$2.1B in Crypto Heists: TRM Labs Exposes H1 2025’s State-Sponsored Hacking Epidemic

Cybercriminals just raided the digital vault—and nation-states might be holding the keys. TRM Labs' latest bombshell reveals crypto theft surging to $2.1 billion in the first half of 2025, with shadowy government actors allegedly fueling the fire.

The New Cold War Goes Blockchain

Forget spy satellites—the hottest geopolitical weapons now fit in a crypto wallet. Cross-border attacks are bypassing sanctions, draining DeFi protocols, and leaving investigators chasing ghosts through mixers.

Wall Street's Ironic Nightmare

While traditional finance frets about 'volatility,' hackers are executing precision strikes that make hedge fund strategies look like playground bets. Maybe banks should start hiring these thieves—at least they deliver consistent returns.

The crypto underworld's half-year scorecard proves one brutal truth: In the arms race between builders and bandits, the bandits are winning—with taxpayer-funded ammunition.

• TRM Labs confirmed that $1.6B in crypto losses were caused by North Korea-related hacks in H1 2025.
• The Bybit breach alone accounted for nearly 70% of H1 2025 crypto losses, totaling $1.5B.
• Infrastructure attacks made up over 80% of stolen crypto funds in the first half of 2025.

The new report by blockchain intelligence company TRM Labs reported 75 incidents involving stolen crypto assets worth more than $2.1 billion in the first half of 2025. This figure represents a 10% increase compared to the prior H1 record in 2022 and almost matches the 2024 total for the entire year. Targeted infrastructure attacks and increased state-sponsored cyber operations have contributed much to this surge.

TRM Labs points to the February hack of the Bybit exchange, which was reported as the largest hack in the history of cryptocurrencies. North Korean hackers caused the incident, which resulted in a loss worth $1.5 billion, accounting for nearly 70% of all stolen funds in H1. This one incident skewed the average hack size to $30 million, double the H1 2024 average of $15 million.

State-Sponsored Cyberattacks Dominate 2025 Crypto Breaches

According to TRM Labs, North Korea-affiliated groups have been responsible for $1.6 billion in thefts alone or close to 70% of all funds stolen in the first half of 2025. Analysts view these attacks as a strategic tool for the Democratic People’s Republic of Korea (DPRK) to evade sanctions and fund its weapons program.

In addition to the Bybit hack, a hack on June 18 occurred on, Nobitex, Iran’s largest cryptocurrency exchange, which exposed more geopolitical interests. Hacker group Gonjeshke Darande, allegedly linked to Israel, took credit for the $90 million heist. The funds were sent to vanity wallet addresses that cannot be accessed, indicating the action was likely symbolic or politically motivated.

TRM Labs noted the hack occurred shortly after Israeli airstrikes on June 13 and just before Israel announced the arrest of three individuals allegedly spying for Iran. Two of the suspects were paid in cryptocurrency. The report suggests a possible intelligence connection, though Israeli officials have not confirmed it.

The Nobitex breach reflects a growing trend where digital asset theft becomes an extension of national conflict. Chainalysis reports that Nobitex serves a central role in Iran’s sanctioned financial network and has ties to previously identified illicit actors.

Infrastructure Breaches and Protocol Exploits Continue to Surge

According to TRM Labs, infrastructure attacks include seed phrase thefts, private key compromises, and front-end hijacks, accounting for over 80% of crypto losses in H1 2025. These attacks exploit system-level weaknesses and are often supported by social engineering tactics or insider involvement.

Furthermore, Protocol exploits accounted for about 12% of the stolen funds. These included flash loan manipulations and re-entrancy attacks that targeted smart contract vulnerabilities in decentralized finance (DeFi) platforms.

TRM Labs recommends urgent reforms in security practices across the crypto ecosystem. The firm’s analysts recommend increasing the use of cold storage, multi-factor authentication, and ongoing threat testing. It also emphasize on the importance of international cooperation between law enforcers, intelligence agencies, and blockchain forensic firms.

The number and scale of H1 2025 breaches suggest that crypto security has become a direct concern for national security. With geopolitical interests intensifying, digital asset platforms need to strengthen security to prevent both criminal entities and highly organized government-sponsored activities.