TL;DR
- Crypto hacks smashed records in H1 2025, with 75 incidents draining over $2.1 billion, 10% more than the previous half-year high and equal to all of 2024’s losses.
- A single February breach at a major Dubai crypto exchange stole $1.5 billion (70% of the total), doubling the average hack size to $30 million and ensuring every month saw at least $100 million vanish.
- Seed-phrase leaks and smart-contract exploits drove over 90% of thefts, with North Korea–linked groups behind $1.6 billion, spurring urgent calls for MFA, cold storage, and stricter audits.
The cryptocurrency world hit a grim milestone in H1 2025, with over $2.1 billion siphoned off through 75 separate hacks and exploits, according to a report. That figure surpasses the previous half-year record set in 2022 by roughly 10 percent and matches total losses from all of 2024.
Analysts point to a stark concentration of risk: a handful of colossal breaches now account for the lion’s share of stolen funds, signaling that larger platforms and more advanced attackers are reshaping the threat landscape.
Bybit Breach Overshadows Other Attacks
The main reason for this increase is the February hack of a major exchange in Dubai, which was responsible for a huge loss of $1.5 billion, making up almost 70% of the total losses during that time. This one event raised the average size of hacks to nearly $30 million, which is double the $15 million average from the first half of 2024.
Even with this exception, every month from January to June saw at least $100 million in total thefts, highlighting that despite one major incident, the threat continued to be widespread.
Seed Phrase Leaks and Front-End Flaws ExploiteD
In addition to crypto exchange breaches, attacks on infrastructure aimed at private keys and wallet seed phrases were the most common, accounting for more than 80% of stolen assets. Hackers used social engineering, insider collaboration, and weaknesses in front-end protocols to take over users’ recovery phrases and steal funds.
Protocol exploits, think flash loans, and re-entrancy attacks, accounted for another 12 percent of losses, exploiting vulnerabilities in smart contract logic. Together, these vectors expose persistent gaps in how wallets and DeFi projects safeguard their most critical security parameters.
State Actors and the Geopolitics of Crypto Crime
A deeper look at the culprits reveals a stark geopolitical dimension. North Korea–linked groups are behind roughly $1.6 billion of the stolen funds, using illicit gains to support state objectives. Meanwhile, other government-aligned operators have also embraced digital asset theft for strategic ends, from symbolic strikes on rival exchanges to covert fundraising.
This fusion of cybercrime and statecraft has prompted calls for a unified industry response: multifactor authentication, rigorous audits, cold storage prioritization, and advanced social engineering defenses are now viewed as essential to stemming the tide.
