Record $2.1B in Crypto Stolen in 2025, Led by Infrastructure Hacks and State-Backed Attacks: TRM Labs
Cryptocurrency thefts have surged to unprecedented levels in 2025, with over $2.1 billion lost to hackers in just the first half of the year — marking the worst six-month period in crypto history, according to a new report by blockchain intelligence firm TRM Labs.
Infrastructure Weaknesses Dominate Attack Vectors
TRM Labs revealed that over 80% of the stolen crypto came from infrastructure-level exploits, including seed phrase thefts, front-end compromises, and protocol manipulation. These infrastructure-based hacks — spanning 75 incidents — were significantly more lucrative, with the average breach netting attackers 10 times more than typical cyberattacks.
“These methods exploit foundational weaknesses in cryptosystems and are often amplified by social engineering tactics,” the report stated. Infrastructure attacks typically target a protocol’s backend or user interface to manipulate asset flows or mislead users into compromising their credentials.
Smart Contract Exploits Still Active
In addition to infrastructure-based breaches, protocol-level exploits — such as flash loan attacks and re-entrancy bugs — accounted for 12% of the year’s total losses. These attacks specifically exploit weaknesses in a protocol’s smart contracts or core logic, aiming to extract funds or destabilize operations.
Losses Surpass 2022 Record, Nearly Match All of 2024
The total stolen in H1 2025 has already exceeded the previous record set in 2022 by 10%, and is on track to eclipse all of 2024’s losses, highlighting what TRM Labs describes as a “concentrated and evolving threat” to digital assets.
Notably, each of the months of January, April, May, and June saw crypto thefts exceeding $100 million, indicating a consistent upward trend.
Nation-State Attacks Dominate in Scale
A single state-sponsored attack in February made up the bulk of the damage: North Korea’s $1.5 billion hack of Dubai-based exchange Bybit, accounting for nearly 70% of total losses in 2025 so far.
That event alone doubled the average hack size to $30 million, compared to $15 million in the first half of 2024.
Adding to the geopolitical layer, Israeli-linked hacker group Predatory Sparrow (Gonjeshke Darande) exploited Iran’s largest crypto exchange, Nobitex, on June 18, intensifying concerns over state-level cyber warfare via blockchain.
TRM Labs Calls for Global Collaboration and Stronger Security
TRM Labs emphasized that addressing this growing threat demands “multifaceted collaboration” between crypto firms, global law enforcement, financial intelligence units, and cybersecurity organizations.
The firm also urged the crypto industry to adopt stronger defense practices, including:
-
Cold wallet storage
-
Multi-factor authentication (MFA)
-
Routine security audits
-
Insider threat detection
-
Resilience against social engineering
“H1 2025’s record thefts are a stark call to action,” TRM Labs concluded. “The industry must prepare not only for traditional crime, but also for sophisticated, covert acts of geopolitical disruption.”
