Crypto Losses Exceed $2.1 Billion in H1 2025 Across 75+ Hacks

TRM Labs and CertiK have both published comprehensive reports detailing the state of crypto security in the first half of 2025, shedding light on the alarming scale of losses due to hacks, scams, and exploits. The industry has already suffered over $2.1 billion in damages across at least 75 distinct hacks and exploits during the first six months of the year, with $801 million of that occurring in Q2 alone.

This figure has already exceeded the $2.4 billion total losses recorded in all of 2024. Net losses for 2025, after accounting for funds returned by whitehat hackers or frozen by exchanges, stand at $2.29 billion—surpassing the $1.98 billion net losses from the entirety of 2024.

While these numbers paint a grim picture of the crypto security landscape, a deeper analysis reveals that two significant events—the Bybit breach and the Cetus Protocol exploit—account for a staggering $1.78 billion of the total losses. Excluding these two incidents, the remaining losses for 2025 amount to $690 million, suggesting that the broader trend may not be as dire as the raw figures initially indicate.

In terms of attack methods, private key compromises—a major vulnerability in 2024—have shown a noticeable decline throughout the first half of 2025. However, phishing attacks remain a persistent issue, with $410 million stolen across 132 incidents. Wallet breaches also continue to be a dominant threat, responsible for $1.7 billion in damages.

Analysis of Q2 2025’s Top 3 Crypto Security Incidents

The second quarter of 2025 was marked by several high-profile security breaches that contributed significantly to the losses observed this year. Here is a breakdown of the top three incidents:

1. Phishing Attack on BTC Whale ($330.7 million stolen)

In April 2025, a Bitcoin whale fell victim to a social engineering attack, resulting in the theft of approximately $330 million. The attacker laundered the stolen funds through six instant exchanges and converted the Bitcoin into Monero (XMR) to obscure the trail.

Thanks to collaborative efforts between ZachXBT and Binance, over $7 million of the stolen assets have been frozen, and two suspects have been identified. This incident underscores the ongoing threat of phishing attacks and the importance of vigilance in safeguarding private keys and sensitive information.

2. Cetus Protocol Exploit ($225.68 million stolen)

On May 22, 2025, Cetus Protocol, the largest DEX on the Sui blockchain, suffered a major security breach. The attacker exploited a vulnerability in the protocol’s smart contract architecture, specifically targeting its liquidity pool mechanisms. By deploying spoof tokens and manipulating price curves, the hacker managed to extract $225 million worth of digital assets.

However, Sui validators acted swiftly, freezing and recovering $162 million of the stolen funds through a governance proposal aimed at user repayment. This incident highlights the critical need for rigorous smart contract audits and robust security measures in DeFi platforms.

3. Nobitex Hack ($89.14 million stolen)

On June 18, 2025, Nobitex, Iran’s largest cryptocurrency exchange, reported a security breach that resulted in nearly $100 million in losses. The pro-Israel hacker group Gonjeshke Darande, also known as "Predatory Sparrow," claimed responsibility for the attack. The group released screenshots of wallets involved in the exploit and transferred the stolen funds to unspendable vanity addresses, effectively burning the assets. This act, widely viewed as symbolic, underscores the growing use of crypto hacks as tools for hacktivism and geopolitical messaging.

North Korea’s Role in State-Sponsored Crypto Hacks

A significant portion of the losses in H1 2025 can be attributed to state-sponsored attacks, with North Korea emerging as the most prolific nation-state threat actor in the crypto space.

North Korea-linked groups were responsible for $1.6 billion of the total stolen funds, representing approximately 70% of all thefts. This staggering figure, heavily influenced by the Bybit breach, underscores the Democratic People’s Republic of Korea’s escalating reliance on illicit cryptocurrency gains.

These funds are not only used to evade sanctions but also to finance strategic objectives, including its nuclear weapons program, making crypto theft a critical tool of statecraft for the regime.

While North Korea remains the dominant force in state-sponsored crypto hacks, other nation-states are also leveraging digital asset theft for geopolitical purposes. For example, the Nobitex hack by Gonjeshke Darande highlights how cryptocurrency theft is increasingly being weaponized as a covert instrument in geopolitical conflicts.

Expert Commentary and Industry Response

Ronghui Gu, co-fouder of CertiK, commented on the findings: “Although the overall figures are alarming, it's worth noting that the majority of losses in H1 2025 were the result of two high-impact incidents. Nevertheless, these results underscore the ongoing need for robust security measures and industry-wide vigilance.”

TRM Labs emphasized the urgent need for enhanced collaboration across the crypto industry to effectively counter theft and cybercrime. TRM added, “The path forward requires multifaceted collaboration. H1 2025’s record thefts are a stark call to action for a collective, sustained, and strategically aligned security posture — one prepared not just for crime, but for covert acts of statecraft.”