ecosystem’s vulnerabilities,” according to the latest report by blockchain intelligence platform TRM Labs. It has surpassed the previous H1 crypto hacking record from 2022.

To be precise, the first half of this year lost more than $2.1 billion across at least 75 distinct hacks and exploits, TRM says. This is “a significant surge in illicit activity,” it warned. It is some 10% higher than the H1 2022 high. Moreover, it’s nearly equal to the total stolen amount over the entire year of 2024.

Therefore, this data “highlights an increasingly concentrated threat to digital assets.”

Source: TRM Labs

Furthermore, two factors fueled this amount: infrastructure attacks and state-sponsored activity. Notably, the infamous Bybit attack alone accounted for nearly 70% of the above total. Therefore, February saw the biggest hack in the history of crypto, with $1.46 billion gone.

Moreover, because of this one hack, the average hack size grew to nearly $30 million. This is double the USD 15 million average in the first quarter of 2024.

The report notes that the Bybit hack “massively skewed” the H1 2025 total, but that January, April, May, and June saw total thefts in excess of $100 million. This suggests “a broad, persistent threat.”

Therefore, based on these findings, “H1 2025 marks a pivotal shift in crypto hacking: escalating strategic intent from state actors and other geopolitically motivated groups,” TRM Labs says. “Massive breaches, often linked to nation-state operations, now demand more than traditional cybersecurity.”

Infrastructure Attacks Dominated the Crypto Hacking Landscape

The report notes that infrastructure attacks – which seek to gain unauthorized control, mislead users, or reroute assets, and are often boosted by social engineering or insider access – accounted for over 80% of stolen funds in H1 2025.

These include private key and seed phrase thefts, as well as front-end compromises. Moreover, infrastructure attacks were, on average, ten times larger than other attack types.

Next, protocol exploits, including flash loan and reentrancy attacks, accounted for 12%. These attacks target vulnerabilities in a blockchain’s smart contracts or core logic to steal funds or disrupt system behavior. They also show “persistent vulnerabilities in DeFi smart contracts.”

Meanwhile, the analysts also highlighted “the persistent and alarming role of state-sponsored crypto attacks.” Some of the most dangerous are North Korea-linked groups, such as the notorious Lazarus, which were also behind the Bybit incident.

These groups are responsible for $1.6 billion, or some 70%, of the total stolen amount in H1 2025. TRM Labs describes them as “the most prolific nation-state threat actor in the crypto space.” North Korea is leveraging illicit crypto gains not only to evade sanctions, but also “as an integral component of its statecraft.”

However, there are other significant threats, such as the Israel-linked group Gonjeshke Darande (aka Predatory Sparrow). This one hacked Iran’s largest crypto exchange, Nobitex, on 18 June, stealing $90 million. Not only that, but the group released the platform’s full source code, exposing users to further risk.

This attack suggests “other state actors may increasingly leverage crypto hacks for geopolitical ends,” TRM Labs says. The attackers transferred stolen funds to deliberately unspendable vanity addresses, suggesting political motives.

“As digital assets increasingly intertwine with national security, so too will the sophistication and geopolitical motives of their exploiters,” the report warns.

TRM concludes that “the path forward requires multifaceted collaboration.” This includes better cooperation among global law enforcement, financial intelligence units, and specialized blockchain intelligence firms.

The post H1 2025 ‘Marks a Pivotal Shift in Crypto Hacking’ – TRM Labs Report appeared first on Cryptonews.