Bad actors siphoned at least $2 billion from the crypto market in the first half of 2025, marking the largest theft ever recorded in the industry.
Since the start of the year, the cryptocurrency market has experienced several positive developments, including increasing institutional interest in cryptocurrencies and the Trump administration’s push for regulatory clarity in the sector.
However, the industry also had its fair share of negative incidents, particularly in crypto theft, which spiked tremendously in the first half of the year.
$2.1B Stolen in 75 Crypto Hacks
Leading blockchain intelligence company TRM Labs reported that malicious actors stole $2.1 billion across 75 separate exploits within the first six months of 2025.
The total amount siphoned in the first half of the year represents a 10% spike from the $2 billion stolen in H1 2022. With six months left before the year ends, the amount stolen this year nearly equals the $2.2 billion stolen in the whole of 2024.
Bybit Suffers Biggest Loss
Notably, the attack on Bybit, which resulted in losses totaling $1.5 billion, accounts for over 70% of the $2.1 billion stolen from the market this year. As previously reported, the FBI and crypto sleuths, including TRM, linked the Bybit hack to North Korean threat actors.
According to the latest report, North Korea–linked hackers were responsible for $1.6 billion of the $2.1 billion stolen in the first half of 2025.
Furthermore, the report also sheds light on another state-sponsored hacking incident recorded in H1 2025.
TRM claims that Predatory Sparrow, a hacking group affiliated with Israel, hacked Iran’s largest crypto exchange, Nobitex, for $90 million.
Following the hack, which occurred during the peak of the Israel-Iran war, Predatory Sparrow sent the funds to unspendable vanity addresses, suggesting the motive was not financial gain.
Hack Techniques and Safety Requirements
Meanwhile, the report noted that approximately 80% of the stolen funds were taken through infrastructure attacks. Specifically, it cited front-end breaches, as well as private key and seed phrase compromises, as the primary techniques used. Additionally, protocol exploits accounted for 12% of all recorded hacks in the first half of 2025.
Amid the spike in crypto heists observed in H1 2025, TRM Labs emphasizes the need to reinforce fundamental security measures, including enabling multi-factor authentication, utilizing cold storage for large crypto reserves, and conducting regular third-party audits.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
