North Korea Blamed for Over 70% of Total Crypto Losses
Crypto investors suffered losses exceeding $2.1 billion in the first half of 2025, making it the worst six-month period ever recorded for crypto-related security breaches. A total of 75 major hacking incidents were recorded, surpassing the previous H1 record set in 2022 by nearly 10%.
The most alarming statistic? North Korean-linked cyber groups accounted for $1.6 billion of these thefts — more than 70% of all losses this year.
Bybit Hack Becomes Largest Crypto Theft in History
At the heart of the crisis is the $1.5 billion exploit of the centralized exchange Bybit in February 2025. This single breach not only dwarfs past attacks but also skewed the year’s average hack size to $30 million, double the average in 2024.
This historic incident is now widely believed to have been executed by state-sponsored North Korean hackers, underlining how nation-states are increasingly weaponizing crypto infrastructure.
Geopolitical Hacking Expands Beyond North Korea
While North Korea dominates the headlines, state-linked threats are not limited to Pyongyang. On June 18, an attack on Iranian exchange Nobitex resulted in $90 million in stolen assets. The group behind the hack, allegedly Gonjeshke Darande (Predatory Sparrow) — linked to Israel — reportedly executed the attack as retaliation for sanctions evasion.
The stolen funds were sent to unspendable vanity addresses, indicating political motives rather than financial gain.
New Attack Vectors Drive Majority of Losses
A dramatic shift in tactics has occurred in 2025. Over 80% of stolen funds stemmed from infrastructure-level breaches, including:
- Private key thefts
- Front-end hijacks
- Social engineering
- Insider access
These approaches are now proving to be ten times more lucrative than traditional DeFi smart contract exploits. In contrast, only 12% of losses came from legacy vulnerabilities like flash loans and reentrancy bugs, which dominated in 2021–22.
Outlook: Crypto Security Faces Nation-State-Scale Threats
With the scale and sophistication of these attacks accelerating, crypto platforms face unprecedented pressure to reinforce infrastructure, internal controls, and incident response.
As state-backed actors become more active, the threat landscape in crypto is evolving rapidly — from opportunistic exploits to coordinated geopolitical operations.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.