The crypto industry is grappling with a new wave of sophisticated cyberattacks, as $2.1 billion worth of digital assets were stolen across 75 incidents in the first half of 2025 alone, according to a recent report by blockchain intelligence firm TRM Labs.
A staggering 80% of the stolen funds stemmed from infrastructure-level exploits—including private key thefts, seed phrase compromises, and front-end hijacks. These types of attacks proved 10 times more lucrative on average than other hacking methods. Notably, centralized platforms took the biggest hit, once again spotlighting security vulnerabilities in the ecosystem’s core infrastructure.
Bybit Hack Drives Historic Losses
The lion’s share of the damage was caused by the $1.5 billion breach of Dubai-based exchange Bybit in February, widely attributed to North Korean state-sponsored hackers. The single event accounted for nearly 70% of all crypto losses in H1 2025, inflating the average hack size to $30 million—double the 2024 average for the same period.
This massive exploit also pushed the total H1 2025 crypto losses 10% higher than the previous record set in 2022. It is on track to rival or surpass 2024’s full-year loss figures, which hovered around the same total.
Nobitex and State-Driven Cyber Warfare
In a separate high-profile incident, Iranian exchange Nobitex suffered a $90 million hack on June 18. The breach was reportedly orchestrated by the group Gonjeshke Darande (Predatory Sparrow), which has been loosely linked to Israeli state interests. The group claimed to have sent the funds to unspendable vanity addresses, effectively removing them from circulation.
These politically charged cyberattacks indicate a worrying trend. TRM Labs noted that state-sponsored crypto hacks are increasingly being used as tools of geopolitical leverage, with North Korea remaining the most active player. However, incidents like Nobitex suggest other governments may be entering the space, turning digital assets into silent instruments of foreign policy.
Flash Loans and Smart Contract Exploits Still a Threat
While infrastructure attacks dominate, smart contract vulnerabilities still contributed 12% of overall losses. Common exploit vectors included flash loan attacks, re-entrancy bugs, and logic flaws in decentralized finance (DeFi) protocols. These types of attacks continue to undermine investor confidence in emerging DeFi platforms.
Despite rapid advancements in smart contract auditing and real-time monitoring tools, the DeFi space remains fragile due to composability risks and poor operational security practices.
Security Best Practices and Recommendations
TRM Labs emphasized the urgent need for enhanced security frameworks across both centralized and decentralized platforms. Key recommendations include:
- Multi-factor authentication
- Cold wallet storage for reserves
- Routine smart contract audits
- Internal threat detection and anti-social engineering measures
Without widespread adoption of these practices, the firm warns, crypto hacks will continue to rise in both frequency and geopolitical complexity.
For the latest updates on crypto security and blockchain forensics, visit TheCoinInfo.
